File Access Control And File Protector Filter Driver SDK

Download EaseFilter Data Protection Filter Driver SDK Setup File
Download EaseFilter Data Protection Filter Driver SDK Zip File
Understand EaseFilter Filter Driver SDK Programming

Develop File Protector Application With File System Filter Driver SDK

EaseFilter file system filter driver is a kernel-mode component that runs as part of the Windows executive above the file system. The EaseFilter file system filter driver can intercept requests targeted at a file system or another file system filter driver. By intercepting the request before it reaches its intended target, the filter driver can extend or replace functionality provided by the original target of the request. The EaseFilter file system filter driver can log, observe, modify, or even prevent the I/O operations for one or more file systems or file system volumes.

File Access Control and File Protection

The EaseFilter file protector can prevent your files from being accessed by unauthorized user. With the EaseFilter file protector you can control the file I/O activities on file system level, capture file open, create, overwrite, read, write, query file information, set file information, query security information, set security information, file rename, file delete, directory browsing and file close I/O requests.

EaseFilter file protector provides a comprehensive security solution for transparent file level encryption. It allows the file to be encrypted or decrypted transparently on-the-fly, every file will be encrypted with the unique encryption iv key, it can allow only authorized users or processes can access the encrypted files.

Protect file and control the file access with flexible filter rule configuration settings

To start the filter driver, first you need to add the filter rule in the settings, then the filter driver will know which file to be managed.

1. Setup file access control filter rule

To manage the files, add the include file filter mask with wild card characters, if you want to have exception for thi filter mask, then add the exclude file filter mask, or let it empty.You can have multiple filter rules, every include file filter mask must be unique, every include file filter mask can have multiple exclude file filter masks.

When the users acess the files, the filter driver will check the filter rules, if the file matches the include file filter mask of the file rule, then it will check if there are exclude file filter masks in this filter rule, if the file matches the exclude file filter mask, then this file won't be managed, or this file will be managed.

Prevent the file from being renamed, deleted, changed, written or read with the access flag setting.

2. Process protection.

To prevent the processes being terminated, you can add the process Id here, remove it if you want to unprotect it.

3. Authorize specific process access right by adding the access right to the process.

With the control filter driver, there are setting to add the access right to the specific process.

4.UnAuthorize the process access right by removing the access right to the process.

With the control filter driver, there are setting to remove the access right to the specific process.

5. Control the specific file I/O in real time.

By registering the specific IO, before the file I/O goes down to the file system, you can allow or block the I/O, modify the I/O data in the callback event.

5. Notify the file change with the register events.

If you don't want to monitor so many I/O requests, for the quick setting, you can only monitor the file change I/O requests when the file change events were selected.

6. Log the file I/O request filter messages

Check the "Log filter message" check box, then the filter I/O request information will be logged to a file.

Run the EaseFilter File Protector to demo how to do the file access control and file protection.

Start the protector service to display the file access information in the output console.

From the console, you can see these information:

1. Time : the transaction time fo the I/O operation.

2. User name: the user who access the file, if it is from remote server, it will add the extra message "the file access from remote server".

3. Process name and process Id: the process which access the file and initiate this I/O request.

4. ThreadId: the thread which access the file and initiate this I/O request.

5. I/O request name: the I/O request name.

6. FileObject: it is similar to file handle concept, every file open, the system I/O manager will gernate a unique file object till the file handle was closed.

6. File name: the file name which was associated to this I/O request.

7. File size: the file size of the file which was accessed..

8. File attributes: the file attributes of the file which was accessed.

9. Last write time: the last write time of the file which was accessed.

10. Return status: the return I/O status, it shows the I/O result if it was return with success, warning or error code.

11. Description: the description shows the extra detail information of the I/O request. a. file was deleted, b. file was renamed, c. new file was created. d. the query data information.

EaseFilter File Protector Examples in C#

The following example creates a filter rule to protect the directory specified at run time. The filter rule was set to protect the folder against the file being renamed, deleted, written. The component is registered with the create and delete IO callback event in the directory. If a file was opened or deleted, the event will be triggered, you can allow or block the IO in the event.

