Limit application access

Topics: Users Discussion
Jun 18, 2015 at 9:54 AM
Is it possible to limit a drive's access to a specific application or process in windows.
Jun 18, 2015 at 10:17 PM
VeraCrypt volumes when mounted behaves like any other drive connected to the system (like a USB drive for example). As such, they are transparently considered like a storage device by Windows.
Thus, the question of limiting the access to a drive for a specific application or process is not a specific VeraCrypt one. It is rather left to Windows to handle.

To my knowledge, Windows doesn't provide any facility to limit the access to a drive to a specific application or process. If one day Microsoft wants to add this, they would need to completely rewrite their kernel (this can be seen as a sort of configurable sandboxing).

As for VeraCrypt, we have our own device drivers the intercepts reader/write operations but technically there is no reliable way to get the process that originated the read/write operations (an example of such problems:

Conclusion: currently, it doesn't appear to be an reliable technical solution on Windows to filter read/write operations at kernel level per process ID.