Note: The functionality described here is only enabled for the customers who have purchased the full, business license for Folder Guard software. It is not available for the home, personal license customers.
Folder Guard lets you control access not only to individual files and/or folders, but also to the whole classes of files. For example, if you need to set up some general access rights to the Excel files, you can use Folder Guard to create a filter that would apply to the Excel files only (that, to the files with the extension .XLS), and then assign the desired access attribute to such a filter, that would make the attribute to apply to any Excel file, no matter where it is located.
Let us explain in more detail. A filter is a set of rules that defines which files it applies to (according to the names of the files, the folders they are located in, and programs that are accessing the files). You may define several different filters, or have no filters at all, depending on how exactly you want your computer to be protected.
After you have set up the filters and enabled the protection, Folder Guard begins to monitor the events of accessing the files on your computer. Whenever a program attempts to access a file, Folder Guard uses the list of filters you've set up to determine whether the file name, the name of the folder where the file is located, and the name of the program that is accessing the file match any of the filters. If Folder Guard finds such a filter, it uses its attribute (full access, read-only, or no access) to allow or deny access to the file.
Folder Guard comes with a pre-loaded set of filters (discussed below). To see the currently defined filters, use the command View - Filters (or press the Filters button in the left-hand view bar):
You can create new filters or modify the existing ones using the commands on the Filter menu. (This menu appears on the menu bar only when the filter view is active).
Note that only the access attributes may be applied to the filters; the visibility cannot be applied to the filters.
Whenever a program attempts to access a file, Folder Guard takes a note of the following information:
Folder Guard then walks through the list of filters, in the order they are listed in the Folder Guard window, and attempts to match the noted information with each filter that has a non-default access attribute for the user currently logged on to the computer. The match occurs if all of the following conditions are met:
If all three conditions above are met, Folder Guard uses the access attribute assigned to the filter to allow or deny access to the file. If even one condition listed above is not met, Folder Guard skips the filter and continues to search for the matching filter until the end of the list is reached. If no matching filter is found, Folder Guard checks whether you have restricted the file in some other way, using the Protected or Folders views or Folder Guard.
Note: The Trusted Programs list has a higher priority than the list of the filters. That is, a trusted program can access all files unconditionally, even if you have set up a filter that restrict access to certain files for that program.
All masks are case-insensitive. For example, *.exe, *.Exe, and *.EXE all have the same effect. When describing the masks of the filters, the following terms are used:
If a mask must include spaces, it should be enclosed in double quotes. For example, to specify all files that begin with white paper, use the mask "white paper*", including quotes.
Several masks may be separated with spaces, semicolons (;), or commas (,). For example:
Any file that has the file name extension txt, or exe, or doc, or if its file name begins with white paper, would have matched such a composite mask.
If a mask must include spaces, it should be enclosed in double quotes. For example, to specify all files that reside in subfolders of C:\Program Files, use the mask "C:\Program Files\*", including the quotes.
Note that some applications and Windows components use the short (a.k.a. MS-DOS-style) names for the folders. (For example, C:\PROGRA~1 refers to the same folder as C:\Program Files.) To protect access from such applications, add a mask to match the short name of the folder as well (for example, C:\PROGRA~1\* ).
Several masks may be separated with line breaks, spaces, semicolons (;), or commas (,). For example:
"C:\Program Files\*", C:\PROGRA~1\*, C:\Windows*
Folder Guard comes with several pre-configured filters, some of which are discussed below. You can use them as they are, or modify them to better suit your needs, delete them or create the new ones. If you don't want the filters to be used, you can reset their attributes with the Attributes - Reset command.
This filter applies to the common executable and script files located in any folder other than the Windows folder (which is usually C:\Windows), or the Program Files folder (which is usually C:\Program Files), or the folder where Folder Guard is installed (to allow you access to Folder Guard!).
You may find this filter useful if you don't want the users of the computer to run arbitrary programs (for example, by downloading them from the Internet or by running them from the removable drives).
If you enable this filter (by assigning the No access attribute to it), it would prevent running any program unless it's a built-in Windows program or a program you have installed in the default location (C:\Program Files). An attempt to run an executable file or a script would result in the Access Denied message.
The users would still be able to download other files or use the removable drives to copy other types of files and documents, because this filter would not apply to such files.
Note that some programs get installed in folders other than C:\Windows or C:\Program Files. If you have such programs, you need to add their folders to the [Except for Folders] list as well. Also note that the list of the exceutable and sript file extensions is not complete: your computer may have other file extensions designated for use as the scripts; if so you need to add them to the Apply to files list.
Keep in mind that such protection is not attack-proof: someone could attach the removable disk to another (unprotected) computer and rename the executable file so that it would have an extension not on the restricted extensions list. The attacker could then attach the disk to the protected computer, copy the file to the C:\Windows folder, and then rename it back. After that, the file would no longer be restricted from executing. If you want to be protected from such an attack, you may want to completely restrict access to the external drives, using another filter described below.
Suppose you don't want other users to run any programs other than MS Word and Excel. You could use the Run only allowed applications filter that would apply to all program files (that is the files with extensions .exe, .com, and .bat), but not to the files winword.exe (MS Word) and excel.exe (MS Excel). Also, this filter would not apply to the files located in the folders that begin with C:\Windows (since these folders contain system files, which should always be accessible in order for Windows to work properly). The programs located in the folder "C:\Program Files\Folder Guard" would also be exempt from this filter, since you want to be able to run Folder Guard files to change or disable the protection as needed.
Now, if you assign the no access attribute to this filter for a particular user, that user would not be able to run any programs other than MS Word and Excel, and the programs located in the Windows folder, or its subfolders.
This filter applies to the MP3 files (*.mp3) located on any drive other than the main one (C:).
You may find this filter useful if you want the users of the computer to play the MP3 files it contains, but not to copy the MP3 files to the removable drives.
If you enable this filter by assigning the No access attribute to it, it would prevent opening or saving an MP3 file to any drive other than C:. At the same time, it would not restrict the MP3 files already located on the C: drive and allow the users to listen to them, modify their properties, etc. If someone were to attach a removable drive to computer, s/he would not be able to copy the MP3 files from the C: drive to the removable drive. (Copying the MP3 files from the removable drives would be restricted, too.)
Note that this filter does not affect files other than MP3: the users would be able to freely copy them to and from the removable drives, as usual.
What if at some point you need to copy some MP3 files to an external drive (for example, to create a backup of your music collection)? Just run Folder Guard and pause the protection. When done, resume the protection back.
This filter works in the same way as the Lock MP3 files filter described above, only it applies to the video files (*.mpg, *.avi, and others). If you assign the No access attribute to this filter, it would prevent users from copying your video files to/from the external drives while allow playing such files that already exist on the C: drive.
This is another example of a filter that prevents copying of the common Microsoft Office documents to/from the removable drive, while allows their use if they are already present on the C: drive.
This filter applies to all files located on any drive other than C:. If you enable this filter by assigning the No access attribute to it, it would prevent copying any file to/from any drive other than C:. If, instead, you assign the Read-only attribute to the filter, it would allow opening or copying files from the removable drives, but prevent copying file to them.