If Warning:

1. Review the list of files affected for user account IP address by selecting the link in the Files column.
2. The file list view shows files that triggered the security event. The last hour of files accessed by the user is shown, and should be reviewed for possible compromise or data recovery.

3. If the affected files are the result of normal file operations and not a malicious event, the event can be marked as resolved with the actions menu.(See Security Event Action State Descriptions section below).
4. If you need to flag as false-positive see instructions here on Flag As False Positive.
5. Security event closed and moved to the Event History tab.