It is important for my minifilter driver to see all modifications to the file system. This has never been a problem in all versions of Windows prior to Windows 10 but testing it with Windows 10 has shown that there are some periods of the Windows Update process (not all updates, just what seem to be “major” ones) during which my minifilter driver is not loaded while changes are being made to the filesystem. During the times when my driver is not loaded I do see other minifilters being loaded by fltmgr but not mine. On my system fltmgr loads the following minifilters in this order: FileInfo, Wof, FileCrypt, , npsvctrig, luafv, storqosflt
Has anyone else observed this behavior? Is Windows purposely suppressing 3rd party drivers during the update process so they can make bulk changes without any 3rd party drivers interfering? What I’m really hoping for is that someone knows how to force my driver to load during these periods.
Sharing of any experience with this would be very much appreciated.
What times are you seeing this? Is it during boot processing after you
have installed an update?
Pete
Kernel Drivers
Windows File System and Device Driver Consulting
www.KernelDrivers.com http:</http:>
866.263.9295
------ Original Message ------
From: xxxxx@digitalguardian.com
To: “Windows File Systems Devs Interest List”
Sent: 5/2/2016 9:32:05 AM
Subject: [ntfsd] minifilter not loaded during some portion of Windows 10
update?
>It is important for my minifilter driver to see all modifications to
>the file system. This has never been a problem in all versions of
>Windows prior to Windows 10 but testing it with Windows 10 has shown
>that there are some periods of the Windows Update process (not all
>updates, just what seem to be “major” ones) during which my minifilter
>driver is not loaded while changes are being made to the filesystem.
>During the times when my driver is not loaded I do see other
>minifilters being loaded by fltmgr but not mine. On my system fltmgr
>loads the following minifilters in this order: FileInfo, Wof,
>FileCrypt, , npsvctrig, luafv, storqosflt
>
>Has anyone else observed this behavior? Is Windows purposely
>suppressing 3rd party drivers during the update process so they can
>make bulk changes without any 3rd party drivers interfering? What I’m
>really hoping for is that someone knows how to force my driver to load
>during these periods.
>
>Sharing of any experience with this would be very much appreciated.
>
>—
>NTFSD is sponsored by OSR
>
>
>MONTHLY seminars on crash dump analysis, WDF, Windows internals and
>software drivers!
>Details at http:
>
>To unsubscribe, visit the List Server section of OSR Online at
>http:</http:></http:>
Hi,
We experience the same behaviour with our disk level filter (we provide full disk encryption). This has the obvious effect of stopping Windows setup in it’s tracks as it can’t access the file system on the encrypted disk.
The only way we have been able to make this work is to inject our driver to the setup iso using dism. This is not ideal, in fact it is terrible seeing as these major updates are forced onto consumers, and we have been trying to get some recognition from Microsoft about this issue for some time.
I brought up the issue with the product group last week at PlugFest so hopefully this problem is to be addressed in a better way soon. Thankfully our mini-filter does not suffer too badly in this process but I understand the pain.
Ben
?
Ben Lewis
DESlock Ltd.
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@digitalguardian.com
Sent: 02 May 2016 16:32
To: Windows File Systems Devs Interest List
Subject: [ntfsd] minifilter not loaded during some portion of Windows 10 update?
It is important for my minifilter driver to see all modifications to the file system. This has never been a problem in all versions of Windows prior to Windows 10 but testing it with Windows 10 has shown that there are some periods of the Windows Update process (not all updates, just what seem to be “major” ones) during which my minifilter driver is not loaded while changes are being made to the filesystem. During the times when my driver is not loaded I do see other minifilters being loaded by fltmgr but not mine. On my system fltmgr loads the following minifilters in this order: FileInfo, Wof, FileCrypt, , npsvctrig, luafv, storqosflt
Has anyone else observed this behavior? Is Windows purposely suppressing 3rd party drivers during the update process so they can make bulk changes without any 3rd party drivers interfering? What I’m really hoping for is that someone knows how to force my driver to load during these periods.
Sharing of any experience with this would be very much appreciated.
—
NTFSD is sponsored by OSR
MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at http:
To unsubscribe, visit the List Server section of OSR Online at http:</http:></http:>
> What times are you seeing this? Is it during boot processing after you
have installed an update?
I’m having an engineer analyze the Windows event logs and procmon to hopefully isolate the exact scenario(s) where this happens so that I can implement a workaround by knowing when my driver is not going to get loaded on next reboot. I’ll share that here once/if I have something.
But generally it’s happening during certain boot sequences after initiating an update. It’s only on certain updates and they are ones that involve multiple boot sequences. The data we have so far indicates that it’s only on updates that change the build number of Windows.
Here’s what we observed in a test run:
Begin applying the update
roughly 3:10pm Portion of windows updates which occur while the system is running are complete. User tells the system to reboot to complete the updates.
3:14pm 22% complete with ?working on updates?
3:17pm Reboot
3:17pm ?Updating Windows? “black screen” showing % completion ? Files are being copied but my driver is not loaded
3:35pm Reboot ? ?a one-time boot sequence was used during this boot? seen in Windows event log, also have Windows event logs indicating ‘the boot type was 0x0’, ‘the boot menu policy was 0x1’.
3:36pm ?Updating Windows? “black screen” ? installing features and drivers but my driver is not loaded
3:42pm Reboot ? Same message about one-time boot sequence, but this time my driver is loaded
3:44pm ?Updating Windows? “black screen” ? Configuring settings and my driver is loaded
3:56pm Reboot?? - actually not sure this was a real reboot, doesn’t look like it from the event logs.
3:59pm Login ? my driver is loaded and everything is normal – except that I missed all of the file system modifications in the above phases