Process Filter Driver SDK

Category: Blog 
Download EaseFilter Process Filter Driver SDK Setup File

Download EaseFilter Process Filter Driver SDK Zip File

What is the process filter driver


The Easefilter Process Filter Driver SDK is a kernel-mode filter driver development kit. It runs as part of the Windows executive above the file system. By intercepting the request before it reaches its intended target, the filter driver can extend or replace functionality provided by the original target of the request. The EaseFilter Process Filter Driver can monitor and control the Windows process activities.

Process monitoring and protection


The Easefilter Process Filter Driver SDK provides you an easy way to develop Windows security application to monitor the Windows process activities. You can get the notification of a new process creation or an existing process termination. It enables your application to prevent the untrusted executable binaries ( malwares) from being launched, protect your data being damaged by the untrusted processes.

File access monitoring and protection.


Bundle with the file access control filter driver, the Process Filter Driver allows you to monitor or control the file access based on the process name or process Id. It enables you to set the access right to the specific processes, allow or block the file access to the specific processes. It allows you to prevent your sensitive files from being accessed by the unauthorized processes.

A C# example to use the Process Filter Driver SDK


It is very simple to use the EaseFilter Process Filter Driver SDK. There is C# and C++ demo source code to demonstrate how to use the SDK. To monitor or control the Windows process activities, you need to create a filter rule first as below:

  1. Setup the process filter rule with process name filter mask or process Id.

  2. You can exclude processes by adding the excluded process name filter mask. It is optional.

  3. You can exclude the process who created by the specific users by adding the excluded user filter mask. It is optional.

  4. Setup the process access control flags. By setting the control flag, you can get the notification of the process creation or termination, deny the new process creation.


process filter rule

Here is the screenshot of the C# process demo application.

process screenshot

 
123456789101112131415

Leave a Reply

Your email address will not be published. Required fields are marked *