最新版 EaseFilter File System Monitor Filter Driver SDK v5 更新於 2024/6/9
EaseFilter
Easecilter Inc. 公司是一家專門從事Windows檔案系統篩選器驅動程式開發的公司。它可以為各種功能提供架構師、實現和測試檔案系統篩檢程式驅動程序。它還可以提供多個級別的幫助,以滿足您的特定需求:為現有的檔案系統篩選器驅動程序提供諮詢服務;自定義SDK以滿足您的需求;使用SDK原始程式碼創建您自己的篩選器驅動程式。
File System Monitor Filter Driver SDK
EaseFilter File System Monitor Filter Driver SDK is a component which can monitor the file system I/O activities on the fly, to know who and when your files were accessed.
File System Control Filter Driver SDK
EaseFilter File System Control Filter Driver SDK is a component which can protect your files being accessed by unauthorized users and processes. file level encryption in kernel on-the-fly
File System Encryption Filter Driver SDK
EaseFilter File system encryption filter driver SDK is a component which provides transparent file level encryption in kernel on-the-fly.
CloudTier Storage Tiering SDK
CloudTier Storage Tiering SDK (also Hierarchical Storage Management, HSM) is a data storage technique that automatically moves data between high-cost and low-cost storage media, is the automated progression or demotion of data across different tiers of storage devices and media. The CloudTier Storage Tiering SDK provides you an automatic way of managing and distributing data between the different storage, allows the automated data movement between the tiers of storage based on the defined rules and policies.
File System Monitor Filter Driver SDK
The EaseFilter File I/O Monitor 可以在實時中審核Windows中的文件訪問和更改。使用EaseFilter文件監視器,您可以監視文件系統級別的文件活動,捕獲文件打開,創建,覆蓋,讀取,寫入,查詢文件信息,設置文件信息,查詢安全信息,設置安全信息,文件重命名,文件刪除,目錄瀏覽和文件關閉I / O請求。您可以創建文件訪問日誌,您將知道誰,何時,訪問了哪些文件。通過跟踪和監控所有用戶和文件活動,權限更改,存儲容量並生成實時審計報告,您可以全面控制和查看用戶和數據。
文件系統監控過濾驅動可以實時的監控文件系統的各種活動,它可以捕獲文件的打開,創建,查詢,讀寫,修改文件各種屬性,查詢或修改文件的安全屬性,文件名稱更改,文件刪除,文件關閉,文檔目錄查詢等等各種文件的操作活動。利用文件系統監控過濾驅動開發包可以很容易實現以下軟件功能:
• 持續數據保護的軟件開發。
• 審計軟件的開發。
• 文件訪問日誌軟體的開發。
• 文件修改日誌管理軟體的開發。
功能
Settings
To start the filter driver, first you need to add the filter rule in the settings, then the filter driver will know which file to be managed.
1. Add filter rule
To manage the files, add the include file filter mask with wild card characters, if you want to have exception for thi filter mask, then add the exclude file filter mask, or let it empty.
You can have multiple filter rules, every include file filter mask must be unique, every include file filter mask can have multiple exclude file filter masks.
When the users acess the files, the filter driver will check the filter rules, if the file matches the include file filter mask of the file rule, then it will check if there are exclude file filter masks in this filter rule, if the file matches the exclude file filter mask, then this file won't be managed, or this file will be managed.
2. Protected processes
To prevent the processes being terminated, you can add the process Id here, remove it if you want to unprotect it.
3. Include processes
If you only want to manage the files from the specific processes, then add the process Id here, or let it empty, it will include all the processes.
4. Exclude processes
If you don't want to manage the files from the specific processes, then add the process Id here, or let it empty, it won't exclude any process.
5. Monitor the I/O requests
To select the I/O requests you want to monitor, so the console will display the I/O information when the filter driver capture the I/O request.
5. Display the file change events only
If you don't want to dispaly so many I/O requests, for the quick setting, you can only display the file change I/O requests when the file change events were selected.
6. Log the file I/O request filter messages
Check the "Log filter message" check box, then the filter I/O request information will be logged to a file.
Start Monitor
After start the monitor, in the console, you will see the I/O information as below:
From the console, you can see these information:
1. Time : the transaction time fo the I/O operation.
2. User name: the user who access the file, if it is from remote server, it will add the extra message "the file access from remote server".
