最新版 EaseFilter File System Monitor Filter Driver SDK v5
EaseFilter
Easecilter Inc. 公司是一家專門從事Windows檔案系統篩選器驅動程式開發的公司。它可以為各種功能提供架構師、實現和測試檔案系統篩檢程式驅動程序。它還可以提供多個級別的幫助,以滿足您的特定需求:為現有的檔案系統篩選器驅動程序提供諮詢服務;自定義SDK以滿足您的需求;使用SDK原始程式碼創建您自己的篩選器驅動程式。
File System Monitor Filter Driver SDK
EaseFilter File System Monitor Filter Driver SDK is a component which can monitor the file system I/O activities on the fly, to know who and when your files were accessed.
File System Control Filter Driver SDK
EaseFilter File System Control Filter Driver SDK is a component which can protect your files being accessed by unauthorized users and processes. file level encryption in kernel on-the-fly
File System Encryption Filter Driver SDK
EaseFilter File system encryption filter driver SDK is a component which provides transparent file level encryption in kernel on-the-fly.
Tiered Storage File System Filter Driver SDK
EaseTag File System Tiered Storage Filter Driver SDK is a component which automatically moves data between high-cost and low-cost storage media. Replace your file with a stub to save the storage space.
File System Monitor Filter Driver SDK
The EaseFilter File I/O Monitor 可以在實時中審核Windows中的文件訪問和更改。使用EaseFilter文件監視器,您可以監視文件系統級別的文件活動,捕獲文件打開,創建,覆蓋,讀取,寫入,查詢文件信息,設置文件信息,查詢安全信息,設置安全信息,文件重命名,文件刪除,目錄瀏覽和文件關閉I / O請求。您可以創建文件訪問日誌,您將知道誰,何時,訪問了哪些文件。通過跟踪和監控所有用戶和文件活動,權限更改,存儲容量並生成實時審計報告,您可以全面控制和查看用戶和數據。
文件系統監控過濾驅動可以實時的監控文件系統的各種活動,它可以捕獲文件的打開,創建,查詢,讀寫,修改文件各種屬性,查詢或修改文件的安全屬性,文件名稱更改,文件刪除,文件關閉,文檔目錄查詢等等各種文件的操作活動。利用文件系統監控過濾驅動開發包可以很容易實現以下軟件功能:
• 持續數據保護的軟件開發。
• 審計軟件的開發。
• 文件訪問日誌軟體的開發。
• 文件修改日誌管理軟體的開發。
功能
Settings
To start the filter driver, first you need to add the filter rule in the settings, then the filter driver will know which file to be managed.
1. Add filter rule
To manage the files, add the include file filter mask with wild card characters, if you want to have exception for thi filter mask, then add the exclude file filter mask, or let it empty.
You can have multiple filter rules, every include file filter mask must be unique, every include file filter mask can have multiple exclude file filter masks.
When the users acess the files, the filter driver will check the filter rules, if the file matches the include file filter mask of the file rule, then it will check if there are exclude file filter masks in this filter rule, if the file matches the exclude file filter mask, then this file won't be managed, or this file will be managed.
2. Protected processes
To prevent the processes being terminated, you can add the process Id here, remove it if you want to unprotect it.
3. Include processes
If you only want to manage the files from the specific processes, then add the process Id here, or let it empty, it will include all the processes.
4. Exclude processes
If you don't want to manage the files from the specific processes, then add the process Id here, or let it empty, it won't exclude any process.
5. Monitor the I/O requests
To select the I/O requests you want to monitor, so the console will display the I/O information when the filter driver capture the I/O request.
5. Display the file change events only
If you don't want to dispaly so many I/O requests, for the quick setting, you can only display the file change I/O requests when the file change events were selected.
6. Log the file I/O request filter messages
Check the "Log filter message" check box, then the filter I/O request information will be logged to a file.
