Providing security features in write filter environments

Assignee

• Dell Products L.P. · US

Inventors

• Gokul Thiruchengode Vajravel · Kanchinakote, IN
• Ankit Kumar · San Diego, US
• Abhishek Mathur · Prayagraj, IN

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/034
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A security client can provide security features in write filter environments. To prevent improper modifications to a protected volume, the security client can be employed to differentiate between direct I/O requests and reparsed I/O requests that are directed to a shadow volume and to block any direct I/O requests. Alternatively or additionally, the security client can be configured to determine whether an I/O request that is directed to the shadow volume targets an artifact in the write filter's exclusion list, and if not, block the I/O request. Alternatively or additionally, the security client can be configured to monitor registry operations to determine whether a modifying registry operation targets the write filter's persistent shadow registry hive, and if so, allow the modifying registry operation only if it targets a registry key in the write filter's exclusion list.