I implemented a method to monitor the testfile copy activity and reject it using ES_EVENT_TYPE_AUTH_CLONE. The copy code used is as follows： NSFileManager *fileManager = [NSFileManager defaultManager]; NSError *error = nil; NSString *sourcePath = self.CopyFilePath.stringValue; NSString *destinationPath = [sourcePath stringByAppendingFormat:@"(Code copy file)"]; BOOL success = [fileManager copyItemAtPath:sourcePath toPath:destinationPath error:&error]; if (success) { NSLog(@"File copy successful"); } else { NSLog(@"File copy failure：%@", error.localizedDescription); } This code fires the ES_EVENT_TYPE_AUTH_CLONE event, and I treat the auth event as ES_AUTH_RESULT_DENY, but still create a new file testfile(Code copy file) How to prevent through code [fileManager copyItemAtPath: sourcePath toPath: destinationPath error: & error]; Implementation of the file copy