Start Monitor
After start the monitor, in the console, you will see the I/O information as below:
From the console, you can see these information:
1. Time : the transaction time fo the I/O operation.
2. User name: the user who access the file, if it is from remote server, it will add the extra message "the file access from remote server".
3. Process name and process Id: the process which access the file and initiate this I/O request.
4. ThreadId: the thread which access the file and initiate this I/O request.
5. I/O request name: the I/O request name.
6. FileObject: it is similar to file handle concept, every file open, the system I/O manager will gernate a unique file object till the file handle was closed.
6. File name: the file name which was associated to this I/O request.
7. File size: the file size of the file which was accessed..
8. File attributes: the file attributes of the file which was accessed.
9. Last write time: the last write time of the file which was accessed.
10. Return status: the return I/O status, it shows the I/O result if it was return with success, warning or error code.
11. Description: the description shows the extra detail information of the I/O request. a. file was deleted, b. file was renamed, c. new file was created. d. the query data information.
系統需求
Supported Platforms
• Windows 2016
• Windows 10 (32bit, 64bit)
• Windows 8 (32bit, 64bit)
• Windows 2012 Server R2
• Windows 2008 Server R2 (32bit, 64bit)
• Windows 7 (32bit,64bit)
• Windows 2008 Server (32bit, 64bit)
• Windows Vista (32bit,64bit)
• Windows 2003 Server(32bit,64bit)
• Windows XP(32bit,64bit)
File System Control Filter Driver SDK
文件系統控製過濾驅動能夠文件的各種活動,它能捕獲文件到達文件系統前的各種I/O操作。它可修改讀完的數據,也可以容許或拒絕甚至取消各種I/O的操作。利用控製過濾驅動你可以完全控制(容許,拒絕,修改甚至取消)文件的打開,創建,查詢,讀寫,修改文件各種屬性,查詢或修改文件的安全屬性,文件名稱更改,文件刪除,文件關閉,文檔目錄查詢等各種文件的操作活動。利用文件系統控製過濾驅動開發包可以很容易實現以下軟體功能:
•數據保護的軟體開發。
•可以屏閉某些人或程序對特定文件的讀寫操作。
•加密解密軟體的開發。
•基於管理策略的安全軟體。
•隱藏或修改目錄文件。
功能
Settings
To start the filter driver, first you need to add the filter rule in the settings, then the filter driver will know which file to be managed.
1. Add filter rule
To manage the files, add the include file filter mask with wild card characters, if you want to have exception for thi filter mask, then add the exclude file filter mask, or let it empty.
You can have multiple filter rules, every include file filter mask must be unique, every include file filter mask can have multiple exclude file filter masks.
When the users acess the files, the filter driver will check the filter rules, if the file matches the include file filter mask of the file rule, then it will check if there are exclude file filter masks in this filter rule, if the file matches the exclude file filter mask, then this file won't be managed, or this file will be managed.
To control the file access for this filter rule, you can select or unselect the access rights as below:
2. Protected processes
To prevent the processes being terminated, you can add the process Id here, remove it if you want to unprotect it.
3. Include processes
If you only want to manage the files from the specific processes, then add the process Id here, or let it empty, it will include all the processes.
4. Exclude processes
If you don't want to manage the files from the specific processes, then add the process Id here, or let it empty, it won't exclude any process.
5. Register the I/O requests
To select the I/O requests you want to manage, so the console will display the I/O information when the filter driver capture the I/O request.
5. Display the file change events only
If you don't want to dispaly so many I/O requests, for the quick setting, you can only display the file change I/O requests when the file change events were selected.
6. Log the file I/O request filter messages
Check the "Log filter message" check box, then the filter I/O request information will be logged to a file.
Start Protector
After start the protector, in the console, you will see the I/O information as below:
From the console, you can see these information:
1. Time : the transaction time fo the I/O operation.
2. User name: the user who access the file, if it is from remote server, it will add the extra message "the file access from remote server".
