Completely hide mouse device in device manager

Hi!
I am trying to hide HID mouse device in device manager on win7 x86.
I have written a device filter driver in which I set PNP_DEVICE_DONT_DISPLAY_IN_UI
in completion routine of IRP_MN_QUERY_PNP_DEVICE_STATE .
It works, but the device still displays when I choose “show hidden devices” in device manager.


I wonder if there is a way to completely hide device even when “show hidden devices” is checked.
I have searched for some days but gained nothing…Any help would be appreciated. Thank you!

Only other attribute you can assign to the device is DEVICE_CAPABILITIES:: NoDisplayInUI. I don’t think it will truly hide the decide though. What bigger problem are you trying to solve ?

I hope there isn’t. What you’re describing sounds suspiciously like malware. If I have a device on MY computer, then by gosh I want to see it.

@Doron_Holan said:
Only other attribute you can assign to the device is DEVICE_CAPABILITIES:: NoDisplayInUI. I don’t think it will truly hide the decide though. What bigger problem are you trying to solve ?

I will try it out. My customer has demanded this and I can’t see a bigger problem associated with it. Thanks for advice!

@Tim_Roberts said:
I hope there isn’t. What you’re describing sounds suspiciously like malware. If I have a device on MY computer, then by gosh I want to see it.

Tim, your concern is reasonable, but this is just a driver targeted at specific machine and only used inside a company. Thanks for reply!

To be clear: hiding it in the UI does not hide it from enumeration apis. If the customer is worried about a user going into device manager and changing the devices state or uninstalling it (and thus hide it from the user), the user already has admin rights (only admins can change device state). Which means the user can run any command line program (devcon, pnputil, homegrown l, etc) to change the state of the device.

And as a followup, there are a lot of things that are “targeted at specific machines” and “only used inside a company” that still manage to get released in to the wild … the NSA codebase comes to mind. And I’m pretty sure that your company has laxer security than the NSA.

It sounds like you are attempting to solve a human nature problem with a technical solution; that has never worked, because a human nature problem requires a human nature solution. I would simply suggest to your manager that every time the device X is fiddled with by a user, that user has $10K removed from their next paycheck(s) …

I’m missing the part where you don’t just not give admin privileges to
these users you don’t want doing admin level stuff. It is sort of security
basics 101.

Mark Roddy

Thank you all for help! I talked with my customer and we changed the “hide the device” approach finally.

“The customer is always right” and “the customer is an idiot” are difficult
to reconcile.

Mark Roddy

1 Like