EaseFilter文件訪問控制開發包

EaseFilter文件訪問控制開發包允許您實時監控或控製文件系統級別的文件 I/O 活動，防止您的敏感文件被未經授權的用戶或進程訪問。您可以在文件系統級別控製文件 I/O 活動，捕獲文件打開、創建、覆蓋、讀取、寫入、查詢文件信息、設置文件信息、查詢安全信息、設置安全信息、文件重命名、文件刪除、目錄瀏覽並提交關閉 I/O 請求。

EaseFilter File Access Control SDK 是Windows一個內核模式組件，作為 Windows 執行程序的一部分在文件系統之上運行。 EaseFilter 文件系統過濾驅動可以攔截針對一個文件系統或另一個文件系統過濾驅動的請求。通過在請求到達預期目標之前攔截請求，過濾器驅動程序可以擴展或替換請求的原始目標提供的功能。 EaseFilter 文件系統過濾器驅動程序可以記錄、觀察、修改甚至阻止對一個或多個文件系統或文件系統卷的 I/O 操作。

File Control

EaseFilter 文件保護器為透明文件級加密提供全面的安全解決方案。它允許文件在運行中透明地加密或解密，每個文件都將使用唯一的加密 iv 密鑰加密，它可以只允許授權用戶或進程才能訪問加密文件。通過註冊特定的 I/O 事件，您可以完全控制 I/O，您的回調函數將為每個註冊的 I/O 調用，您可以根據 I/O 信息允許、修改或阻止此 I/O。通過訪問權限設置，您可以在文件過濾規則中添加或刪除對特定進程或用戶的訪問權限。因此，您可以授權用戶或進程訪問您受保護的文件，您還可以防止您的受保護文件被未經授權的用戶或進程訪問。

要監控或保護您的文件夾，您需要設置多個文件過濾規則。在文件過濾規則中，你必須設置文件過濾掩碼，它是過濾規則的唯一索引，你可以設置哪些進程或用戶可以監控文件I/O，你可以通過過濾文件I/O文件打開選項，您可以註冊文件更改事件或註冊特定文件 I/O。

這是一個 C# 示例，用於演示如何使用 EaseFilter Control SDK。以下示例創建一個過濾規則來保護運行時指定的目錄。設置過濾規則是為了保護文件夾免受重命名、刪除、寫入文件的影響。組件在目錄中註冊創建和刪除 IO 回調事件。如果文件被打開或刪除，事件將被觸發，您可以在事件中允許或阻止IO。

file protector console


using System;
using EaseFilter.FilterControl;

namespace FileProtectorConsole
{
    class Program
    {
        static FilterControl filterControl = new FilterControl();

        static void Main(string[] args)
        {
            string lastError = string.Empty;
            string licenseKey = "Email us to request a trial key: info@easefilter.com";

            FilterAPI.FilterType filterType = FilterAPI.FilterType.MONITOR_FILTER|FilterAPI.FilterType.CONTROL_FILTER
                |FilterAPI.FilterType.PROCESS_FILTER|FilterAPI.FilterType.REGISTRY_FILTER|FilterAPI.FilterType.ENCRYPTION_FILTER;

            int serviceThreads = 5;
            int connectionTimeOut = 10; //seconds

            try
            {
                //copy the right Dlls to the current folder.
                Utils.CopyOSPlatformDependentFiles(ref lastError);

                if (!filterControl.StartFilter(filterType, serviceThreads, connectionTimeOut, licenseKey, ref lastError))
                {
                    Console.WriteLine("Start Filter Service failed with error:" + lastError);
                    return;
                }

                //the watch path can use wildcard to be the file path filter mask.i.e. '*.txt' only monitor text file.
                string watchPath = "c:\\test\\*";

                if (args.Length > 0)
                {
                    watchPath = args[0];
                }

                //create a file protector filter rule, every filter rule must have the unique watch path. 
                FileFilter fileProtectorFilter = new FileFilter(watchPath);

                //configure the access right for the protected folder

                //prevent the file from being deleted.
                fileProtectorFilter.EnableDeleteFile = false;

                //prevent the file from being renamed.
                fileProtectorFilter.EnableRenameOrMoveFile = false;

                //prevent the file from being written.
                fileProtectorFilter.EnableWriteToFile = false;

                //authorize process with full access right
                fileProtectorFilter.ProcessNameAccessRightList.Add("notepad.exe", FilterAPI.ALLOW_MAX_RIGHT_ACCESS);

                //you can enable/disalbe more access right by setting the properties of the fileProtectorFilter.

                //Filter the callback file IO events, here get callback before the file was opened/created, and file was deleted.
                fileProtectorFilter.ControlFileIOEventFilter = (ulong)(ControlFileIOEvents.OnPreFileCreate | ControlFileIOEvents.OnPreDeleteFile);

                fileProtectorFilter.OnPreCreateFile += OnPreCreateFile;
                fileProtectorFilter.OnPreDeleteFile += OnPreDeleteFile;

                filterControl.AddFilter(fileProtectorFilter);

                if (!filterControl.SendConfigSettingsToFilter(ref lastError))
                {
                    Console.WriteLine("SendConfigSettingsToFilter failed." + lastError);
                    return;
                }

                Console.WriteLine("Start filter service succeeded.");

                // Wait for the user to quit the program.
                Console.WriteLine("Press 'q' to quit the sample.");
                while (Console.Read() != 'q') ;

                filterControl.StopFilter();

            }
            catch (Exception ex)
            {
                Console.WriteLine("Start filter service failed with error:" + ex.Message);
            }

        }

        /// 

        /// Fires this event before the file was opened. 
        /// 

        static void OnPreCreateFile(object sender, FileCreateEventArgs e)
        {
            Console.WriteLine("OnPreCreateFile:" + e.FileName + ",userName:" + e.UserName + ",processName:" + e.ProcessName);

            //you can block the file open here by returning below status.
            e.ReturnStatus = NtStatus.Status.AccessDenied;

        }

        /// 

        /// Fires this event before the file was deleted.
        /// 

        static void OnPreDeleteFile(object sender, FileIOEventArgs e)
        {
            Console.WriteLine("OnPreDeleteFile:" + e.FileName  + ",userName:" + e.UserName + ",processName:" + e.ProcessName);

            //you can block the file being deleted here by returning below status.
            e.ReturnStatus = NtStatus.Status.AccessDenied;
        }
    }
}