We have a server that we have deployed a File Access Control rule over a particular directory so that changes to files in that directory are denied. This works as intended for one exception.

1. Mount a windows share to the directory

2. Copy a local file to the share, overwriting an existing file

If you do those two steps, you have essentially "edited" the content of the file by replacing it with a different file of the same name. CSA reports NOTHING. CSA prohibits nothing. This is a major oversight of file access control.

Our deployment is operating in TEST mode so if you open/edit a file, CSA logs that the user would have been denied (intended result). If you mount a share and copy a file to the protected directory, OVERWRITING an existing file, CSA reports nothing.

If you replace an existing file (testfile.log), which has existing data, with a replacement (testfile.log) with "bogus" data, you have essentially edited that file, or rather replaced it, and the CSA "File Access

Control" / "Write" processes have no effect. That doesn't make any sense to me. No need to edit a file if you can outright replace it with one with data you wanted to edit, in the first place.

Has anyone else run into this bug? I have a TAC case opened to address this issue but am getting nowhere. Is there some different configuration rule I need to apply to control file overwrites?

We are able to overwrite any file and replace its data without CSA informing us of any events. Our File Access Control rule is currently for WRITE, not READ access to the directory.