EaseFilter File System Filter Driver SDK 4.0.1.0

Advertising
Software information
Platform:
Windows 7/Vista/XP/Server
Publisher:
EaseFilter Inc.
Price:
$1499
File size:
3.05 Mb
Date added:
March 26, 2015
Screenshot:
Product page:
Description from the Publisher

It is always very important to protect your company’s confidential and sensitive data, although you can apply the NTFS security and firewall policies, it might not provide enough information to you , you still want to know who accesses the files, including the user name and process name, and you also want to know which file was accessed and when this file was accessed. If a file was modified, you also want to know who modified it and what content was changed. You want to get the alert for any unauthorized file access in real-time. The Windows File System Filter Driver can create a secure file access environment, protecting data from unauthorized access and distribution, and create the change auditor for Windows File Servers proactively tracks, audits, reports and alerts on vital changes in real time and without the overhead of native auditing. You will instantly know who made what change, and get the original and current values for fast troubleshooting.

A file system filter driver intercepts requests targeted at a file system or another file system filter driver. By intercepting the request before it reaches its intended target, the filter driver can extend or replace functionality provided by the original target of the request. File system filtering services are available through the filter manager in Windows. The Filter Manager provides a framework for developing File Systems and File System Filter Drivers without having to manage all the complexities of file I/O. The Filter Manager simplifies the development of third-party filter drivers and solves many of the problems with the existing legacy filter driver model, such as the ability to control load order through an assigned altitude. A filter driver developed to the Filter Manager model is called a minifilter. Every minifilter driver has an assigned altitude, which is a unique identifier that determines where the minifilter is loaded relative to other minifilters in the I/O stack. Altitudes are allocated and managed by Microsoft.

What is the file access? The file access is an I/O operation to a file, there are two types of file access: read access and write access, read access will not change the file, write access will change the file data, file information or file security. To access a windows file, you have to invoke the Win32 API which was exported by Windows subsystems service, the most frequently used Windows API to a file is ”CreateFile”, “ReadFile”, “WriteFile”, “MoveFile”. “DeleteFile”. In this section, we will explain how to monitor and control these APIs with windows file system filter driver in detail.

I/O operations are layered, when a user application invokes a Win32 API, the I/O manager intercepts this call, sets up one or more I/O request packets (IRPs), and routes them through possibly layered drivers to physical devices, if a file system filter driver was installed and registered with the volume which the file was located, it can intercept this I/O, then the filter driver can pass through this I/O to next layer driver or complete this I/O. If the filter driver passes through this I/O, the filter driver can intercept this I/O request which comes back from the Windows file system if the post I/O operation was registered. If the filter driver completes this I/O, the request will not pass down to the Windows file system, the filter driver can return your won status and appropriate data to the user application.

The filter driver can register a preoperation callback routine, a postoperation callback routine, or both. When the filter driver intercepts the I/O request, it can get the caller’s process name, user’s SID (Security Identifier) which it can decode the user name, domain name, the filter driver also can get the current I/O information, the I/O type (create, read, write, rename, delete…), the file name and the file information ( file size, file time, file attributes…). If the filter driver only wants to monitor this I/O request, it can send those informations to the user, if the filter driver wants to control this I/O request, it can denied this I/O request, or modify the I/O data and return status.

The below figure shows how the EaseFilter driver monitors and controls the Windows file access, the EaseFilter SDK includes two parts, one part is the filter driver running in the Windows kernel, the other part is the user mode monitor and control module. Here is the steps for specific File_Create I/O request, normally most of the I/O requests start with a File_Create request to open or create a file first, then follow with other requests( read,write,delete…).

To develop file systems and file system filter drivers, use the Windows Driver Kit (WDK),which is provided by Microsoft. Even with the resources available in the Windows Driver Kit (WDK) developing file systems is certainly a challenge. To simplify your development and to provide you with a robust and well-tested file system filter driver that works with all versions and patch releases of the Windows operating systems supported by Microsoft, EaseFilter Inc. offers the file system filter driver SDK which provides a complete, modular environment for building active file system filters in your application. With the EaseFilter file system filter driver SDK, you can develop your own filter driver application with c++/c# or other languages.

