Preventing file from being opened much a virus checker

  • Thread starter Thread starter Jim Culver
  • Start date Start date
J

Jim Culver

Hey All,

I have an usual requirement so I thought I'd solicit your opinions
before I start heading down the wrong path.

For the project I am working on I have a need to stop users opening
files if they have been blacklisted by the organization. I won't go
into the reason why the files can by blacklisted as this is
confidential to the organization I am working for, for now can we just
assume that I will be provided with a list of file paths which can not
be opened by the user.

The other interesting part to this is that we will not be allowed to
change the security permissions to the file or containing folders or
implement anything on the file server or to move the files from their
current location.

So in a nutshell what I have been asked to do is when a user attempts
to open a file on their machine, check it against the list of
blacklisted files and if it has been blacklisted then stop the file
from being opened.

So I was thinking along the lines that this must work slightly like a
virus checker in the respect that some virus checkers scan a file
before you open it and prevent you from opening if it contains a
virus.

So I think what I need to be able to do is

1) Detect when a user is trying to open a file bearing in mind the
file will often be on a remote machine.

2) Check the file to see if it is a blacklisted file

3) Stop the file from being opened if it is blacklisted.


So I guess where I come unstuck is on points 1 and 3.

Guess my first question is...has anyone got any idea of how I can tell
when a file is being opened? I have already disregarded using the
file system watcher as I can not predict which remote folders I'd need
to watch in advance. I have also disregarded writing add-ins for word/
excel etc as the solution needs to be able to prevent all applications
from being able to open the file.

My Second question is...assuming I can tell when a file is being
opened is there anyway I can stall the process and then allow it to
continue once I have verified that the file is not blacklisted.

Any suggestions would be greatly appreciated.

Thanks

Jim
 
Hey All,

I have an usual requirement so I thought I'd solicit your opinions
before I start heading down the wrong path.

For the project I am working on I have a need to stop users opening
files if they have been blacklisted by the organization.  I won't go
into the reason why the files can by blacklisted as this is
confidential to the organization I am working for, for now can we just
assume that I will be provided with a list of file paths which can not
be opened by the user.

The other interesting part to this is that we will not be allowed to
change the security permissions to the file or containing folders or
implement anything on the file server or to move the files from their
current location.

So in a nutshell what I have been asked to do is when a user attempts
to open a file on their machine, check it against the list of
blacklisted files and if it has been blacklisted then stop the file
from being opened.

So I was thinking along the lines that this must work slightly like a
virus checker in the respect that some virus checkers scan a file
before you open it and prevent you from opening if it contains a
virus.

So I think what I need to be able to do is

1)  Detect when a user is trying to open a file bearing in mind the
file will often be on a remote machine.

2) Check the file to see if it is a blacklisted file

3)  Stop the file from being opened if it is blacklisted.

So I guess where I come unstuck is on points 1 and 3.

Guess my first question is...has anyone got any idea of how I can tell
when a file is being opened?  I have already disregarded using the
file system watcher as I can not predict which remote folders I'd need
to watch in advance.  I have also disregarded writing add-ins for word/
excel etc as the solution needs to be able to prevent all applications
from being able to open the file.

My Second question is...assuming I can tell when a file is being
opened is there anyway I can stall the process and then allow it to
continue once I have verified that the file is not blacklisted.

Any suggestions would be greatly appreciated.

Thanks

Jim
Click to expand...

For a requirement like this, you must develop a "filter driver" for
windows. Not a trivial task and I don't think its possible in .NET.
Just google for it and you may find some ideas.
 
Hey All,

I have an usual requirement so I thought I'd solicit your opinions
before I start heading down the wrong path.

For the project I am working on I have a need to stop users opening
files if they have been blacklisted by the organization.  I won't go
into the reason why the files can by blacklisted as this is
confidential to the organization I am working for, for now can we just
assume that I will be provided with a list of file paths which can not
be opened by the user.

The other interesting part to this is that we will not be allowed to
change the security permissions to the file or containing folders or
implement anything on the file server or to move the files from their
current location.

So in a nutshell what I have been asked to do is when a user attempts
to open a file on their machine, check it against the list of
blacklisted files and if it has been blacklisted then stop the file
from being opened.

So I was thinking along the lines that this must work slightly like a
virus checker in the respect that some virus checkers scan a file
before you open it and prevent you from opening if it contains a
virus.

So I think what I need to be able to do is

1)  Detect when a user is trying to open a file bearing in mind the
file will often be on a remote machine.

2) Check the file to see if it is a blacklisted file

3)  Stop the file from being opened if it is blacklisted.

So I guess where I come unstuck is on points 1 and 3.

Guess my first question is...has anyone got any idea of how I can tell
when a file is being opened?  I have already disregarded using the
file system watcher as I can not predict which remote folders I'd need
to watch in advance.  I have also disregarded writing add-ins for word/
excel etc as the solution needs to be able to prevent all applications
from being able to open the file.

My Second question is...assuming I can tell when a file is being
opened is there anyway I can stall the process and then allow it to
continue once I have verified that the file is not blacklisted.

Any suggestions would be greatly appreciated.

Thanks

Jim
Click to expand...

Hello Jim:
What you want can be done with operating system ACL, you don't need a
program for that..
 
Jim Culver said:
Hey All,

I have an usual requirement so I thought I'd solicit your opinions
before I start heading down the wrong path.

For the project I am working on I have a need to stop users opening
files if they have been blacklisted by the organization. I won't go
into the reason why the files can by blacklisted as this is
confidential to the organization I am working for, for now can we just
assume that I will be provided with a list of file paths which can not
be opened by the user.

The other interesting part to this is that we will not be allowed to
change the security permissions to the file or containing folders or
implement anything on the file server or to move the files from their
current location.
Click to expand...

May I assume that this requirement is because changing security would break
something important?

So this actually makes your problem even more difficult, you have to not
only detect access to the controlled resource, but also whether the access
was initiated by the user (block it) or by the important service (allow it).

Changing the important services to use an alternate user account and then
restricting access to that account is definitely the right way to go.
Trying to hack something using filesystem filters is just going to cause a
lot of pain. How many different names are there for the same file? I can
think of *LOTS*.

If you must treat the file server as readonly, the thing to do seems to be
to reserve the existing user accounts for the important services and create
new accounts for your users that don't have permissions to those files.
 
Back
Top