My employers asked me to find a way to make a service that runs when a virtual drive is mounted and checks if either the user or a foreign process tries to access it, in case it does, the service should notify the the software responsible for managing the drive and unmount it. This is Because they don't want no one to mess around with the files that are within the drive.
I tried to look up some questions here on stackoverflow, and what I found was: - block the files within the drive DirectoryInfo; - Create a driver with minifilter that checks if file is accessed;
But none of them really answer my question.
I have the code to create and mount the drive and to unmount the drive, I also have the code to block the files with DirectoryInfo, but I don't know how to proceed
Can someone tell me if what I'm trying to achieve is possible, and if so what is the path I should take to do so!
The proper solution is to use a filesystem filter driver, which will check access to the drive synchronously (as the request comes) and block the requests or do any other actions. This might require some work in the kernel mode, or one could use a component like CBFS Filter (disclaimer - we maintain that product), which gives you both predefined rules and an option to handle all requests dynamically in user mode (via events), and with it, your task is solved literally in less than an hour of coding.
A kernel-mode driver can obtain the credentials (name, security token, PID) of the process, which opens the file or performs filesystem operation, and act accordingly. In CBFS Filter, this information is available in the event handlers, so the application can react to it.