The software does not properly prevent access to, or detect usage of, alternate data streams (ADS).