The EaseFilter File I/O Monitor
The EaseFilter File I/O Monitor can audit file access and change in Windows in Real-Time. With the EaseFilter file monitor you can monitor the file activities on file system level, capture file open, create, overwrite, read, write, query file information, set file information, query security information, set security information, file rename, file delete, directory browsing and file close I/O requests.You can create the file access log, you will know who, when, what files were accessed. You can get comprehensive control and visibility over users and data by tracking and monitoring all the user & file activities, permission changes, storage capacity and generate real-time audit reports.
To start the filter driver, first you need to add the filter rule in the settings, then the filter driver will know which file to be managed.
1. Add filter rule
To manage the files, add the include file filter mask with wild card characters, if you want to have exception for thi filter mask, then add the exclude file filter mask, or let it empty.
You can have multiple filter rules, every include file filter mask must be unique, every include file filter mask can have multiple exclude file filter masks.
When the users acess the files, the filter driver will check the filter rules, if the file matches the include file filter mask of the file rule, then it will check if there are exclude file filter masks in this filter rule, if the file matches the exclude file filter mask, then this file won't be managed, or this file will be managed.
2. Protected processes
To prevent the processes being terminated, you can add the process Id here, remove it if you want to unprotect it.
3. Include processes
If you only want to manage the files from the specific processes, then add the process Id here, or let it empty, it will include all the processes.
4. Exclude processes
If you don't want to manage the files from the specific processes, then add the process Id here, or let it empty, it won't exclude any process.
5. Monitor the I/O requests
To select the I/O requests you want to monitor, so the console will display the I/O information when the filter driver capture the I/O request.
6. Display the file change events only
If you don't want to dispaly so many I/O requests, for the quick setting, you can only display the file change I/O requests when the file change events were selected.
7. Log the file I/O request filter messages
Check the "Log filter message" check box, then the filter I/O request information will be logged to a file.
About EaseFilter Inc.
EaseFilter Inc. is a company who specializes in windows file system filter driver development. It can provide architect, implement and test file system filter drivers for a wide range of functionalities. It also can offer several levels of assistance to meet your specific needs: Provide consulting service for your existing file system filter driver; Customize the SDK to meet your requirement; Create your own filter driver with SDK source code.