Ensure that restricted processes, like MS Word sub-processes or Internet Explorer, will have access permissions for redirected data!
The team was working on the Client’s product for data protection. One of the main features was seamless file redirection organized by the custom administrator-configured rules. This functionality was implemented by means of file system mini-driver (see also File system driver tutorial).
An issue was detected, when user downloaded DOCX files from the Internet and tried to open them, MS Word reported an error with temporary files. The product was configured to redirect all newly created MS Office file to a secure location. So, the research was required to learn the specifics of downloaded files and temporary MS WOrd file creation.
Apriorit specialist conducted the research and reported that MS Word creates restricted subprocesses to create temporary files. Corresponding file redirection had to take into account the security information of the original folders and the target location to ensure access permissions. As there are a number of situations with restricted process (e.g. Internet Explorer has the Integrity Level = Low), this case was included to the Apriorit knowledge database for the future projects with file redirection.
For more details:Reverse Engineering Case: File Redirection for Restricted Processes
(PDF, 310 KB)