On Feb 9th, Microsoft released Edge version 110.0.1587.41. With this version installed, we have seen DLP rules for web browsers trigger on files present on the Desktop. This is due to Edge reading every file on the desktop.
Development is investigating what setting or feature of Edge is triggering these file-read actions.
Update Feb 14:
Sophos development has confirmed that Edge version 110 is reading all the files located on the user's Desktop. They have also confirmed that Edge version 109 gathers a list of all files on the Desktop, but does not read them.
Sophos DLP scanning for Internet Browsers monitors file reads made by the browser process, and processes through the selected rules. As Edge is reading all the files on the desktop, the scan and potential detections is occurring correctly.
Sophos has reached out to Microsoft to provide clarity on this behavior of Edge.
What.
