File Share Security Enhancer System

(Minifilter Based)

1 Overview

The centralized file sharing feature of Windows is currently a file collaboration method used internally by many enterprises. The file share component integrated in Windows provide the infrastructure for this feature, but some extension function is lacked of or uncompleted on data security, access control and operation audit. FSSES provides 3 additional features for this component, including file data on-the-fly encryption and decryption, more accurate access control rules, access log and operation audit. Deploying this product can also meet the stringent data protection regulations imposed by legislation.  

2 Advantages

• Easy to deploy

It is easy to deploy WinShareExt . It is installed on the computer that provides file sharing services. FSSES does not contains a client side software, so the workload on deploying is notable decreased.

• Independent encryption

The encryption and decryption module of FSSES does not depends on any Windows component. The encryption key is not related to the windows login password. Unlike Windows encrypted file system, after reinstall of OS or changing password will not affect the encryption method of existing files.

3 Features

• Transparent file encryption

WinShareExt is based on a kernel mode minifilter driver. The minfilter framework is highly recommended by Microsoft. It is very convenient to intercept the file I/O requests and insert encryption module on file system stack. It captures the file read request and decrypt the data to make the target application can get the plain data, encrypt the data of file write request to ensure that data on the disk is encrypted.

• Work only with target directory

WinShareExt only filter the directory set by the user and will not encrypt any file outside this directory, so system files will not be encrypted. 

• Encryption option control

The system supports multiple rule control, including encryption key configuration, file name filter, file name exclusion filter, date control etc.

• File access control

The system support file access control based on process name, user name, and remote computer name. WinShareExt can identify the file I/O request whether it is from local or remote computer and implement the access control based on these request. The control options are:

CTRL_NO_ACCESS -- The process or user have no access to dir

CTRL_ENCRYPTED_READ_WRITE -- The read/write request of the process or user will be auto decrypt/encrypt by minifilter.

CTRL_DECRYPT_ON_READ_ONLY -- The read request of the process or user will be auto decrypt by minifilter.

CTRL_BACKUP_CIPHER_TEXT-- The read/write request of the process or user will be ignored by minifilter.

• Cipher Support

WinShareExt integrates the XTEA and AES encryption algorithm into the transparent file encryption core. FSSES can support any type of block encryption algorithm by customized development.

• File backup support

WinShareExt support to authenticate a user or a process to allow them get the encrypted data for file backup.

• File access audit

WinShareExt support access audit. It can audit operation from local user name, remote user, or process. The audit log including file create, access, delete.

• Shell overlay icon 

WinShareExt provide a shell overlay icon module. It add an small lock icon on an encrypted files.  

• File system support

WinShareExt supports any type of file system only if the file system is available in windows. The supported file system list includes fastfat, ntfs. WinShareExt is compatible with the encryption and compression feature in ntfs.

• OS support

Windows 7、Windows 10、Windows 11、Windows 2012 Server、Windows 2018 Server， etc.

4 Support and Services

License type

Clients can evaluate WinShareExt for 1 month. WinShareExt supports two types of license term. 

1. SDK license

The SDK package includes these items shown in the flowing list:

• Executable binary files for both x86 and x64 Windows OS

• Header and lib files for compiling and linking

• A full source code demo project that describes the usage of FSSES API

• WinShareExt SDK reference.pdf

• WinShareExt user’s guide.pdf  

2. Full source code license

The full source code package includes these items shown in the flowing list:

• Executable binary files for both x86 and x64 Windows OS

• Full source code for all modules of WinShareExt .

• WinShareExt SDK reference.pdf

• WinShareExt user’s guide.pdf

Both SDK and source code license are no limitation on number of copy installation. 

Technical support 

License of WinShareExt includes one year of technical support, including questions, bug support, and access to framework maintenance updates. Licensees will also have options to secure major updates (functional enhancements) and OS upgrades as well.

Custom development 

Some clients may want to customize core components of WinShareExt to meet their product needs. In addition to providing full source license, we can be engaged to provide custom development services to modify WinShareExt to client specifications.