Description

CBFS Filter allows you to intercept and react to filesystem, registry, and process manager operations as they occur. Advanced filter rules ensure your application is only notified of the operations you care about, and intelligent access rules enable you to enforce access restrictions with no additional effort. Present different file contents to different processes and maintain entirely virtual files. Without writing a single line of driver code, you'll be able to modify data, encrypt files on-the-fly, control access, and block requests entirely.

Comprehensive Features for Maximum Performance

Proactively Intercept and React to Requests

CBFS Filter's robust, rules-based filtering engine is flexible enough to handle use-cases of any scale and complexity. Target the requests you care about with surgical precision, then react to them as they occur.
Log System Activity for Auditing Purposes

Get a complete picture of who or what is accessing your information. CBFS Filter's comprehensive monitoring capabilities let you keep a detailed record of everything that happens on your system.
Secure Files and Enforce Access Restrictions

Implement on-the-fly file encryption, using algorithms of your choice, for deeply-integrated data security. Leverage intelligent access rules to enforce targeted access restrictions via a modern minifilter driver.
File Isolation

File isolation allows different processes to see different file contents when viewing the same file. For example, one process may see decrypted content, while another process would see only encrypted data.
More Reliable than FileSystemWatcher

Never miss a filesystem operation again thanks to CBFS Filter's low-level integration. A dedicated filesystem monitoring component provides everything you need.
Implement Continuous Data Protection (CDP)

Continuously record all filesystem changes, and back up content revisions in real time as each modification occurs. Encrypt the backups before storing them for added peace of mind.
Simple Deployment

The simplified deployment scheme eliminates architecture detection and potential errors. A single CAB file contains all of the drivers and Helper DLLs that are necessary for driver installation.
Flexible Filter Options

Set multiple instances at different altitudes, allowing you to intercept requests before or after other filters.
Create Virtual Files and Registry Keys

Create virtual files and registry keys populated with application-defined data. Windows will recognize them as real, so third-party applications can interact with them in the usual manner.
Monitor Process and Thread Activity

Keep an eye on applications' process and thread activity. Limit access rights to prevent undesired creation, suspension, and termination; and to guard against potentially unwanted programs (PUPs).
Manage and Protect Registry Keys

Full control over registry key creation, modification, enumeration, and deletion allows you to protect registry keys and their values. You can even redirect requests to other registry keys.

[NEW] (Rust) The dynamic library is now loaded only when a trait instance is created.
Version: 24.0.9316
Date: July 4, 2025

[IMPORTANT] [CBMonitor, CBFilter] In AfterGetFileSecurity and NotifyGetFileSecurity events, the semantics of the Length and LengthNeeded parameters has changed. The LengthNeeded parameter has been renamed to DescriptorLength to reflect the nature of the value.
[NEW] [CBMonitor, CBFilter] Added the INSTALL_SKIP_PREPARING_FILES_WITH_NO_RULES installation flag and the corresponding SkipPreparingFilesWithNoRules configuration setting.
[NEW] [CBMonitor, CBFilter] Added the DelayTimeoutStart configuration setting.
[FIX] Filter rules with an inverted PID mask (~PID|filtered_path) were interpreted in the kernel parser as rules with a process name mask.
[FIX] [CBMonitor, CBFilter] On Windows 2016 Server and Windows 2012 R2 Server, a crash could occur when using the CollectRemoteOpenInformation setting due to the misleading information provided by the OS (the version number suggests a certain format of the data, while the data have different format). Windows 2019 Server provides the correct version number, and the problem doesn't exist in newer OS versions.
[FIX] [CBMonitor, CBFilter] Improved caching of network resource paths for the purpose of correct back-resolving of NT-native paths of network files to their local/mapped paths.
[FIX] [CBFilter] In some cases, a crash could occur when the PassSecurityInFileOpenEvents setting was set and no security information was available during file opening.
[FIX] [CBFilter] If a MMF could not be opened in the CreateFileDirect when requested, a handle to a file was returned instead of an error.
[FIX] [CBFilter] An MMF could not be opened from the BeforeWriteFile event.
[FIX] [CBFilter] If a file was opened asynchronously and isolation-by-redirection was used, the backend file was also opened asynchronously, which could cause problems with NTFS.

Additional Information