EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Applying rules to an specific process

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
#32222
Posted: 02/16/2015 14:28:54
by Gustavo Ricardi (Basic support level)
Joined: 06/02/2006
Posts: 4

Is it possible to either apply a filter to an specific process id (not its name), or at least to identify the origin of the callback/notification?

Thanks,
Gustavo Ricardi
#32225
Posted: 02/17/2015 02:38:18
by Volodymyr Zinin (EldoS Corp.)

You can use the "process restriction" feature. I.e. set the ProcessRestrictionsEnabled property to TRUE and use AddGrantedProcess to set allowed processes.
Another variant is to use GetOriginatorProcessId (as well as GetOriginatorProcessName and GetOriginatorToken), which is called from your OnCreate and OnOpen callbacks, and return ERROR_ACCESS_DENIED in the case the access isn't allowed. It causes the process, which is trying to access the storage, won't obtain a handle to the file/directory being opened and therefore won't be able to do any operations with it.
#32230
Posted: 02/17/2015 06:51:07
by Gustavo Ricardi (Basic support level)
Joined: 06/02/2006
Posts: 4

Sorry, I've just realised that this is the wrong product. I'm trying Callback Filter.
#32231
Posted: 02/17/2015 06:53:55
by Vladimir Cherniga (EldoS Corp.)

It is applied to Callback Filter as well.
Quote
Gustavo Ricardi wrote:
Sorry, I've just realised that this is the wrong product. I'm trying Callback Filter.
Quote
Volodymyr Zinin wrote:
Another variant is to use GetOriginatorProcessId (as well as GetOriginatorProcessName and GetOriginatorToken)
#32233
Posted: 02/17/2015 07:10:42
by Gustavo Ricardi (Basic support level)
Joined: 06/02/2006
Posts: 4

Yes I saw that. But I found that the process hangs when I try to use the shell on the same process of the callback filter. I posted this issue to the Callback Filter forum.
Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.

Reply

Statistics

Topic viewed 1613 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!