Control over registry operations in Windows and .NET applications

Default rules

Default rules become active when CallbackRegistry driver is loaded during system boot. Such rules can be used to block access to files and directories for all processes without the need to start controlling application.

Default rules have lower priority than other rules: when your application starts and adds filtering or passthrough rules which "override" default rules (by having the same condition as the default rules), the default rules are not triggered. When the filtering or passthrough rule is removed, the default rule (which was "hidden" by the removed rule) becomes active again.

Note, that the default rule works only when the driver is loaded by the system, i.e. in safe mode (if the driver is not loaded) the rule won't work.

Back to top