How does a Windows antivirus hook into the file access process?

by

In the recent versions of windows (at least XP onwards) there is the concept ‘filters’ which can be viewed using MS Filter Manager, (fltmc.exe from a command prompt)

This provides a low level I/O hook that AV programs can access and automatically register to be passed all I/O requests to the file system. It is a kit you can get the drivers for an develop your own filters for.

http://www.microsoft.com/whdc/driver/filterdrv/default.mspx is a starting place to get in depth info.

More Related Contents:

  1. Single line with multiple commands using Windows batch file
  2. How can I update npm on Windows?
  3. The application was unable to start correctly (0xc000007b)
  4. Ignoring directories in Git repositories on Windows
  5. GIT clone repo across local file system in windows
  6. What encoding are filenames in NTFS stored as?
  7. How can you zip or unzip from the script using ONLY Windows’ built-in capabilities?
  8. Run batch file as a Windows service
  9. windows batch SET inside IF not working
  10. Setup a Git server with msysgit on Windows [closed]
  11. Is there any way to detect the monitor state in Windows (on or off)?
  12. What’s the maximum number of threads in Windows Server 2003?
  13. How to check if a file exists from inside a batch file [duplicate]
  14. Windows ignores JAVA_HOME: how to set JDK as default?
  15. Windows command for file size only
  16. Privileges/owner issue when writing in C:\ProgramData\
  17. Increase Stack Size on Windows (GCC)
  18. git clone error: RPC failed; curl 56 OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 10054
  19. How do I set a Windows scheduled task to run in the background? [closed]
  20. Difference between wscript and cscript
  21. The root scratch dir: /tmp/hive on HDFS should be writable. Current permissions are: rw-rw-rw- (on Windows)
  22. CMake link shared library on Windows
  23. CMake: Error required internal CMake variable not set
  24. Powershell script does not run via Scheduled Tasks
  25. How to install Qt on Windows after building?
  26. Foolproof way to check for nonzero (error) return code in windows batch file
  27. ERRORLEVEL vs %ERRORLEVEL% vs exclamation mark ERRORLEVEL exclamation mark
  28. Create a list or an array and print each item in Windows Batch
  29. What are these strange environment variables?
  30. WSL run linux from windows without spawning a cmd-window

Leave a Comment