EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Excluding multiple processes in AddFilterCallbackRule

Also by EldoS: SecureBlackbox
200+ components and classes for digital security, signing, encryption and secure networking.
Posted: 05/05/2015 13:53:42
by tbx (Basic support level)
Joined: 05/05/2015
Posts: 2

Is there a way to exclude multiple processes for a given rule using AddFilterCallbackRule?

For example, I want to add a rule to receive callbacks for C:\Users\test\*.* for every process except process1.exe, process2.exe, process3.exe.

I have tried adding multiple rules using AddFilterCallbackRule():


... but this does not work. I receive callbacks for all 3 processes.
Posted: 05/06/2015 03:03:32
by Vladimir Cherniga (EldoS Corp.)

Unfortunately, there is only one process name may be associated with unique filter mask value. This is a limitation of current version. Alternatively, You may use GetOriginatorProcess... user mode api to control filter callbacks execution.



Topic viewed 2248 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!