EldoS | Feel safer!

Software components for data protection, secure storage and transfer

IGNORE TRACKING A PARTICULAR APPLICATION'S EVENTS

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
#36058
Posted: 02/29/2016 08:16:46
by Vaishnavi Venkatraj (Basic support level)
Joined: 02/15/2016
Posts: 2

I am using the Callback Filter(Professional package). I would like omitting a specific application's events using the filter. Can your team assist me in ignoring the events of a particular application using the CALLBACK FILTER.Do you provide APIs for doing it? I tried the filter's addfilteraccessrule method, but doesn't seem to work. It would be nice if you could guide me with an example! Thanks in advance!
#36062
Posted: 02/29/2016 09:42:21
by Vladimir Cherniga (EldoS Corp.)

If you like to not filter events from specific application, then you should set a callback filter rule with a specific file mask and process name with '~', preceding that mask. For example,
Code
g_CbFlt.AddFilterCallbackRule("~process_name_to_exclude.exe | *.*, callback_filter_flags")
#36066
Posted: 02/29/2016 12:58:18
by Vaishnavi Venkatraj (Basic support level)
Joined: 02/15/2016
Posts: 2

I need to completely ignore the writes/any file creation done by a sample application like for eg:db server. So,as you said I specified the .exe file,I specified the READNOTIFY callback filter flag.But that doesn't seem to work. What callback filter flag should I specify to completely ignore the writes/open/create?
#36072
Posted: 02/29/2016 14:30:33
by Vladimir Cherniga (EldoS Corp.)

Quote
Vaishnavi wrote:
What callback filter flag should I specify to completely ignore the writes/open/create?

Obviously, you should set all needed flags in AddFilterRule() api. That is,
Code
      CallbackFilter::ReadNotify or
      CallbackFilter::WriteNotify or
      CallbackFilter::CreateNotify or
      CallbackFilter::OpenNotify

Alternatively, you may use PassThroughCallbackRule, with a process name specified, without '~' as a first symbol.
In the CallbackFiler versions before the last one, it was possible that some read/write callbacks originated from system process triggered with another process name, returned in GetOriginatorProcessName() call. But such behavior was changed in the last build, and now it show correct process name.

Reply

Statistics

Topic viewed 1899 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!