Most security products today rely on minifilter drivers to monitor filesystem operations, and thus provide on-access capabilities, but are they checking if they’re really working ? Once you register a minifilter you can choose for each mounted volume if you want to filter operations on it, and in this case a new instance will be [...]