I remember coming across an article on I think CodeProject quite some time ago regarding an antivirus or antimalware some guy was writing where he hooked into the Windows API to be able to catch whenever a new process was started and was prompting he user before allowing the process to start.
I can no longer find the article, and would actually like to be able to implement something like this. Currently, we have a custom browser built on Gecko that we've integrated access restrictions to sites based on our internal employee security levels, etc. We prevent any other browser from running with a timer and a call to Process.GetProcessesByName() from a list of the browsers we don't allow.
What we want to accomplish is, instead of just blocking these browsers, where there is a small delay between the other browser starting and it being killed by our service, we'd like to be able to display a dialog instead of the process launching at all, explaining that the program isn't in the allowed list. This way, we can generate a list of "allowed" processes and just block everything else (we haven't yet had a problem with outside apps being installed, but you can never be too careful).
Unfortunately, we don't do much Windows API programming from C#, so I'm not sure where to begin looking for what calls we need to hook.
Even just a starting point of what to read up on would be helpful.