File System Protector - Lock Files\Folders, Deny Write Access to Files

Discussion in 'NoVirusThanks' started by RmG152, Dec 11, 2015.

  1. RmG152

    RmG152 Level 12

    Jan 22, 2014
    NoVirusThanks File System Protector is a powerful utility which uses a kernel-mode driver to completely lock a file or a folder and to deny write access to files (allow read-only). You can write rules for any process or only for specific processes, you can lock files or folders and you can also protect files from modifications (write access) so that processes can only read the file content, but not hijack or modify it. With NoVirusThanks File System Protector you can protect sensitive files and folders from unauthorized accesses or modifications, a swiss army knife against nasty ransomware like CryptoLocker family or to just protect important files.


    On the “Settings” tab you can specify a custom logs folder to save blocked events, and on “Exclusions” tab you can manage trusted applications (using wildcards), so they are excluded from the block-rules. To edit the default rules or to create your custom rules, open the “Rules” tab and then click the button “Edit Rules” (it may ask you Admin credentials) to edit the Rules.DB file. The rules are updated in real-time and writing rules is very easy, you can use wildcards characters and aliases, example:

    [%OPER%: DENY_ALL] [%PROC%: *] [%FILE%: C:\locked-file.txt]
    [%OPER%: DENY_ALL] [%PROC%: *process.exe] [%FILE%: *\LockedFolder]
    [%OPER%: DENY_WRITE] [%PROC%: *] [%FILE%: C:\read-only.txt]
    [%OPER%: DENY_WRITE] [%PROC%: *] [%FILE%: C:\ProtectedFiles\*.txt]
    [%OPER%: DENY_WRITE] [%PROC%: *] [%FILE%: C:\ProtectedFiles\*.doc]
    [%OPER%: DENY_WRITE] [%PROC%: *] [%FILE%: C:\ProtectedFiles\*.pdf]
    Key features and characteristics
    • Prevent the modification of specific files and folders
    • Useful to protect important folders and files
    • Write your own rules to protect any files and folders
    • Specify to monitor any process or only specific processes
    • Easy-to-write rules thanks to wildcarding and aliases
    • Deny write access to files
    • Deny access to folders and files (lock them)
    • Show useful information when an action is blocked
    • Powerful protection thanks to the kernel-mode driver
    • Supports all Microsoft Windows Vista+ OSs
    • Very lightweight in memory and CPU usage
    Lock Files & Folders, Deny Write Access to Files with File System Protector | NoVirusThanks

    More info by developer:​
    Recommended for experienced Windows users only.

    Rules are easy to write thanks to wildcarding and aliases:
    ; Deny ALL processes from modifying the "read-only.txt" file
    [%OPER%: DENY_WRITE] [%PROC%: *] [%FILE%: *\read-only.txt]
    ; Deny ALL processes from modifying specific files by filtering file extension
    [%OPER%: DENY_WRITE] [%PROC%: *] [%FILE%: C:\ProtectedFiles\*.mp3]
    [%OPER%: DENY_WRITE] [%PROC%: *] [%FILE%: C:\ProtectedFiles\*.txt]
    [%OPER%: DENY_WRITE] [%PROC%: *] [%FILE%: C:\ProtectedFiles\*.doc]
    [%OPER%: DENY_WRITE] [%PROC%: *] [%FILE%: C:\ProtectedFiles\*.xls]
    [%OPER%: DENY_WRITE] [%PROC%: *] [%FILE%: C:\ProtectedFiles\*.pdf]
    [%OPER%: DENY_WRITE] [%PROC%: *] [%FILE%: C:\ProtectedFiles\*.jpg]
    [%OPER%: DENY_WRITE] [%PROC%: *] [%FILE%: C:\ProtectedFiles\*.jpeg]
    [%OPER%: DENY_WRITE] [%PROC%: *] [%FILE%: C:\ProtectedFiles\*.png]
    ; Deny cmd.exe from opening "folderX" folder but allow all other processes access
    [%OPER%: DENY_ALL] [%PROC%: C:\WINDOWS\System32\cmd.exe] [%FILE%: *\folderX]
    ; Deny ALL processes from opening "LockedFolder" folder
    [%OPER%: DENY_ALL] [%PROC%: *] [%FILE%: *\LockedFolder]
    ; Deny ALL processes from opening "lockedfile.txt" file
    [%OPER%: DENY_ALL] [%PROC%: *] [%FILE%: *\lockedfile.txt]
    ; Deny ALL processes from accessing the startup folder
    [%OPER%: DENY_ALL] [%PROC%: *] [%FILE%: *\Programs\Startup]

    Can be used, for example, to lock the startup folder (so processes can't drop files there), prevent modification of specific files (so cryptolocker can't hijack them), lock a file so processes can't even access it, etc. You can exclude trusted applications by simply writing the wildcard to exclude a process, example *\process.exe would exclude process.exe from any rule.

    @cruelsister can you test it vs some crypto?
    Moose and Rishi like this.
  2. Moose

    Moose Level 22

    Jun 14, 2011
Similar Threads Forum Date
macOS May Lose Data Due to APFS Filesystem Bug Operating Systems Feb 18, 2018
Hacking Alert Attackers Use Undocumented MS Office Feature to Leak System Profile Data News Archive Sep 19, 2017
Security Alert "Bad Taste" Vulnerability Affects Linux Systems via Malicious Windows MSI Files News Archive Jul 20, 2017
  • About Us

    Our community has been around since 2010, and we pride ourselves on offering unbiased, critical discussion among people of all different backgrounds about security and technology . We are working every day to make sure our community is one of the best.
  • Need Malware Removal Help?

    If you're being redirected from a site you’re trying to visit, seeing constant pop-up ads, unwanted toolbars or strange search results, your computer may be infected with malware. We offer free malware removal assistance to our members in the Malware Removal Assistance forum.
  • Quick Tip

    Without meaning to, you may click a link that installs malware on your computer. To keep your computer safe, only click links and downloads from sites that you trust. Don’t open any unknown file types, or download programs from pop-ups that appear in your browser.