EaseFilter File System Mini Filter Driver SDK is a mature commercial product. It provides a complete modular framework to the developers even without driver development experience to build the filter driver within a day. The SDK includes the modules from code design to the product installation, it includes all the basic features you need to build a filter driver:

  1. The communication module.
    It demonstrates how to set up the communication channel between the filter driver and your user mode application, send and receive the messages between them.
  2. The debug and trace module.
    You can print or trace the debug message with WPP trace module, and you also can use the system event log to log the information from the filter driver.
  3. The configuration module.
    This module shows how to manage the configuration setting for the filter driver, includes the managed folders.
  4. The file context module.
    This module demonstrate how to trace every file I/O request, with the user information, process information and file information.
  5. The I/O request packet handler module.
    This is the most important module, the SDK demonstrates how to intercept the I/O requests, modify the I/O data. It means you can build your own custom filter driver easily based on the SDK.
Users reviews & testimonials

This software is not reviewed yet.

Advertising
Product tags
sis 7012 driver, call for heroes, pos system, mie docs file managent, driver, justin bieber cam file, file, microsoft direct sound driver, urdu call 123, d33006 driver vga, invoicing system, file watch, windows xp system requirements, packet monitor, file monitor, monitor, driver d33006, justin bieber on cam file, rule, ef file catalog, driver key, acer driver 4750g xp, system mechanic, driver acer aspire 4750g for xp, driver 4750g xp, driver 4750g, driver backup, gegabyte motherboard driver, goldwave editor driver, teaching metric system, snmp monitor, canon driver, urdu123 call, hp pavilon dv6700 driver, flv directshow filter, file shredder, du monitor, driver simulator pesawat terbang, wssecure application monitor, driver acer 4750g for xp, tai driver d33006, call of duty, cdr file, metric system, behavior modification point system, driver vga d33006, usb driver, call of duty 4, call urdu123, bus driver, backup driver, vga d33006 driver, payroll system, gold price monitor, driver wifi, gsm modem driver 4.0.1710, invoice system, call, audio system, snap shots hospital system, d33006 driver, intel d33006 vga driver, filter briker, driver updater, bluetooth driver, file encrypter, acer 4750g xp driver, system utilities, driver modem gsm, driver utility, webcam driver, japanese school system, driver check, file locker, file sorter, anti filter gpass, pc camera driver, anti filter, ini file, operating system, 123 call, advance system care, system info, bootup system, refog terminal monitor, file cure, driver updates, mainmedia audio pitch directshow filter, mob filter, irrigation system, toshiba vga driver, 4750g driver xp, billing system, heart monitor, driver 4750g for xp, driver acer aspire 4750g, meteorology activities, personal finance activities, expert system designer, d33006 audio driver, blood bank system, math activities, hp 520 audio driver, driver acer 4750g xp, d33006 xp driver, codecanyon booking system, urdu 123 call, driver xp acer 4750g, decrypt, call from urdu123, vga driver, driver hp desjet1000, payroll system software, realtek audio driver, sound driver, quick time directshow filter, vb coding for petrol pump system, acer 4750g driver xp, quantam sound driver, motherboard driver, 123urdu call, driver card d33006, system, navigation system, driver acer aspire 4750g xp, booking system, file compressor, xp system requirements, system error detector, transparent, new file, driver xp acer 4750g for xp, audio driver, d33006 vga driver, driver d33006 video, monitor 2011 testy, post scrpit driver for pagemaker 6.5, driver bluetooth acer 4750g for xp, point system for behavior modification, driver for sound system, expandrive without encryption, bluetooth driver installer, driver hp deskjet f2280, hp 3535 driver, system report, system of a down ringtones, aspire 4750g driver for xp, video driver, file eraser, filter, lan driver, fly, d33006 ethernet driver, encryption package, content management system, encryption
Other downloads from this publisher

Secure File Sharing With Digital Rights Management.Safeguard file sharing without boundaries. Dynamically control file access,grant or revoke the file access control at any time even files were shared. Keep tracking and auditing to the shared files.

Protect your sensitive data with 256 bit encryption, prevent unauthorized access to sensitive files by unauthorized users or processes. Monitor the file access in real time and generate the autit logs for auditor.