To find out the exact scope of the events that are created, some testing can be done on the computer or computers in question.
This can easily be done by opening the Windows Event Viewer, and watching the GFI EndPointSecurity Event Log as you insert devices and perform actions that utilize them.
- The drive itself is accessed, and then the Windows Explorer User Interface process (explorer.exe) accesses it behind the scenes to enumerate devices.
- Applications such as MS Word may access drives to look for .doc files.
- Antivirus software may scan the drive.
- When a file is accessed, it will create an access event.
- While editing a file, each time there is an auto-save a new access event will be created.