es_respond_flags_result(client, msg, 0, true) to path /Users/Desktop/folder

I am playing around with Endpoint Security using demo code. I tried to handle AUTH open event on specific folder in my Desktop,set to deny all, but whenever I set this extension, I successfully get deny all on the folder as well as all other files and documents in the Users space.

static void
handle_open_worker(es_client_t *client, const es_message_t *msg)
{
    static const char *test_nnn = "/Users/myname/Desktop/endpoint_test/block_this_folder/";
    static const size_t nnn_length = sizeof(test_nnn) - 1;

     if (strncmp(msg->event.open.file->path.data, test_nnn, nnn_length) == 0) {
        es_respond_flags_result(client, msg, 0, true);
    }
    else {
		// Allow everything else...
		es_respond_flags_result(client, msg, 0xffffffff, true);
	}
}

why the code applies to all other files rather than only deny open on /Users/myname/Desktop/endpoint_test/block_this_folder/

I get the same result when I handle other AUTH such as rename or clone, which makes the system broke down. Why does it block all other user system rather than only blocking "block_this_folder"? Should I use different way to find the folder ID and use that method rather than using path?

es_respond_flags_result(client, msg, 0, true) to path /Users/Desktop/folder
 
 
Q