Currently, for protected files not in the secure volume, an attacker can search for already opened file handles in the system, duplicate them and create hard links, thus completely bypassing MP's protection (MP currently does not look up if the actual file the target hard link points to is protected). Also, set hard link in advance can achieve this purpose before MP is set to protect (and with a higher success rate).
A possible solution would be to add further retrieval for hard links in callback function, though that may cause some extra IO occupation.
The suggestion for current users is to place critical files into the secure volume, and add a device level "protect" like this:"Device\ImDisk\*"
A possible solution would be to add further retrieval for hard links in callback function, though that may cause some extra IO occupation.
The suggestion for current users is to place critical files into the secure volume, and add a device level "protect" like this:"Device\ImDisk\*"