3. Process name and process Id: the process which access the file and initiate this I/O request.
4. ThreadId: the thread which access the file and initiate this I/O request.
5. I/O request name: the I/O request name.
6. FileObject: it is similar to file handle concept, every file open, the system I/O manager will gernate a unique file object till the file handle was closed.
6. File name: the file name which was associated to this I/O request.
7. File size: the file size of the file which was accessed..
8. File attributes: the file attributes of the file which was accessed.
9. Last write time: the last write time of the file which was accessed.
10. Return status: the return I/O status, it shows the I/O result if it was return with success, warning or error code.
11. Description: the description shows the extra detail information of the I/O request. a. file was deleted, b. file was renamed, c. new file was created. d. the query data information.
系統需求
Supported Platforms
• Windows 2016/Windows 2019/Windows 2022
• Windows 10/11 (32bit, 64bit)
• Windows 8 (32bit, 64bit)
• Windows 2012 Server R2
• Windows 2008 Server R2 (32bit, 64bit)
• Windows 7 (32bit,64bit)
File System Control Filter Driver SDK
文件系統控製過濾驅動能夠文件的各種活動,它能捕獲文件到達文件系統前的各種I/O操作。它可修改讀完的數據,也可以容許或拒絕甚至取消各種I/O的操作。利用控製過濾驅動你可以完全控制(容許,拒絕,修改甚至取消)文件的打開,創建,查詢,讀寫,修改文件各種屬性,查詢或修改文件的安全屬性,文件名稱更改,文件刪除,文件關閉,文檔目錄查詢等各種文件的操作活動。利用文件系統控製過濾驅動開發包可以很容易實現以下軟體功能:
•數據保護的軟體開發。
•可以屏閉某些人或程序對特定文件的讀寫操作。
•加密解密軟體的開發。
•基於管理策略的安全軟體。
•隱藏或修改目錄文件。
功能
Settings
To start the filter driver, first you need to add the filter rule in the settings, then the filter driver will know which file to be managed.
1. Add filter rule
To manage the files, add the include file filter mask with wild card characters, if you want to have exception for thi filter mask, then add the exclude file filter mask, or let it empty.
You can have multiple filter rules, every include file filter mask must be unique, every include file filter mask can have multiple exclude file filter masks.
When the users acess the files, the filter driver will check the filter rules, if the file matches the include file filter mask of the file rule, then it will check if there are exclude file filter masks in this filter rule, if the file matches the exclude file filter mask, then this file won't be managed, or this file will be managed.
To control the file access for this filter rule, you can select or unselect the access rights as below:
2. Protected processes
To prevent the processes being terminated, you can add the process Id here, remove it if you want to unprotect it.
3. Include processes
If you only want to manage the files from the specific processes, then add the process Id here, or let it empty, it will include all the processes.
4. Exclude processes
If you don't want to manage the files from the specific processes, then add the process Id here, or let it empty, it won't exclude any process.
5. Register the I/O requests
To select the I/O requests you want to manage, so the console will display the I/O information when the filter driver capture the I/O request.
5. Display the file change events only
If you don't want to dispaly so many I/O requests, for the quick setting, you can only display the file change I/O requests when the file change events were selected.
6. Log the file I/O request filter messages
Check the "Log filter message" check box, then the filter I/O request information will be logged to a file.
Start Protector
After start the protector, in the console, you will see the I/O information as below:
From the console, you can see these information:
1. Time : the transaction time fo the I/O operation.
2. User name: the user who access the file, if it is from remote server, it will add the extra message "the file access from remote server".
3. Process name and process Id: the process which access the file and initiate this I/O request.
4. ThreadId: the thread which access the file and initiate this I/O request.
5. I/O request name: the I/O request name.
6. FileObject: it is similar to file handle concept, every file open, the system I/O manager will gernate a unique file object till the file handle was closed.
6. File name: the file name which was associated to this I/O request.
7. File size: the file size of the file which was accessed..
8. File attributes: the file attributes of the file which was accessed.
9. Last write time: the last write time of the file which was accessed.
10. Return status: the return I/O status, it shows the I/O result if it was return with success, warning or error code.
11. Description: the description shows the extra detail information of the I/O request. a. file was deleted, b. file was renamed, c. new file was created. d. the query data information.
