How do most antivirus programs block the io file system in case of an infected file? I suppose all the magic is in some kind of ordinary kext for this. Can someone point me to some topics? Some working example would also be great. I read apple docs about kext development, but basically all about hardware drivers, and I could not find what I needed.
source
share