EaseFilter Control Filter Driver SDK provides you a simple solution to develop Windows application to control the file access. To control the file access, you can setup the whitelisting and blacklisting for the processes or users, by setting the access rights to the specific processes or users.
EaseFilter Control Filter Driver SDK is a kernel-mode component that runs as part of the Windows executive above the file system. The EaseFilter file system filter driver can intercept requests targeted at a file system or another file system filter driver. By intercepting the request before it reaches its intended target, the filter driver can extend or replace functionality provided by the original target of the request. The EaseFilter file system filter driver can log, observe, modify, or even prevent the I/O operations for one or more file systems or file system volumes.
To control the file access rights with EaseFilter Control Filter Driver SDK, you just need to add the filter rule with the AccessFlag, by setting or unsetting the bit, it will add or remove the associated access rights as below:
-
- You can unset the bit “ALLOW_OPEN_WITH_CREATE_OR_OVERWRITE_ACCESS” to block the new file creation.
- You can unset the bit “ALLOW_READ_ACCESS” to block the file being read.
- You can unset the bit “ALLOW_WRITE_ACCESS” to block the file being written.
- You can unset the bit “ALLOW_FILE_RENAME” to block the file being renamed.
- You can unset the bit “ALLOW_FILE_DELETE” to block the file being deleted.
- You can unset the bit “ALLOW_SET_SECURITY_ACCESS” to block the file’s security being changed.
- You can unset the bit “ALLOW_SET_INFORMATION” to block the file’s attributes, file size being changed.
- You can unset the bit “ALLOW_FILE_ACCESS_FROM_NETWORK” to block the file being read from the network via SMB share path.
- You can unset the bit “ALLOW_COPY_PROTECTED_FILES_OUT” to block the sensitive files being copied out.
/// <summary>
/// Add the new filter rule to the filter driver.
/// </summary>
/// <param name="accessFlag">access control rights of the file IO to the files which match the filter mask</param>
/// <param name="filterMask">the filter rule file filter mask, it must be unique.</param>
/// <param name="isResident">if it is true, the filter rule will be added to the registry, get protection in boot time.</param>
/// <param name="filterRuleId">the id to identify the filter rule, it will show up in messageId field of messageSend structure if the callback is registered</param>
/// <returns></returns>
[DllImport("FilterAPI.dll", SetLastError = true)]
public static extern bool AddFileFilterRule(
uint accessFlag,
[MarshalAs(UnmanagedType.LPWStr)]string filterMask,
bool isResident,
uint filterRuleId );What is whitelisting? The users or processes in the whitelisting are the trusted users or processes, they have the enough privilege to access the files.
What is blacklisting? The users or processes in the blacklisting are the untrusted users or processes, they don’t have the privilege to access the files.
You can setup the file access rights by configure the whitelisting or blacklisting, you can use the API “AddProcessRightsToFilterRule” and “AddUserRightsToFilterRule” as below:
/// <summary>
/// Set the access rights to the specific process
/// </summary>
/// <param name="filterMask">the file filter mask of the filter rule</param>
/// <param name="processName">the process name will be added the access rights, e.g. notepad.exe or c:\windows\*.exe</param>
/// <param name="accessFlags">the access rights</param>
/// <returns>return true if it succeeds</returns>
[DllImport("FilterAPI.dll", SetLastError = true)]
public static extern bool AddProcessRightsToFilterRule(
[MarshalAs(UnmanagedType.LPWStr)]string filterMask,
[MarshalAs(UnmanagedType.LPWStr)]string processName,
uint accessFlags);
/// <summary>
/// Set the access control rights to specific users
/// </summary>
/// <param name="filterMask">the filter rule file filter mask</param>
/// <param name="userName">the user name you want to set the access right</param>
/// <param name="accessFlags">the access rights</param>
/// <returns></returns>
[DllImport("FilterAPI.dll", SetLastError = true)]
public static extern bool AddUserRightsToFilterRule(
[MarshalAs(UnmanagedType.LPWStr)]string filterMask,
[MarshalAs(UnmanagedType.LPWStr)]string userName,
uint accessFlags);