 
  
using System;
using EaseFilter.FilterControl;

namespace FileProtectorConsole
{
    class Program
    {
        static FilterControl filterControl = new FilterControl();

        static void Main(string[] args)
        {
            string lastError = string.Empty;
            string licenseKey = "Email us to request a trial key: info@easefilter.com";

            FilterAPI.FilterType filterType = FilterAPI.FilterType.MONITOR_FILTER|FilterAPI.FilterType.CONTROL_FILTER
                |FilterAPI.FilterType.PROCESS_FILTER|FilterAPI.FilterType.REGISTRY_FILTER|FilterAPI.FilterType.ENCRYPTION_FILTER;

            int serviceThreads = 5;
            int connectionTimeOut = 10; //seconds

            try
            {
                //copy the right Dlls to the current folder.
                Utils.CopyOSPlatformDependentFiles(ref lastError);

                if (!filterControl.StartFilter(filterType, serviceThreads, connectionTimeOut, licenseKey, ref lastError))
                {
                    Console.WriteLine("Start Filter Service failed with error:" + lastError);
                    return;
                }

                //the watch path can use wildcard to be the file path filter mask.i.e. '*.txt' only monitor text file.
                string watchPath = "c:\\test\\*";

                if (args.Length > 0)
                {
                    watchPath = args[0];
                }

                //create a file protector filter rule, every filter rule must have the unique watch path. 
                FileFilter fileProtectorFilter = new FileFilter(watchPath);

                //configure the access right for the protected folder

                //prevent the file from being deleted.
                fileProtectorFilter.EnableDeleteFile = false;

                //prevent the file from being renamed.
                fileProtectorFilter.EnableRenameOrMoveFile = false;

                //prevent the file from being written.
                fileProtectorFilter.EnableWriteToFile = false;

                //authorize process with full access right
                fileProtectorFilter.ProcessNameAccessRightList.Add("notepad.exe", FilterAPI.ALLOW_MAX_RIGHT_ACCESS);

                //you can enable/disalbe more access right by setting the properties of the fileProtectorFilter.

                //Filter the callback file IO events, here get callback before the file was opened/created, and file was deleted.
                fileProtectorFilter.ControlFileIOEventFilter = (ulong)(ControlFileIOEvents.OnPreFileCreate | ControlFileIOEvents.OnPreDeleteFile);

                fileProtectorFilter.OnPreCreateFile += OnPreCreateFile;
                fileProtectorFilter.OnPreDeleteFile += OnPreDeleteFile;

                filterControl.AddFilter(fileProtectorFilter);

                if (!filterControl.SendConfigSettingsToFilter(ref lastError))
                {
                    Console.WriteLine("SendConfigSettingsToFilter failed." + lastError);
                    return;
                }

                Console.WriteLine("Start filter service succeeded.");

                // Wait for the user to quit the program.
                Console.WriteLine("Press 'q' to quit the sample.");
                while (Console.Read() != 'q') ;

                filterControl.StopFilter();

            }
            catch (Exception ex)
            {
                Console.WriteLine("Start filter service failed with error:" + ex.Message);
            }

        }

        /// 
        /// Fires this event before the file was opened. 
        /// 
        static void OnPreCreateFile(object sender, FileCreateEventArgs e)
        {
            Console.WriteLine("OnPreCreateFile:" + e.FileName + ",userName:" + e.UserName + ",processName:" + e.ProcessName);

            //you can block the file open here by returning below status.
            e.ReturnStatus = NtStatus.Status.AccessDenied;

        }

        /// 
        /// Fires this event before the file was deleted.
        /// 
        static void OnPreDeleteFile(object sender, FileIOEventArgs e)
        {
            Console.WriteLine("OnPreDeleteFile:" + e.FileName  + ",userName:" + e.UserName + ",processName:" + e.ProcessName);

            //you can block the file being deleted here by returning below status.
            e.ReturnStatus = NtStatus.Status.AccessDenied;
        }
    }
}

About EaseFilter Inc.

EaseFilter Inc. is a company who specializes in windows file system filter driver development. It can provide architect, implement and test file system filter drivers for a wide range of functionalities. It also can offer several levels of assistance to meet your specific needs: Provide consulting service for your existing file system filter driver; Customize the SDK to meet your requirement; Create your own filter driver with SDK source code.

For more information please go to the website: www.easefilter.com

You can download the demo binary and example projects zip file here