The Process Filter Driver is a kernel-mode driver that filters process/thread creation and termination, it provides you an easy way to develop Windows application for the Windows process monitoring and protection.
You can register the process or thread events to monitor the process or thread activities.
- OnProcessCreation: Get the notification when the new process was created.
- NotifyProcessWasBlocked: Get the notification when the process creation was blocked.
- NotifyProcessTerminated: Get the notification when the process was terminated.
- NotifyThreadCreation: Get the notification when the new thread was created.
- NotifyThreadTerminated: Get the notification when the thread was terminated.
- NotifyProcessHandleInfo: Get the notification when the process handle operation happens.
- NotifyThreadHandleInfo: Get the notification when the thread handle operation happens.
With the Process Filter Driver, it allows you to prevent the untrusted executable binaries (malwares) from being launched, protect your data being damaged by the untrusted processes. It also enables your application to get the callback notification for the process/thread creation or termination, from the new process information you can get the parent process Id and thread Id of the new created process, you also can get the exact file name that is used to open the executable file and the command line that is used to execute the process if it is available.
With the process monitoring and protection example, it enables your application to prevent the untrusted executable binaries ( malwares) from being launched, protect your data being damaged by the untrusted processes. It also enables your application to get the callback notification for the process/thread creation or termination, from the new process information you can get the parent process Id and thread Id of the new created process, you also can get the exact file name that is used to open the executable file and the command line that is used to execute the process if it is available.
Read more about process filter example
| Product Name | Description |
|---|---|
| File Monitor SDK | EaseFilter File Monitor Filter Driver SDK Introduction. |
| File Control SDK | EaseFilter File Control Filter Driver SDK Introduction. |
| File Encryption SDK | EaseFilter Transparent File Encryption Filter Driver SDK Introduction. |
| Registry Filter SDK | EaseFilter Registry Filter Driver SDK Introduction. |
| Process Filter SDK | EaseFilter Process Filter Driver SDK Introduction. |
| Storage Tiering SDK | EaseFilter Storage Tiering Filter Driver SDK Introduction. |
| EaseFilter SDK Programming | EaseFilter Filter Driver SDK Programming. |
| Sample Project | Description |
|---|---|
| Auto File DRM Encryption | Auto file encryption with DRM data embedded. |
| Transparent File Encrypt | Transparent on access file encryption. |
| Secure File Sharing with DRM | Secure encrypted file sharing with digital rights management. |
| File Monitor Example | Monitor file system I/O in real time, tracking file changes. |
| File Protector Example | Prevent sensitive files from being accessed by unauthorized users or processes. |
| FolderLocker Example | Lock file automatically in a FolderLocker. |
| Process Monitor | Monitor the process creation and termination, block unauthorized process running. |
| Registry Monitor | Monitor the Registry activities, block the modification of the Registry keys. |
| Secure Sandbox Example | A secure sandbox example, block the processes accessing the files out of the box. |
| FileSystemWatcher Example | File system watcher, logging the file I/O events. |
- Understand MiniFilter Driver: https://www.easefilter.com/kb/understand-minifilter.htm
- Understand File I/O: https://www.easefilter.com/kb/File_IO.htm
- Understand I/O Request Packets(IRPs):https://www.easefilter.com/kb/understand-irps.htm
- Filter Driver Developer Guide: https://www.easefilter.com/kb/DeveloperGuide.htm
- MiniFilter Filter Driver Framework: https://www.easefilter.com/kb/minifilter-framework.htm
- Isolation Filter Driver: https://www.easefilter.com/kb/Isolation_Filter_Driver.htm
If you have questions or need help, please contact [email protected]