PROVIDING SECURITY FEATURES IN WRITE FILTER ENVIRONMENTS

摘要

A security client can provide security features in write filter environments. To prevent improper modifications to a protected volume, the security client can be employed to differentiate between direct I/O requests and reparsed I/O requests that are directed to a shadow volume and to block any direct I/O requests. Alternatively or additionally, the security client can be configured to determine whether an I/O request that is directed to the shadow volume targets an artifact in the write filter's exclusion list, and if not, block the I/O request. Alternatively or additionally, the security client can be configured to monitor registry operations to determine whether a modifying registry operation targets the write filter's persistent shadow registry hive, and if so, allow the modifying registry operation only if it targets a registry key in the write filter's exclusion list.