I use a custom minifilter driver, similar in nature to the Microsoft MiniSpy sample, and I wrote a user mode application in C # to communicate with it.
I need administrator rights to set the filter - this seems reasonable. But without administrator privileges, my application returns HResult:0x80070005 (Access is denied)for critical calls like FilterAttachand FilterConnectCommunicationPort. With administrator rights, everything works fine.
My question is this: is there a way around the admin requirement for a user mode application?
This post: https://www.osronline.com/showthread.cfm?link=157827 seems to indicate that opening the communication port is fine, but not attaching to disks:
he cannot, however, join that. As someone from Microsoft explained, this is an operation that is allowed only to administrators.
Perhaps there is a way to start the second service with administrator rights, to which an application that is not a user administrator can connect? If so, do I even need a second service, or can I use the filter myself? Or is there any way to install my application without these administrator rights requirements?
source
share