FESF for Windows is implemented as a set of Windows File System Minifilters. These filters instantiate above Windows File Systems and intercept traffic on its way to and from those File Systems. More specifically, FESF uses an exceptionally complex type of Minifilter referred to as an Isolation Minifilter. This is what allows FESF to provide simultaneous decrypted and raw views of a file.
When we think about interoperability here at OSR, we typically consider four distinct areas of operation:
•The ability of ordinary (user-mode) applications to perform file operations “as usual”, using the file systems that FESF is filtering. This includes FESF providing encryption/decryption of file data transparently, based on policies defined by the Solution. Note that this doesn’t only include supporting read and write, however; It also includes other aspects, such as support for corrected file lengths in directory and attribute queries.
•The ability of FESF to work across multiple, different, version of the Windows operating system.
•The ability of FESF to interoperate with standard Windows components, including Microsoft-developed File Systems and File System Minifilters.
•The ability of FESF to interoperate with non-Microsoft developed components that implement features and functionality similar to file systems, implement actual unique file systems, or that impact a standard Microsoft file system. These are most typically Windows File System Filters and File System Minifilters developed by vendors. This category includes, for example, non-Microsoft developed antivirus products and non-Microsoft developed cloud storage products.
File System interoperability is sufficiently complex that the only way to know if a given set of products are interoperable is to try them and see if they all work together. A proof point for this is that for the past 15 years or so Microsoft has hosted biannual “Plugfests.” According to the official Microsoft invitation, the goal of these events is:
[T]o help you prepare your
file system minifilter, network filter,
or boot encryption driver for the
next version of Windows by performing interoperability
testing with other
products.
An OSR engineering team regularly attends these events along with teams from more than 50 other software vendors worldwide and Microsoft product teams. During the five days that Plugfest lasts, our team works collaboratively with other teams to ensure our products work together and with the latest version of Windows. When interoperability problems are discovered, engineering teams from both companies are present to identify and solve them.
Still, serious interoperability problems between Windows and File System components built by first-tier vendors are common. For example, consider the serious problems caused by the April 2019 Monthly Rollup (KB4493472) for many big AntiVirus vendors (including Sophos, McAfee, Avira, Avast, ArcaBit and others).
Why is File System interoperability so complex? What can we do about it? Those are the topics we’ll address in the remainder of this document.