EaseFilter File Protector

A file system filter driver library for protection

Menu
  • Home
  • Solutions
  • Programming
  • Order
  • Contact

EaseFilter File Protector Library

Download EaseFilter File Protector Library Setup File
Download EaseFilter File Protector Library Zip File

The EaseFilter file protector library can prevent your files from being accessed by unauthorized user. With the EaseFilter file protector library you can control the file I/O activities on file system level, capture file open, create, overwrite, read, write, query file information, set file information, query security information, set security information, file rename, file delete, directory browsing and file close I/O requests.

EaseFilter file protector library provides a comprehensive security solution for transparent file level encryption. It allows the file to be encrypted or decrypted transparently on-the-fly, every file will be encrypted with the unique encryption iv key, it can allow only authorized users or processes can access the encrypted files.

What can you do with the File Protector Library

Block the new file creation via configuring the access control flag of the filter rule

Example: Block the new file creation in folder c:\test

AddFileFilterRule(ALLOW_MAX_RIGHT_ACCESS&(~ALLOW_OPEN_WITH_CREATE_OR_OVERWRITE_ACCESS), L”c:\\test\\*”, 1);

Prevent your sensitive files from being copied out of your protected folder

Example: Prevent the files in folder c:\test from being copied out.

AddFileFilterRule(ALLOW_MAX_RIGHT_ACCESS&(~ALLOW_COPY_PROTECTED_FILES_OUT), L”c:\\test\\*”, 1);

Prevent your sensitive files from being modified, renamed or deleted

Example: Prevent the file from being modified, renamed or deleted in folder c:\test

AddFileFilterRule(ALLOW_MAX_RIGHT_ACCESS&(~(ALLOW_WRITE_ACCESS|ALLOW_FILE_RENAME|ALLOW_FILE_DELETE), L”c:\\test\\*”, 1);

Prevent your sensitive files from being accessed from the network computer

Example: Protect the files in folder c:\test, block the file access from the network.

AddFileFilterRule(ALLOW_MAX_RIGHT_ACCESS&(~ALLOW_FILE_ACCESS_FROM_NETWORK), L”c:\\test\\*”, 1);

Hide your sensitive files to the specific processes or users

Example: Hide the files in folder c:\test for process “explorer.exe”

AddFileFilterRule(ALLOW_MAX_RIGHT_ACCESS|HIDE_FILES_IN_DIRECTORY_BROWSING, L”c:\\test\\*”, 1); AddIncludeProcessNameToFilterRule(L”c:\\test\\*”,L”explorer.exe”); AddHiddenFileMaskToFilterRule(L”c:\\test\\*”,L”*.*”);

Reparse your file open from one location to another location.

Example: Reparse the file open in folder c:\test to another folder c:\reparseFolder”

AddFileFilterRule(ALLOW_MAX_RIGHT_ACCESS|REPARSE_FILE_OPEN, L”c:\\test\\*”, 1); AddReparseFileMaskToFilterRule(L”c:\\test\\*”,L”c:\\reparseFolder\\*”);

Allow or deny the specific file I/O operation via registering the specific I/O callback routine based on the process name, user name or the file I/O information.

Example: Register the PRE_CREATE, PRE_SETINFORMATION I/O for folder c:\test, you can allow or deny the file opern, creation, deletion, rename in the callback routine.

AddFileFilterRule(ALLOW_MAX_RIGHT_ACCESS, L”c:\\test\\*”, 1); RegisterControlToFilterRule(L”c:\\test\\*”,PRE_CREATE|PRE_SET_INFORMATION);

Authorize or De-authorize the file access rights (read,write,rename,delete..) to the specific processes or users.

Example: Set the full access rights to the process “notepad.exe”, set the readonly access rights to the process “wordpad.exe”, remove all the access rights to other processes.

AddFileFilterRule(LEAST_ACCESS_FLAG, L”c:\\test\\*”, 1); AddProcessRightsToFilterRule(L”c:\\test\\*”,L”notepad.exe”,ALLOW_MAX_RIGHT_ACCESS); AddProcessRightsToFilterRule(L”c:\\test\\*”,L”wordpad.exe”,ALLOW_MAX_RIGHT_ACCESS&(~(ALLOW_OPEN_WITH_CREATE_OR_OVERWRITE_ACCESS|ALLOW_WRITE_ACCESS|ALLOW_FILE_RENAME|ALLOW_FILE_DELETE|ALLOW_SET_INFORMATION));

Settings

To start the filter driver, first you need to add the filter rule in the settings, then the filter driver will know which file to be managed.

1. Add filter rule

To manage the files, add the include file filter mask with wild card characters, if you want to have exception for thi filter mask, then add the exclude file filter mask, or let it empty.

You can have multiple filter rules, every include file filter mask must be unique, every include file filter mask can have multiple exclude file filter masks.

When the users acess the files, the filter driver will check the filter rules, if the file matches the include file filter mask of the file rule, then it will check if there are exclude file filter masks in this filter rule, if the file matches the exclude file filter mask, then this file won’t be managed, or this file will be managed.

To control the file access for this filter rule, you can select or unselect the access rights as below:

2. Protected processes

To prevent the processes being terminated, you can add the process Id here, remove it if you want to unprotect it.

3. Include processes

If you only want to manage the files from the specific processes, then add the process Id here, or let it empty, it will include all the processes.

4. Exclude processes

If you don’t want to manage the files from the specific processes, then add the process Id here, or let it empty, it won’t exclude any process.

5. Register the I/O requests

To select the I/O requests you want to manage, so the console will display the I/O information when the filter driver capture the I/O request.

5. Display the file change events only

If you don’t want to dispaly so many I/O requests, for the quick setting, you can only display the file change I/O requests when the file change events were selected.

6. Log the file I/O request filter messages

Check the “Log filter message” check box, then the filter I/O request information will be logged to a file.

Start Protector

After start the protector, in the console, you will see the I/O information as below:

From the console, you can see these information:

1. Time : the transaction time fo the I/O operation.

2. User name: the user who access the file, if it is from remote server, it will add the extra message “the file access from remote server”.

3. Process name and process Id: the process which access the file and initiate this I/O request.

4. ThreadId: the thread which access the file and initiate this I/O request.

5. I/O request name: the I/O request name.

6. FileObject: it is similar to file handle concept, every file open, the system I/O manager will gernate a unique file object till the file handle was closed.

6. File name: the file name which was associated to this I/O request.

7. File size: the file size of the file which was accessed..

8. File attributes: the file attributes of the file which was accessed.

9. Last write time: the last write time of the file which was accessed.

10. Return status: the return I/O status, it shows the I/O result if it was return with success, warning or error code.

11. Description: the description shows the extra detail information of the I/O request. a. file was deleted, b. file was renamed, c. new file was created. d. the query data information.

Recent Posts

  • A File Protector Library

EaseFilter File Protector 2021 . Powered by WordPress