File System Protector - Lock Files\Folders, Deny Write Access to Files

Status
Not open for further replies.

RmG152

Level 12
Thread author
Verified
Jan 22, 2014
577
NoVirusThanks File System Protector is a powerful utility which uses a kernel-mode driver to completely lock a file or a folder and to deny write access to files (allow read-only). You can write rules for any process or only for specific processes, you can lock files or folders and you can also protect files from modifications (write access) so that processes can only read the file content, but not hijack or modify it. With NoVirusThanks File System Protector you can protect sensitive files and folders from unauthorized accesses or modifications, a swiss army knife against nasty ransomware like CryptoLocker family or to just protect important files.

dvm3qNP.png


On the “Settings” tab you can specify a custom logs folder to save blocked events, and on “Exclusions” tab you can manage trusted applications (using wildcards), so they are excluded from the block-rules. To edit the default rules or to create your custom rules, open the “Rules” tab and then click the button “Edit Rules” (it may ask you Admin credentials) to edit the Rules.DB file. The rules are updated in real-time and writing rules is very easy, you can use wildcards characters and aliases, example:

Code:
[%OPER%: DENY_ALL] [%PROC%: *] [%FILE%: C:\locked-file.txt]
[%OPER%: DENY_ALL] [%PROC%: *process.exe] [%FILE%: *\LockedFolder]
[%OPER%: DENY_WRITE] [%PROC%: *] [%FILE%: C:\read-only.txt]
[%OPER%: DENY_WRITE] [%PROC%: *] [%FILE%: C:\ProtectedFiles\*.txt]
[%OPER%: DENY_WRITE] [%PROC%: *] [%FILE%: C:\ProtectedFiles\*.doc]
[%OPER%: DENY_WRITE] [%PROC%: *] [%FILE%: C:\ProtectedFiles\*.pdf]

Key features and characteristics
  • Prevent the modification of specific files and folders
  • Useful to protect important folders and files
  • Write your own rules to protect any files and folders
  • Specify to monitor any process or only specific processes
  • Easy-to-write rules thanks to wildcarding and aliases
  • Deny write access to files
  • Deny access to folders and files (lock them)
  • Show useful information when an action is blocked
  • Powerful protection thanks to the kernel-mode driver
  • Supports all Microsoft Windows Vista+ OSs
  • Very lightweight in memory and CPU usage
Lock Files & Folders, Deny Write Access to Files with File System Protector | NoVirusThanks
----------------------​

More info by developer:​
Recommended for experienced Windows users only.

Rules are easy to write thanks to wildcarding and aliases:
Code:
; Deny ALL processes from modifying the "read-only.txt" file

[%OPER%: DENY_WRITE] [%PROC%: *] [%FILE%: *\read-only.txt]

; Deny ALL processes from modifying specific files by filtering file extension

[%OPER%: DENY_WRITE] [%PROC%: *] [%FILE%: C:\ProtectedFiles\*.mp3]
[%OPER%: DENY_WRITE] [%PROC%: *] [%FILE%: C:\ProtectedFiles\*.txt]
[%OPER%: DENY_WRITE] [%PROC%: *] [%FILE%: C:\ProtectedFiles\*.doc]
[%OPER%: DENY_WRITE] [%PROC%: *] [%FILE%: C:\ProtectedFiles\*.xls]
[%OPER%: DENY_WRITE] [%PROC%: *] [%FILE%: C:\ProtectedFiles\*.pdf]
[%OPER%: DENY_WRITE] [%PROC%: *] [%FILE%: C:\ProtectedFiles\*.jpg]
[%OPER%: DENY_WRITE] [%PROC%: *] [%FILE%: C:\ProtectedFiles\*.jpeg]
[%OPER%: DENY_WRITE] [%PROC%: *] [%FILE%: C:\ProtectedFiles\*.png]

; Deny cmd.exe from opening "folderX" folder but allow all other processes access

[%OPER%: DENY_ALL] [%PROC%: C:\WINDOWS\System32\cmd.exe] [%FILE%: *\folderX]

; Deny ALL processes from opening "LockedFolder" folder

[%OPER%: DENY_ALL] [%PROC%: *] [%FILE%: *\LockedFolder]

; Deny ALL processes from opening "lockedfile.txt" file

[%OPER%: DENY_ALL] [%PROC%: *] [%FILE%: *\lockedfile.txt]

; Deny ALL processes from accessing the startup folder

[%OPER%: DENY_ALL] [%PROC%: *] [%FILE%: *\Programs\Startup]


Can be used, for example, to lock the startup folder (so processes can't drop files there), prevent modification of specific files (so cryptolocker can't hijack them), lock a file so processes can't even access it, etc. You can exclude trusted applications by simply writing the wildcard to exclude a process, example *\process.exe would exclude process.exe from any rule.

@cruelsister can you test it vs some crypto?
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top