I want to give my application data folder kaspersky antivirus like security. Where I can add a folder but cant change any content or create any file. I even gave the current user full control security privilege but it just does not working only for this kaspersky data folder. I can only modify data when I turning off "Self protection option". I just want to give same type of security into my application data folder. I know how to give security to my folder or file but dont know the option by which option kaspersky doing it. If any one have any idea please share with me. Thanks.
+2
A:
Much of what you're looking for can be accomplished with NTFS directory permissions. Just deny Everyone (and SYSTEM, if you're feeling lucky) the permission to create files in the folder or write/append files in the folder. Make sure the permissions apply to "This folder only" and "Files only" respectively, though, or your folder will probably become rather useless til you remove said restriction.
The permissions you need probably won't be obvious. You'll need to be in the advanced permissions dialog in order to set them.
Anyway, you don't really need C# to do it. You could use code if you really wanted to, but you'd do it the same way you'd set any other permissions on files and folders.
cHao
2010-10-01 06:53:52
Is there any way that only my application can use it...?
Barun
2010-10-01 07:44:19
Depends on what you mean by "only your application can use it". Any app running under the same user that owns the folder can change permissions on the folder almost at will, and that's a pain to prevent unless the app runs with its own username and owns the folder. Even then, if you're trying to "protect" a folder that's important to Windows, you'll end up fighting with SYSTEM over control of the folder.
cHao
2010-10-01 08:30:01
"and that's a pain to prevent unless the app runs with its own username and owns the folder"..............can I do that ? I mean having my own username for my application ...
Barun
2010-10-01 08:43:17
You can if you run part of your program as a Windows service, which could be set up to run as any user (including SYSTEM). AFAIK most anti-malware and anti-virus stuff does that, usually so it can bypass some permissions/restrictions to get at the real baddies, but you could conceivably use it to enforce some permissions of your own if you really want to. I thought i remembered some way to set up a shortcut so it'd launch a program as whatever user you set up, but i'm not easily finding that now.
cHao
2010-10-01 09:51:22
But Kaspersky not using any process . I checked it by software called unlocker. How is it doing it ? I tried in various way to find how kaspersky doing it, I even Changed the folder ownership to current user. But nothing is working.
Barun
2010-10-01 10:15:19
You can own a folder and be unable to write stuff to it. 'Deny' permissions overrule 'Allow' permissions -- even for administrators, even for the owner of the folder/file. Check the permissions for this folder being "protected", particularly any 'Deny' lines in the advanced permissions.
cHao
2010-10-01 16:19:45
A:
Finaly I got it ... kaspersky protecting its folder by starting a Service. For that reason the Unlock software unable to track the process handle.
Barun
2010-10-01 22:29:36