Help on Minifilter

I am working on minifilter and currently want to block some malicious downloads opening. Whenever a user downloads and tries to open the file, send the file path to user-mode, and then the user-mode scans the file content and reverts to the kernel part.
If the file is malicious then block the opening file.

I know that I can block the file open/create in IRP_MJ_CREATE but the problem is that when chrome downloads a file then it makes .tmp->.crdownload->.actualFIleExtenion → modifies

I need to block/allow it once the file is opened just after download.

Any help will be much appreciated.
Thanks to the great community.

Is this for work or a hobby? If it’s for work I’d suggest getting some outside design help or taking a seminar. No disrespect meant, it’s just that this kind of project really requires design before whacking away at code trying to get something working.

@“Scott_Noone_(OSR)” I am making it for learning purpose. I want to scan every file after download before opening the file for security purpose. OSR seminars is really awesome but I can’t afford as of now but excited to know about. For me like students how can We attend OSR seminars ?