Process monitoring and protection

Posted by googlerank faster on January 29th, 2021

Process monitoring and protection

Prevent the untrusted executable binaries ( malwares) from being launched, protect your data being damaged by the untrusted processes. It also enables your application to get the callback notification for the process/thread creation or termination

Easefilter process filter driver is a kernel-mode driver that filters process/thread creation and termination, it provides you an easy way to develop Windows application for the Windows process monitoring and protection. With the EaseFilter Process Filter Driver, it enables your application to prevent the untrusted executable binaries ( malwares) from being launched, protect your data being damaged by the untrusted processes. It also enables your application to get the callback notification for the process/thread creation or termination, from the new process information you can get the parent process Id and thread Id of the new created process, you also can get the exact file name that is used to open the executable file and the command line that is used to execute the process if it is available.

Process monitor and protector library demo

1. Flexible filter rule configuration

Filter the process by process Id or wildcard process name, i.e. filter process name c:\test\*, it meant it will filter all processes which were launched from the folder c:\test.

2. Block the specific processes creation with the control setting "DENY_NEW_PROCESS_CREATION".

3. Get notification of the process or thread creation and termination. Monitor the process and thread the handle operations.

if you want to get the notification of the new process creation, enable the flag "PROCESS_CREATION_NOTIFICATION", if you want to get the notification of the process termination, enable the flag "PROCESS_TERMINATION_NOTIFICATION", if you want to get the notification of the process handle was created or duplicated, enable the flag "PROCESS_HANDLE_OP_NOTIFICATION", if you want to get the nofication of the new thread creation, enable the flag "THREAD_CREATION_NOTIFICATION", if you want to get the notification of the thread termination, enable the flag "THREAD_TERMINIATION_NOTIFICATION", if you want to get the notification of the thread handle was created or duplicated, enable the flag "THREAD_HANDLE_OP_NOTIFICATION".

4. Control the sepcific process file access priviliges.

Setup the specific file access rights to different file folders for the process. By default, set the least access rights for all files to the process, then if you want to allow the process to access some specific folders, add these folders with specific rights to the process as the below image, allow the process with read access to the folder c:\windows, allow full rights access to the folder c:\mysandbox.

About EaseFilter Inc.

EaseFilter Inc. is a company who specializes in windows file system filter driver development. It can provide architect, implement and test file system filter drivers for a wide range of functionalities. It also can offer several levels of assistance to meet your specific needs: Provide consulting service for your existing file system filter driver; Customize the SDK to meet your requirement; Create your own filter driver with SDK source code.

FOR MORE INFO VISIT OUR WEBSITE

https://www.easefilter.com/Forums_Files/Process-Monitor.htm

Like it? Share it!


googlerank faster

About the Author

googlerank faster
Joined: July 18th, 2020
Articles Posted: 77

More by this author