> ... antivirus scanners are typically implemented as a filter driver ...
Actually it would be more accurate to say "... antivirus real-time monitors are typically implemented ..." Andy Raibeck IBM Software Group Tivoli Storage Manager Client Development Internal Notes e-mail: Andrew Raibeck/Tucson/[EMAIL PROTECTED] Internet e-mail: [EMAIL PROTECTED] IBM Tivoli Storage Manager support web page: http://www-306.ibm.com/software/sysmgmt/products/support/IBMTivoliStorageManager.html The only dumb question is the one that goes unasked. The command line is your friend. "Good enough" is the enemy of excellence. Andrew Raibeck/Tucson/[EMAIL PROTECTED] Sent by: "ADSM: Dist Stor Manager" <[email protected]> 2005-10-05 11:30 Please respond to "ADSM: Dist Stor Manager" To [email protected] cc Subject Re: Tivoli Continuous Data Protection for Files I am not an expert on filter and other Windows drivers, but basically a filter driver is a piece of software that runs in kernel (privileged) mode, so it has access to the system memory and hardware. It gets its name because it "filters" (intercepts and manipulates) I/O requests. For example, antivirus scanners are typically implemented as a filter driver, as is the TSM LVSA which is used for online image and OFS backups. CDP is implemented as a filter driver to detect I/O requests, which is how it figures out that files are changing. I think I got that right... :-) Regards, Andy Andy Raibeck IBM Software Group Tivoli Storage Manager Client Development Internal Notes e-mail: Andrew Raibeck/Tucson/[EMAIL PROTECTED] Internet e-mail: [EMAIL PROTECTED] IBM Tivoli Storage Manager support web page: http://www-306.ibm.com/software/sysmgmt/products/support/IBMTivoliStorageManager.html The only dumb question is the one that goes unasked. The command line is your friend. "Good enough" is the enemy of excellence. "ADSM: Dist Stor Manager" <[email protected]> wrote on 2005-10-05 09:14:18: > > > Actually, it is my understanding that CDP does *not* use the same Windows > > API function (ReadDirectoryChangesW) that JBB uses. Rather, it is a kernel > > filter. > > I stand corrected - now I've just gotta go and figure out what a > kernel filter is (that'll be a different mailing list I'm sure)... > > :o) > > David McClelland > Storage and Systems Management Specialist > IBM Tivoli Certified Deployment Professional (ITSM 5.2) > SSO UK Service Delivery ? Storage Services > IBM Global Services ? IBM United Kingdom > > [image removed] > > > > > > Andrew Raibeck <[EMAIL PROTECTED]> > Sent by: "ADSM: Dist Stor Manager" <[email protected]> > 05/10/2005 16:33 > > Please respond to > "ADSM: Dist Stor Manager" > > To > > [email protected] > > cc > > Subject > > Re: [ADSM-L] Tivoli Continuous Data Protection for Files > > > > > > CDP sits on top of the same Win32 API that the TSM Journal engine > > does > > Actually, it is my understanding that CDP does *not* use the same Windows > API function (ReadDirectoryChangesW) that JBB uses. Rather, it is a kernel > filter. > > Andy Raibeck > IBM Software Group > Tivoli Storage Manager Client Development > Internal Notes e-mail: Andrew Raibeck/Tucson/[EMAIL PROTECTED] > Internet e-mail: [EMAIL PROTECTED] > > IBM Tivoli Storage Manager support web page: > http://www-306.ibm. > com/software/sysmgmt/products/support/IBMTivoliStorageManager.html > > The only dumb question is the one that goes unasked. > The command line is your friend. > "Good enough" is the enemy of excellence.