3. Process name and process Id: the process which access the file and initiate this I/O request.
4. ThreadId: the thread which access the file and initiate this I/O request.
5. I/O request name: the I/O request name.
6. FileObject: it is similar to file handle concept, every file open, the system I/O manager will gernate a unique file object till the file handle was closed.
6. File name: the file name which was associated to this I/O request.
7. File size: the file size of the file which was accessed..
8. File attributes: the file attributes of the file which was accessed.
9. Last write time: the last write time of the file which was accessed.
10. Return status: the return I/O status, it shows the I/O result if it was return with success, warning or error code.
11. Description: the description shows the extra detail information of the I/O request. a. file was deleted, b. file was renamed, c. new file was created. d. the query data information.
系統需求
Supported Platforms
• Windows 2016
• Windows 10 (32bit, 64bit)
• Windows 8 (32bit, 64bit)
• Windows 2012 Server R2
• Windows 2008 Server R2 (32bit, 64bit)
• Windows 7 (32bit,64bit)
• Windows 2008 Server (32bit, 64bit)
• Windows Vista (32bit,64bit)
• Windows 2003 Server(32bit,64bit)
• Windows XP(32bit,64bit)
File System Encryption Filter Driver SDK
數據洩漏是大多數企業數據安全的主要問題之一。有許多關於信息安全解決方案的技術。入侵檢測,防火牆和專用網絡是信息安全的傳統方法。但是這些方法很難防止數據洩露,因為它們適用於處理網絡和惡意代碼攻擊。
EaseFilter File System Encryption Filter Driver 通過使用透明文件加密技術為數據洩漏提供可靠保護。加密和解密過程在文件系統過濾器驅動程序中執行,對用戶完全透明。通過利用這種透明的方法,您的組織可以實施加密,而無需對應用程序,基礎架構或業務實踐進行更改。
EaseFilter File System Encryption Filter Driver提供了透明的文件級別加密的全面解決方案。它允許開發人員創建的透明加密解產品,它可以實時加密或解密文件,它可以只允許授權用戶或程序才可以訪問加密的文件。選用AES高級加密標準算法Rijndael作為加密算法,它支持的密鑰長度128位,192位和256位。
特色
Windows File System Filter Driver
A file system filter driver intercepts requests targeted at a file system or another file system filter driver. By intercepting the request before it reaches its intended target, the filter driver can extend or replace functionality provided by the original target of the request. File system filtering services are available through the filter manager in Windows. The Filter Manager provides a framework for developing File Systems and File System Filter Drivers without having to manage all the complexities of file I/O. The Filter Manager simplifies the development of third-party filter drivers and solves many of the problems with the existing legacy filter driver model, such as the ability to control load order through an assigned altitude. A filter driver developed to the Filter Manager model is called a minifilter. Every minifilter driver has an assigned altitude, which is a unique identifier that determines where the minifilter is loaded relative to other minifilters in the I/O stack. Altitudes are allocated and managed by Microsoft.
Encryption Algorithm
Encryption is the process in which data (plaintext) is translated into something that appears to be random and meaningless (ciphertext). Decryption is the process in which the ciphertext is converted back to plaintext. A cryptographic algorithm, or cipher, is a mathematical function used in the encryption and decryption process. A cryptographic algorithm works in combination with a key (a number, word, or phrase) to encrypt and decrypt data. To encrypt, the algorithm mathematically combines the information to be protected with a supplied key. The result of this combination is the encrypted data. To decrypt, the algorithm performs a calculation combining the encrypted data with a supplied key. The result of this combination is the decrypted data.
EaseFilter Encryption Filter Driver is using Rijndael (256-bit key) algorithm which is a high security algorithm created by Joan Daemen and Vincent Rijmen (Belgium). Rijndael is the new Advanced Encryption Standard (AES) chosen by the National Institute of Standards and Technology (NIST). At present, there is no way to break any of these algorithms, unless to try all possible keys. If one billion computers were each searching one billion keys per second, it would take over 10*10ˆ24 years to recover information encrypted with a 168-bit algorithm (the age of the universe is 10*10ˆ9 years).
