When using a storage device or a CD/DVD, it is normal to see many different access events. This is because there are actually many different applications accessing the device each time it is connected.
Some possible causes for these access events are:
- First the drive itself is accessed
- Then the Windows Explorer User Interface process (explorer.exe) will access it behind the scenes to enumerate devices
- Applications such as MS Word may access it to look for .doc files
- Antivirus software may scan the drive
- When a file is accessed, it will create an access event
- While editing a file, each time there is an auto save there will be a new access event
To find out the exact scope of the events that are created, you can do some testing on the computer or computers in question. This can easily be done by opening Windows event viewer, and watching the GFI EndPointSecurity Event Log as you insert devices and perform actions that utilize them.