Hi, all,
On Windows 7, x64, we are seeing FltParseFileNameInformation
returning an incorrectly parsed information buffer. I.e. the returned
strings do not match true situation. The issue only occurs when Avira
Free AV is installed on the system. It does not occur on Windows XP x86.
What happens is that:
Name is for example \Device\HarddiskVolume1\Program
Files\MSBuild
ParentDir is \Program Files\
FinalComponent is EMPTY
Without Avira AV, the FinalComponent is correct.
I have noticed several other cases where the ParentDir and
FinalComponent are not correct, but above is a very dangerous scenario.
Another example (for above file name is):
ParentDir is \
FinalComponent is Program Files\MSBuild
It does not happen for all files, it seems to happen for
directories only and only those <8 characters in length, without a
space.
If anyone had this issue and found a correct workaround (i.e.
getting FltParseFileNameInformation to function correctly), I’d
appreciate the tips.
Also, if someone from Avira is on the list, we’d all appreciate
you looking into this.
All file names are normalized.
–
Kind regards, Dejan (MSN support: xxxxx@alfasp.com)
http://www.alfasp.com
File system audit, security and encryption kits.