In KAuth, we were able to monitor file close event using KAUTHFILEOPCLOSE listeners in synchronous fashion
However, corresponding event in Endpoint Security (ESEVENTTYPENOTIFYCLOSE) is Async.
We don’t expect an AUTH event, however we expect it to be synchronous. It is okay even if we are not able to block/deny it.
I understand you have Auth and Notify model in new framework. Having synchronous but not Auth won't fit into your existing model.
May be if it can be exposed as Auth and you can ignore the result as the call being file close.
If you have any suggestion or workaround, let us know.
However, corresponding event in Endpoint Security (ESEVENTTYPENOTIFYCLOSE) is Async.
We don’t expect an AUTH event, however we expect it to be synchronous. It is okay even if we are not able to block/deny it.
I understand you have Auth and Notify model in new framework. Having synchronous but not Auth won't fit into your existing model.
May be if it can be exposed as Auth and you can ignore the result as the call being file close.
If you have any suggestion or workaround, let us know.