DEVICE upper filter for usbhub.sys,
CLASS upper filter for USB-class devices.
what is different and how i must add filter in each ?
Device filter is provided with the device driver package and are only installed and used for this particular device.
Class filters are provided with some SW product which alters the behaviour of all USB devices in the OS and are installed and used for all USB devices.
–
Maxim S. Shatskih
Microsoft MVP on File System And Storage
xxxxx@storagecraft.com
http://www.storagecraft.com
wrote in message news:xxxxx@ntdev…
> DEVICE upper filter for usbhub.sys,
> CLASS upper filter for USB-class devices.
>
> what is different and how i must add filter in each ?
>
>
>
>
As, unfortunately, almost all usb devices including hubs and ports are in
class USB, a class filter will filter across all these devices, up, down
and around various devnodes, way more than you likely need. You can of
course look in add device at what you are about to get put on top of and
make an intelligent choice about filtering that particular device.
On the other hand installing class filters is butt simple.
If you are actually targeting, for example, root_hubs, a device filter
might be a better choice, as you can directly target just those devices.
But you have to get the inf file right and that is always a PITA, plus you
have the usual signing issues.
Mark Roddy
On Fri, Nov 8, 2013 at 1:41 AM, wrote:
> DEVICE upper filter for usbhub.sys,
> CLASS upper filter for USB-class devices.
>
> what is different and how i must add filter in each ?
>
>
>
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
>
> OSR is HIRING!! See http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
xxxxx@gmail.com wrote:
DEVICE upper filter for usbhub.sys,
CLASS upper filter for USB-class devices.what is different and how i must add filter in each ?
You can’t be a “device upper filter for usbhub.sys”. You can only be a
device upper filter for specific devices. So, you could stroll through
the list of devices on your machine, look for the USB hubs, and install
yourself as an upper filter on those devices.
The “USB class” usually means GUID_DEVCLASS_USB, which includes
everything listed under “Universal Serial Bus controllers” in Device
Manager. That includes a lot of devices that you might not care about.,
like the host controllers themselves.
Doing generic USB filtering is not necessarily easy. There are a lot of
sharp corners.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
IIRC, the OP only needs to block use of USB storage,
and PnP filters aren’t the only way to accomplish this.
Doron has noted that Windows has a policy exactly for this.
/* Is the OP making yet another naive “security solution”
for certain customer already bitten thru USB storage?
That would be hopeless; adversary will find a dozen more ways to get them */
– pa
On 08-Nov-2013 23:18, Tim Roberts wrote:
xxxxx@gmail.com wrote:
> DEVICE upper filter for usbhub.sys,
> CLASS upper filter for USB-class devices.
>
> what is different and how i must add filter in each ?You can’t be a “device upper filter for usbhub.sys”. You can only be a
device upper filter for specific devices. So, you could stroll through
the list of devices on your machine, look for the USB hubs, and install
yourself as an upper filter on those devices.The “USB class” usually means GUID_DEVCLASS_USB, which includes
everything listed under “Universal Serial Bus controllers” in Device
Manager. That includes a lot of devices that you might not care about.,
like the host controllers themselves.Doing generic USB filtering is not necessarily easy. There are a lot of
sharp corners.
Unfortunately it isn’t that simple. As already noted running a vm with more
privileges can defeat the security imposed by group policies in this case.
On Friday, November 8, 2013, Pavel A. wrote:
IIRC, the OP only needs to block use of USB storage,
and PnP filters aren’t the only way to accomplish this.
Doron has noted that Windows has a policy exactly for this./* Is the OP making yet another naive “security solution”
for certain customer already bitten thru USB storage?
That would be hopeless; adversary will find a dozen more ways to get them
*/
– paOn 08-Nov-2013 23:18, Tim Roberts wrote:
> xxxxx@gmail.com wrote:
>
>> DEVICE upper filter for usbhub.sys,
>> CLASS upper filter for USB-class devices.
>>
>> what is different and how i must add filter in each ?
>>
>
> You can’t be a “device upper filter for usbhub.sys”. You can only be a
> device upper filter for specific devices. So, you could stroll through
> the list of devices on your machine, look for the USB hubs, and install
> yourself as an upper filter on those devices.
>
> The “USB class” usually means GUID_DEVCLASS_USB, which includes
> everything listed under “Universal Serial Bus controllers” in Device
> Manager. That includes a lot of devices that you might not care about.,
> like the host controllers themselves.
>
> Doing generic USB filtering is not necessarily easy. There are a lot of
> sharp corners.
>
>
NTDEV is sponsored by OSR
Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
OSR is HIRING!! See http://www.osr.com/careers
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
–
Sent from Gmail Mobile