I've recently been working on a new mini-filter driver project, and received the altitude assignment from Microsoft for it to be in the "FSFilter Security Monitor" load order group and in the altitude range 392000 - 394999. When filling in the .INF file, I realized that even with the 10.0.26100.0 Windows SDK, the header file "devguid.h" does not have a GUID macro for "GUID_DEVCLASS_FSFILTER_SECURITYMONITOR", as one would expect there to be.
Assuming that the "Class" value in the "[Version]" section should be "SecurityMonitor", does anybody know what the appropriate GUID value is that would be associated with it? Microsoft and Google have been uninformative on the subject.
For comparison, the "FSFilter Activity Monitor" load order group has the "Class" value "ActivityMonitor" and the "ClassGuid" value "{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}".
In the absence of any authoritative value from Microsoft at this time, should there be any problems expected during driver installation of the .INF file simply uses the activity monitor class & class GUID values for now until such time as appropriate values are available from Microsoft for security monitor filter drivers?
Can you provide me with the code ? Am studying drivers and didn't learn much from DDK samples and WDF samples are too complex for me. I posted a thread like a month ago wothout any answers.
And yes you do need GUID, because without it, your filter wouldn't attach to the device tree.
And from what I have learned you gotta use PNPBAD or somthing and auto detect the GUID in the installation process.
My employer owns the code for the project and I'm not at liberty to disclose it for use as your learning example. I think you entirely misunderstood my question; Microsoft introduced a new load order group & altitude range for "Security Monitor" file system mini-filter drivers, but they appear to have not updated some relevant collateral and so there is some missing information that I'm trying to track down. Very specifically, for the .inf file, there are 2 items in the "[Version]" section which must contain valid values, and those are the "Class" and "ClassGUID" values. For the "Security Filter" load order group, those values are not currently documented by Microsoft in any public documentation that I can find online or in the current release of the Windows SDK or DDK.
I don't mean to hi-jack my own thread and send it off on a tangent, but these forums aren't here for people to do your thinking for you and provide you with completely finished device driver projects. The Microsoft DDK provides dozens of basic examples for a variety of device drivers, and they are freely available for download. They are present on GitHub, too. OSR offers multiple week-long classes for device driver development. I benefited immensely from paying to attend 2 of them and they were very much worth the time & money. If you have very specific questions about certain things that you don't understand, those are the questions that you need to be making posts about on these forums.
These are new ranges...I asked at Plugfest and the answer was to just use the class and GUID for the corresponding non-security one (i.e. the normal Activity Monitor values in this case).