Transparent file encryption and decryption
Transparent file encryption (TFE) performs real-time I/O encryption and decryption of the files in any block data with 16 bytes. The encryption uses a 256 bits symmetric key to encrypt or decrypt the data with AES encryption algorithm. TFE protects data "at rest", meaning the data and files. It provides the ability to comply with policies which can be applied by users, processes and file type. This allows only authorized users and processes to access the encrypted files, unauthorized users and processes can’t access the encrypted files.
Using EaseFilter Encryption Filter Driver
EaseFilter encryption filter driver includes kernel mode filter driver and user mode encryption and decryption APIs. The EaseFilter Driver includes the Access Control component, Isolation layer component and the encryption engine. The EeaseFilter APIs is the component to communicate between client application and the filter driver. The filter APIs expose the interfaces to the client application which can easily monitor or control the filter driver.
系統需求
Supported Platforms
• Windows 2016
• Windows 10 (32bit, 64bit)
• Windows 8 (32bit, 64bit)
• Windows 2012 Server R2
• Windows 2008 Server R2 (32bit, 64bit)
• Windows 7 (32bit,64bit)
• Windows 2008 Server (32bit, 64bit)
• Windows Vista (32bit,64bit)
• Windows 2003 Server(32bit,64bit)
• Windows XP(32bit,64bit)
Tiered Storage File System Filter Driver SDK
對於大多數公司而言,數據 - 特別是非結構化數據 - 每年持續增長50%。每年在存儲上花費更多,以及保護和管理信息的影響經常使IT部門達到極限。包括硬體和軟體在內的無數戰略和解決方案正在出現,以幫助IT經理解決這些問題。有效實施分層存儲是解決這些挑戰的重要解決方案。EaseFilter Inc.開發了一個Tiered Storage File System Filter Driver SDK,可以幫助您將存儲無縫遷移到雲端。
特色
Tiered Cloud Storage
Tiered storage is an underlying principle of ILM(information lifecycle management). It is a storage networkingmethod where data is stored on various types of media based on performance, availability and recovery requirements. For example, data intended for restoration in the event of data loss or corruption could be stored locally -- for fast recovery -- while data for regulatory purposes could be archived to lower cost disks.
Today's tiered storage infrastructures range from simple two-tier architecture consisting of SCSI or fibre channel attached disk and tape to cloud storage. Regardless of the method of tiering, organizations are looking to tiered storage and ILM to lower cost and improve operational efficiency.
Implementing tiered storage infrastructures can dramatically decrease the cost associated with achieving an RPOand RTO of zero. Classification of data can provide different RPOs and RTOs based on application and business requirements. Policy-based data migration ensures that the right data is in the right place at the right time.
Using the cloud as a storage tier
Public cloud computing enables users and IT departments to deploy applications without having to make capital investments in computer hardware.And with storage forming an increasing part of on-premise budgets, public cloud storage provides a way to convert storage costs to an operational expense, rather than a capital expense.
Using the cloud as a storage tier, data can first be moved to a ‘warm’ archive tier of higher-performance disk, where it can still be accessed quickly to meet RPO and RTO SLA’s. As you retain archives for longer, older data can then be moved to a ‘cold’ archive tier with better economics. (This is similar to the tiered storage cost/performance model offered by Amazon S3 with its “warm” Standard tier, “cold” Infrequent Access tier and “frozen” Glacier tier.)
EaseTag Tiered Storage Filter Driver SDK
EaseTag Tiered Storage (hierarchical storage management, HSM) Filter Driver SDK, is a data storage technique which automatically moves data between high-cost and low-cost storage media, such as network attached storage(NAS),optical discs and cloud storage. A stub is created for and replaces each migrated file in the fast disk drives. On the local system, a stub file looks and act like a regular file. When the user application accesses a migrated file stub, the Windows operating system transparently directs a file access request to the EaseTag Tiered Storage SDK. The EaseTag driver will send the request to the remote site to retrieve the data back from the repository to which it was migrated(see Figure 1).
