If the secure HTTPS connection is used to attach to the Sterling Control Center Engine the following folders are visible from the browser.
Access is not allowed on a non-secure connection.
This has been identified as a product defect under APAR IC90330
Diagnosing the problem
From the browser directories on the Sterling Control Center server install are accessible.
Resolving the problem
Apply the latest maintenance containing the fix from APAR IC90330 and follow the instructions on changing the \conf\services\jmx\JettyService.xml file with <dirAllowed>false</dirAllowed>