I have a file system minifilter driver that protects Office Word files by encrypting data and attaching a header file (contains special keys and other information) to it.
First, minifilter driver creates a kernel handle of file object. This handle is Valid in PreCreate operation. All things is successful, there isn?t any error in all pre and post operations after it.
After I install KasperSky in the windows, in PreSetInformation operation that occurs immediately after PreCreate to SetEndOfFileInformation, I get STATUS_INVALID_HANDLE from ObReferenceObjectByHandle function.
Note: This is occurred even if protection of kaspersky disabled or trusted application and files, folders are defined. Bug occurred by installing Kaspersky.
In logs of ProcMon there isn?t any operation from kasper application between PreCreate and PreSetInfo operations.
Any idea to solve the problem is helpful to me.