Apparently Endnote creates sdb.9xx (where xx are numbers) files which are temporary files. When EndNote creates a sdb.911 file it caused our storage system to generate a ransomware violation alert, does not happen with other sdb.9xx files
.911 files are a known extension for ransomware. Can the product be patched to not generate these false alarms as ransomware violations are high priority to react to