Method and system applying policy on screened files

Assignee

• Microsoft Corporation · US

Inventors

• Sarosh C. Havewala · Kirkland, US
• Neal R. Christiansen · Bellevue, US
• Ran Kalach · Bellevue, US
• Ravinder S. Thind · Sammamish, US
• Jeremiah J. Moon · Glenview, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/6281
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Described is a mechanism comprising a data screening filter and user mode service that applies (enforces) policies regarding allowing or blocking file content of a directory, based on matching the filename against patterns associated with that directory. An administrator configures a screening policy, such as the types of files to allow in a particular directory and the types of files to block. File groups of member patterns and non-member exclusion patterns are defined and selectively collected in directory screening objects (DSOs). A directory screening object (DSO) is associated with a directory. When an I/O create request specifying a filename and a target directory is received, the filename is evaluated against the member/non-member patterns in the file groups referenced by the DSO for that directory to make for an allow or block policy decision. If not matched, DSOs on parent directories are evaluated upwards seeking a policy decision.