系統需求
Supported Platforms
• Windows 2016/Windows 2019/Windows 2022
• Windows 10/11 (32bit, 64bit)
• Windows 8 (32bit, 64bit)
• Windows 2012 Server R2
• Windows 2008 Server R2 (32bit, 64bit)
• Windows 7 (32bit,64bit)
File System Encryption Filter Driver SDK
數據洩漏是大多數企業數據安全的主要問題之一。有許多關於信息安全解決方案的技術。入侵檢測,防火牆和專用網絡是信息安全的傳統方法。但是這些方法很難防止數據洩露,因為它們適用於處理網絡和惡意代碼攻擊。
EaseFilter File System Encryption Filter Driver 通過使用透明文件加密技術為數據洩漏提供可靠保護。加密和解密過程在文件系統過濾器驅動程序中執行,對用戶完全透明。通過利用這種透明的方法,您的組織可以實施加密,而無需對應用程序,基礎架構或業務實踐進行更改。
EaseFilter File System Encryption Filter Driver提供了透明的文件級別加密的全面解決方案。它允許開發人員創建的透明加密解產品,它可以實時加密或解密文件,它可以只允許授權用戶或程序才可以訪問加密的文件。選用AES高級加密標準算法Rijndael作為加密算法,它支持的密鑰長度128位,192位和256位。
特色
Windows File System Filter Driver
A file system filter driver intercepts requests targeted at a file system or another file system filter driver. By intercepting the request before it reaches its intended target, the filter driver can extend or replace functionality provided by the original target of the request. File system filtering services are available through the filter manager in Windows. The Filter Manager provides a framework for developing File Systems and File System Filter Drivers without having to manage all the complexities of file I/O. The Filter Manager simplifies the development of third-party filter drivers and solves many of the problems with the existing legacy filter driver model, such as the ability to control load order through an assigned altitude. A filter driver developed to the Filter Manager model is called a minifilter. Every minifilter driver has an assigned altitude, which is a unique identifier that determines where the minifilter is loaded relative to other minifilters in the I/O stack. Altitudes are allocated and managed by Microsoft.
Encryption Algorithm
Encryption is the process in which data (plaintext) is translated into something that appears to be random and meaningless (ciphertext). Decryption is the process in which the ciphertext is converted back to plaintext. A cryptographic algorithm, or cipher, is a mathematical function used in the encryption and decryption process. A cryptographic algorithm works in combination with a key (a number, word, or phrase) to encrypt and decrypt data. To encrypt, the algorithm mathematically combines the information to be protected with a supplied key. The result of this combination is the encrypted data. To decrypt, the algorithm performs a calculation combining the encrypted data with a supplied key. The result of this combination is the decrypted data.
EaseFilter Encryption Filter Driver is using Rijndael (256-bit key) algorithm which is a high security algorithm created by Joan Daemen and Vincent Rijmen (Belgium). Rijndael is the new Advanced Encryption Standard (AES) chosen by the National Institute of Standards and Technology (NIST). At present, there is no way to break any of these algorithms, unless to try all possible keys. If one billion computers were each searching one billion keys per second, it would take over 10*10ˆ24 years to recover information encrypted with a 168-bit algorithm (the age of the universe is 10*10ˆ9 years).
Transparent file encryption and decryption
Transparent file encryption (TFE) performs real-time I/O encryption and decryption of the files in any block data with 16 bytes. The encryption uses a 256 bits symmetric key to encrypt or decrypt the data with AES encryption algorithm. TFE protects data "at rest", meaning the data and files. It provides the ability to comply with policies which can be applied by users, processes and file type. This allows only authorized users and processes to access the encrypted files, unauthorized users and processes can’t access the encrypted files.
Using EaseFilter Encryption Filter Driver
EaseFilter encryption filter driver includes kernel mode filter driver and user mode encryption and decryption APIs. The EaseFilter Driver includes the Access Control component, Isolation layer component and the encryption engine. The EeaseFilter APIs is the component to communicate between client application and the filter driver. The filter APIs expose the interfaces to the client application which can easily monitor or control the filter driver.
