How do I prevent file deletion using filter rules?


The CBFilter component has BeforeCanFileBeDeleted event, which is fired when an application sets a filter rule with the FS_CE_BEFORE_CAN_DELETE flag included. In the BeforeCanFileBeDeleted event handler, an application needs to inspect the initial value of the CanDelete parameter, and if this parameter is set to true, an application can set the parameter to false and prevent further processing by setting the ProcessRequest parameter to false.

Note that most often, files are deleted by opening them with the DeleteOnClose flag set, and then closing the file. If you follow the above instructions, the file will not be opened in the first place. You might want to allow files to be opened (even when the DeleteOnClose flag is initially set) but not be deleted. In this case, you need to add a filter rule that includes the FS_CE_BEFORE_CAN_DELETE flag, and then handle the BeforeOpenFile event by removing the DeleteOnClose flag from the Options event parameter. Do the same thing for the BeforeCreateFile event too.

If you also want to protect a file's contents from being erased/overwritten even when the file is not deleted, you need to inspect the CreateDisposition parameter of BeforeCreateFile and BeforeOpenFile event handlers, and if the TRUNCATE_EXISTING or CREATE_ALWAYS flag is present, deny the request.

We appreciate your feedback. If you have any questions, comments, or suggestions about this article please contact our support team at support@callback.com.