Figure 1. Tiered Storage Data Flow Chart
The automated tiered storage can integrate with existing applications, without affecting the original data and programs. Without any modification of existing applications, the local storage can automatically be extended to the network storage.
Tiered storage can be widely used in telecommunications, government, oil, medical and other industries. Tiered storage is the first choice of medical PACS (Picture Archiving and Communication System, medical imaging storage and transmission systems), a lot of data in such applications are rarely visit, these data are transferred to a less expensive network storage. When users and applications access the stub files in the local storage, it is completely transparent, the system will automatically restore the data back to the stub file from the network storage server. The network attachedstorage is scalable, tiered storage products provide users with an infinite online data space.
The main advantages of EaseTag Tiered Storage are:
- Lower Storage Costs.If you have two terabytes of expensive server storage where 50% of the data is never or rarely accessed, with EaseTag Tiered Storage, you can transfer a terabyte data to the NAS storage or cloud storage, you can save a terabyte storage space in SAN RAID storage.
- To maximize the server's hard disk available space. Reclaim storage space without disrupting users. Set up policies to automatically remove older files from file servers, cleaning up disk space, and replace them with an intelligent shortcut "stub" that invisibly retrieves the original file from the archive.
- To improve efficiency. When the user needs these data, it can be accessed transparently in real time. If you need to recover and restore a file that was accidently deleted or modified in error, you can restore the file or even a whole folder from the repository.
- Reduce the server backup time and recovery time, only need to backup frequently used files.
- Improve data security. the data in the server can be encrypted, and access these data through the storage management software, only authorized users can access the data, and can log the access activities.
- To remove duplicate data, the storage server only keep single instance
系統需求
EaseTag Tiered Storage Filter Driver SDK Compatibility
Compatibility
Operating System for Deployment
- Windows Server 2016
- Windows 10
- Windows 8.1
- Windows 8
- Windows Server 2012
- Windows 7
- Windows XP SP2
- Windows Server 2008
Architecture of Product
- 32Bit
- 64Bit
Product Type
- Component
Component Type
- DLL
Compatible Containers
- Microsoft Visual Studio 2017
- Microsoft Visual Studio 2015
- Microsoft Visual Studio 2013
- Microsoft Visual Studio 2012
- Microsoft Visual Studio 2010
- Microsoft Visual Studio 2008
- Microsoft Visual Studio 6.0
- Microsoft Visual Basic 6.0
- Microsoft Visual C++ 2008
- Microsoft Visual C++ 6.0
EaseFilter File System Filter Driver SDK
The In House Developer License
An In House Developer license allows one developer to create an unlimited number of derived works using the product. The derived works can be deployed to one site (physical location) within your organization. This license does not support royalty free distribution, public facing web or SaaS project deployment scenarios. An In House Developer license covers one developer and/or one location. A license must be purchased for each developer in the team, or for each location the derived works will be deployed at, whichever is the greater.For the additional developer license, the price is the 50% of the regular developer license.
The OEM Developer License
An OEM Developer license allows one developer to create an unlimited number of derived works using the product. A Developer license covers one developer and/or one location. A license must be purchased for each developer in the team, or for each location the derived works will be deployed at, whichever is the greater.For the additional developer license, the price is the 50% of the regular developer license.
The derived works can be deployed to an unlimited number of sites (physical locations) within or outside of your organization. This license type supports royalty free distribution, public facing web and SaaS project deployment scenarios. A single developer working on an SaaS or public facing web project should have this license.
The Source Code License
The Source Code License is not refundable. The Source Code license grants to you nontransferable, nonexclusive, royalty-free license to make and use copies of the Source Code and install such Source Code on any number of your computers (i) for your internal use , (ii) to design, develop and test your software products. You may not redistribute the Source Code, or any component thereof, or not to any third party.