系統需求
Supported Platforms
• Windows 2016/Windows 2019/Windows 2022
• Windows 10/11 (32bit, 64bit)
• Windows 8 (32bit, 64bit)
• Windows 2012 Server R2
• Windows 2008 Server R2 (32bit, 64bit)
• Windows 7 (32bit,64bit)
CloudTier File System Filter Driver SDK
對於大多數公司而言,數據(尤其是非結構化數據)每年繼續以 50% 的速度成長。每年在儲存以及保護和管理資訊方面花費更多的費用常常將 IT 部門推向極限。再加上更長的強制保留期,當今的資訊管理挑戰迫使 IT 員工(從副總裁到系統管理員)降低複雜性和成本,同時又不讓組織的基礎設施、資訊和智慧財產權面臨風險。 EaseFilter 開發了 CloudTier Tiered Storage SDK 來協助您將儲存空間無縫遷移到雲端。
CloudTier Tiered Storage SDK
CloudTier Tiered Storage (hierarchical storage management, HSM) Filter Driver SDK, is a data storage technique which automatically moves data between high-cost and low-cost storage media, such as network attached storage(NAS),optical discs and cloud storage. A stub is created for and replaces each migrated file in the fast disk drives. On the local system, a stub file looks and act like a regular file. When the user application accesses a migrated file stub, the Windows operating system transparently directs a file access request to the CloudTier Tiered Storage SDK. The CloudTier driver will send the request to the remote site to retrieve the data back from the repository to which it was migrated(see Figure 1).
Figure 1. Tiered Storage Data Flow Chart
特色
The main advantages of CloudTier Tiered Storage are:
– Lower Storage Costs
If you have two terabytes of expensive server storage where 50% of the data is never or rarely accessed, with CloudTier Tiered Storage, you can transfer a terabyte data to the NAS storage or cloud storage, you can save a terabyte storage space in SAN RAID storage.
– To maximize the server's hard disk available space
Reclaim storage space without disrupting users. Set up policies to automatically remove older files from file servers, cleaning up disk space, and replace them with an intelligent shortcut "stub" that invisibly retrieves the original file from the archive.
– To improve efficiency
When the user needs these data, it can be accessed transparently in real time. If you need to recover and restore a file that was accidently deleted or modified in error, you can restore the file or even a whole folder from the repository.
– Reduce the server backup time and recovery time, only need to backup frequently used files.
– Improve data security
the data in the server can be encrypted, and access these data through the storage management software, only authorized users can access the data, and can log the access activities.
– To remove duplicate data, the storage server only keep single instance
系統需求
Supported Platforms
• Windows 2016/2019 Server 64bit
• Windows 8/10 (32bit,64bit)
• Windows 2012 Server R2 (32bit,64bit)
• Windows 2008 Server R2 ( 32bit, 64bit)
• Windows 7 (32bit,64bit)
EaseFilter File System Filter Driver SDK
The In House Developer License
An In House Developer license allows one developer to create an unlimited number of derived works using the product. The derived works can be deployed to one site (physical location) within your organization. This license does not support royalty free distribution, public facing web or SaaS project deployment scenarios. An In House Developer license covers one developer and/or one location. A license must be purchased for each developer in the team, or for each location the derived works will be deployed at, whichever is the greater.For the additional developer license, the price is the 50% of the regular developer license.
The OEM Developer License
An OEM Developer license allows one developer to create an unlimited number of derived works using the product. A Developer license covers one developer and/or one location. A license must be purchased for each developer in the team, or for each location the derived works will be deployed at, whichever is the greater.For the additional developer license, the price is the 50% of the regular developer license.
The derived works can be deployed to an unlimited number of sites (physical locations) within or outside of your organization. This license type supports royalty free distribution, public facing web and SaaS project deployment scenarios. A single developer working on an SaaS or public facing web project should have this license.
The Source Code License
The Source Code License is not refundable. The Source Code license grants to you nontransferable, nonexclusive, royalty-free license to make and use copies of the Source Code and install such Source Code on any number of your computers (i) for your internal use , (ii) to design, develop and test your software products. You may not redistribute the Source Code, or any component thereof, or not to any third party.