When using a storage device or a CD/DVD, it is normal to see many different access events. This is because there are actually many different applications accessing the device each time it is connected.
To find out the exact scope of the events that are created, some testing can be done on the computer or computers in question.
This can easily be done by opening the Windows Event Viewer, and watching the GFI EndPointSecurity Event Log as you insert devices and perform actions that utilize them.
Some possible causes for these access events are:
- The drive itself is accessed, and then the Windows Explorer User Interface process (explorer.exe) accesses it behind the scenes to enumerate devices.
- Applications such as MS Word may access drives to look for .doc files.
- Antivirus software may scan the drive.
- When a file is accessed, it will create an access event.
- While editing a file, each time there is an auto-save a new access event will be created.