Download EaseFilter File Protector Library Setup File Download EaseFilter File Protector Library Zip File
The EaseFilter file protector library can prevent your files from being accessed by unauthorized user. With the EaseFilter file protector library you can control the file I/O activities on file system level, capture file open, create, overwrite, read, write, query file information, set file information, query security information, set security information, file rename, file delete, directory browsing and file close I/O requests.
EaseFilter file protector library provides a comprehensive security solution for transparent file level encryption. It allows the file to be encrypted or decrypted transparently on-the-fly, every file will be encrypted with the unique encryption iv key, it can allow only authorized users or processes can access the encrypted files.
Block the new file creation via configuring the access control flag of the filter rule
Example: Block the new file creation in folder c:\test
AddFileFilterRule(ALLOW_MAX_RIGHT_ACCESS&(~ALLOW_OPEN_WITH_CREATE_OR_OVERWRITE_ACCESS), L”c:\\test\\*”, 1);
Prevent your sensitive files from being copied out of your protected folder
Example: Prevent the files in folder c:\test from being copied out.
AddFileFilterRule(ALLOW_MAX_RIGHT_ACCESS&(~ALLOW_COPY_PROTECTED_FILES_OUT), L”c:\\test\\*”, 1);
Prevent your sensitive files from being modified, renamed or deleted
Example: Prevent the file from being modified, renamed or deleted in folder c:\test
AddFileFilterRule(ALLOW_MAX_RIGHT_ACCESS&(~(ALLOW_WRITE_ACCESS|ALLOW_FILE_RENAME|ALLOW_FILE_DELETE), L”c:\\test\\*”, 1);
Prevent your sensitive files from being accessed from the network computer
Example: Protect the files in folder c:\test, block the file access from the network.
AddFileFilterRule(ALLOW_MAX_RIGHT_ACCESS&(~ALLOW_FILE_ACCESS_FROM_NETWORK), L”c:\\test\\*”, 1);
Hide your sensitive files to the specific processes or users
Example: Hide the files in folder c:\test for process “explorer.exe”
AddFileFilterRule(ALLOW_MAX_RIGHT_ACCESS|HIDE_FILES_IN_DIRECTORY_BROWSING, L”c:\\test\\*”, 1); AddIncludeProcessNameToFilterRule(L”c:\\test\\*”,L”explorer.exe”); AddHiddenFileMaskToFilterRule(L”c:\\test\\*”,L”*.*”);
Reparse your file open from one location to another location.
Example: Reparse the file open in folder c:\test to another folder c:\reparseFolder”
AddFileFilterRule(ALLOW_MAX_RIGHT_ACCESS|REPARSE_FILE_OPEN, L”c:\\test\\*”, 1); AddReparseFileMaskToFilterRule(L”c:\\test\\*”,L”c:\\reparseFolder\\*”);
Allow or deny the specific file I/O operation via registering the specific I/O callback routine based on the process name, user name or the file I/O information.
Example: Register the PRE_CREATE, PRE_SETINFORMATION I/O for folder c:\test, you can allow or deny the file opern, creation, deletion, rename in the callback routine.
AddFileFilterRule(ALLOW_MAX_RIGHT_ACCESS, L”c:\\test\\*”, 1); RegisterControlToFilterRule(L”c:\\test\\*”,PRE_CREATE|PRE_SET_INFORMATION);
Authorize or De-authorize the file access rights (read,write,rename,delete..) to the specific processes or users.
Example: Set the full access rights to the process “notepad.exe”, set the readonly access rights to the process “wordpad.exe”, remove all the access rights to other processes.
AddFileFilterRule(LEAST_ACCESS_FLAG, L”c:\\test\\*”, 1); AddProcessRightsToFilterRule(L”c:\\test\\*”,L”notepad.exe”,ALLOW_MAX_RIGHT_ACCESS); AddProcessRightsToFilterRule(L”c:\\test\\*”,L”wordpad.exe”,ALLOW_MAX_RIGHT_ACCESS&(~(ALLOW_OPEN_WITH_CREATE_OR_OVERWRITE_ACCESS|ALLOW_WRITE_ACCESS|ALLOW_FILE_RENAME|ALLOW_FILE_DELETE|ALLOW_SET_INFORMATION));
To start the filter driver, first you need to add the filter rule in the settings, then the filter driver will know which file to be managed.
1. Add filter rule
To manage the files, add the include file filter mask with wild card characters, if you want to have exception for thi filter mask, then add the exclude file filter mask, or let it empty.
You can have multiple filter rules, every include file filter mask must be unique, every include file filter mask can have multiple exclude file filter masks.
When the users acess the files, the filter driver will check the filter rules, if the file matches the include file filter mask of the file rule, then it will check if there are exclude file filter masks in this filter rule, if the file matches the exclude file filter mask, then this file won’t be managed, or this file will be managed.
To control the file access for this filter rule, you can select or unselect the access rights as below:
2. Protected processes
To prevent the processes being terminated, you can add the process Id here, remove it if you want to unprotect it.
3. Include processes
If you only want to manage the files from the specific processes, then add the process Id here, or let it empty, it will include all the processes.
4. Exclude processes
If you don’t want to manage the files from the specific processes, then add the process Id here, or let it empty, it won’t exclude any process.
5. Register the I/O requests
To select the I/O requests you want to manage, so the console will display the I/O information when the filter driver capture the I/O request.
5. Display the file change events only
If you don’t want to dispaly so many I/O requests, for the quick setting, you can only display the file change I/O requests when the file change events were selected.
6. Log the file I/O request filter messages
Check the “Log filter message” check box, then the filter I/O request information will be logged to a file.
After start the protector, in the console, you will see the I/O information as below:
From the console, you can see these information:
1. Time : the transaction time fo the I/O operation.
2. User name: the user who access the file, if it is from remote server, it will add the extra message “the file access from remote server”.
3. Process name and process Id: the process which access the file and initiate this I/O request.
4. ThreadId: the thread which access the file and initiate this I/O request.
5. I/O request name: the I/O request name.
6. FileObject: it is similar to file handle concept, every file open, the system I/O manager will gernate a unique file object till the file handle was closed.
6. File name: the file name which was associated to this I/O request.
7. File size: the file size of the file which was accessed..
8. File attributes: the file attributes of the file which was accessed.
9. Last write time: the last write time of the file which was accessed.
10. Return status: the return I/O status, it shows the I/O result if it was return with success, warning or error code.
11. Description: the description shows the extra detail information of the I/O request. a. file was deleted, b. file was renamed, c. new file was created. d. the query data information.