I would like to be able to restrict access to certain files from certain processes how would I do that? What information about the accessing process do I have access to? Thank you for your assistance.

From the callback you can call GetOriginatorProcessName an GetOriginatorToken. Those functions let you determine the name and security rights of the process that attempts to perform the operation.

It makes sense to perform all security checks for file access only in OnOpenFile callback -- if the file can't be opened, obviously no other operations can be performed. You can use the above mentioned functions in other callbacks as well, of course.

BTW: For obtaining all the create/open events you must set to true the CallbackFileSystem.CallAllOpenCloseCallbacks flag.

Is there any performance issue on using the ProcessName instead of the ProcessID? It's not as simple to get normally.

String operations are slower indeed, yet there's more important thing to care about: with Process ID you can grant access to particular instance of the application running right now. With Process Name you grant access to all applications with given EXE name (either just a file name or a filename with path). There's one side-effect of permissions based on names - if one knows the allowed file name, he can rename his own EXE to the allowed name and get access this way. We plan to add certain flexibility to the process in future - add a callback which will let you test identity of the module trying to get access (verifying it's CRC or digital signature). Yet this doesn't save you from DLL injection (i.e. creating a DLL and injecting it into allowed process).

On a side note - it's a good idea to create new topics for separate questions.

Of course using ProcessName is slower, but the restriction is checked only during file creation and opening, which usually doesn't require to be as fast as possible (because usually a file is opened only once and then lots of other I/O operations, like read/write are performed on it).
The restriction check is done only during create/open operations because if they are failed then the originator process doesn't get a handle to the file and won't be able to perform any following operations on it.