Free Trial

What's New in Version 2026

The 2026 release of the Callback Technologies product line is now available, featuring two new component libraries:

In addition, a wide range of improvements have been made to our existing products, including:

PCAP Filter

PCAP Filter is a new product in the 2026 release for monitoring and filtering network traffic at the packet level without writing low-level driver code. Available on Windows, Linux, and macOS, the SDK exposes two event-driven components: IPMonitor for passive capture and NetFilter for active filtering, built on a filtering engine that accepts BPF expressions and supports more advanced filtering logic where needed.

Packet payloads can be modified in place, enlarged, or reduced, enabling header injection, content rewriting, and other transformation scenarios. Applications can also inject packets directly into the network stack via SendPacket and ResendPacket.

CBFS Encrypt

CBFS Encrypt is a new product in the 2026 release that provides transparent, policy-based file encryption at the filesystem level using a kernel-mode driver, with no changes required to existing applications or user workflows. Files are automatically encrypted on write and decrypted on read for authorized processes; all others see only the encrypted bytes on disk.

Policy-based encryption rules specify which files and directories are protected using path and filename pattern matching, with optional subdirectory scope. Trusted process management restricts which applications receive transparent access to decrypted content, while event callbacks give applications real-time visibility into file lifecycle activity. The PasswordNeeded event allows applications to supply per-file encryption passwords dynamically, supporting multi-user and per-document encryption scenarios. Offline methods support encrypting, decrypting, and re-keying files outside the active filter pipeline.

CBFS Connect 2026

CBFS Connect 2026 extends cross-platform coverage to mobile, strengthens access control at the driver level, and tightens up mounting point behavior for multi-session and network deployments.

  • The FUSE component is now available for Android and iOS, enabling virtual filesystem development across desktop and mobile targets from a single codebase.
  • File Isolation gives applications a new mechanism for controlling file access at the driver level, allowing different processes to see different file contents when accessing the same path.
  • Extra Create Parameters (ECPs) passed by Windows with file open and create requests are now accessible during CreateFile and OpenFile event processing, providing richer context for those operations.
  • Session-local mounting points can now optionally be made visible in other sessions of the same user, including elevated sessions.
  • Network mounting points are now protected from accidental removal via the net use /d command.

In most cases upgrading is seamless and requires no code changes, as efforts have been made to maintain backwards compatibility. However, the latest release includes several API changes that may require code changes. The CBFS Connect 2026 API Changes article details major changes between the previous and latest release.

CBFS Filter 2026

CBFS Filter 2026 gives filter applications more context, more direct control over file operations, and better visibility into the origins of monitored activity.

  • Extra Create Parameters (ECPs) passed by Windows with file open and create requests are now accessible in CBFilter and CBMonitor during file open and create event processing, providing richer context for filter decisions.
  • New DeleteFileDirect and SetFileAllocationSizeDirect methods enable direct file management operations from within filter event handlers, without needing to route through the standard filesystem stack.
  • All components now include a CloseHandle method, giving applications explicit control over handle lifecycle management.
  • CBMonitor's new GetOriginatorToken method retrieves the security token of the process that originated a monitored operation, making it easier to make access decisions based on process identity.
  • The driver can now optionally recognize and respect Windows Prefetcher requests, improving compatibility with Windows' read-ahead optimization.

In most cases upgrading is seamless and requires no code changes, as efforts have been made to maintain backwards compatibility. However, the latest release includes several API changes that may require code changes. The CBFS Filter 2026 API Changes article details major changes between the previous and latest release.

CBFS Vault 2026

CBFS Vault 2026 improves write performance for growing vault files and aligns mounting point behavior with the rest of the Callback Technologies product line.

  • Write performance is improved when vault files grow during write operations, via a new configurable size increment setting that controls how aggressively the vault pre-allocates space.
  • Session-local mounting points on Windows can now optionally be made visible in other sessions of the same user, including elevated sessions.
  • Network mounting points are now protected from accidental removal via the net use /d command.

Upgrading is seamless and requires no code changes.

CBFS Shell 2026

CBFS Shell 2026 improves flexibility for service-hosted deployments, expands what's possible with virtual folders, and ensures overlay icons are available earlier in the Windows startup sequence.

  • When a component is used inside a Windows service, impersonation is now optional. The new ImpersonateUserSession configuration setting controls whether events are fired in impersonated threads, with companion settings exposing client identity when impersonation is disabled.
  • ShellFolder now supports multiple concurrent instances of the same virtual folder, each with independent content — useful in "File as Folder" scenarios and when virtual folders are accessed via shell junction points.
  • ShellOverlays now writes icon information to the registry during installation, allowing the shell proxy to supply overlay icons at system startup before the host application is running.

Upgrading is seamless and requires no code changes.

We appreciate your feedback. If you have any questions, comments, or suggestions about this article please contact our support team at support@callback.com.