Home

Awesome

Minivers File System Minifilter Driver

Minivers is a Windows file system minifilter driver which monitors changes in files with certain extensions. If a monitored file is about to be changed, deleted or renamed, a backup copy of the file is performed before the operation begins.

The file name of the backup files has the format:

<original-filename>.YYYYMMDD_hhmmss_mmm.minivers

The following file extensions are monitored:

You can add more file extensions by editing the file minivers.c:

/******************************************************************************
 ******************************************************************************
 **                                                                          **
 ** File extensions to be taken into account.                                **
 **                                                                          **
 ******************************************************************************
 ******************************************************************************/
DECLARE_CONST_UNICODE_STRING(DOC, L"doc");
DECLARE_CONST_UNICODE_STRING(DOCX, L"docx");
DECLARE_CONST_UNICODE_STRING(XLS, L"xls");
DECLARE_CONST_UNICODE_STRING(XLSX, L"xlsx");
DECLARE_CONST_UNICODE_STRING(TXT, L"txt");
 
static const UNICODE_STRING* extensions[] = {&DOC, &DOCX, &XLS, &XLSX, &TXT};

The backup files have the extension minivers:

DECLARE_CONST_UNICODE_STRING(MINIVERS_EXT, L"minivers");

Files with this file extension cannot be deleted, if you want to change this, change the following define:

#define IMMUTABLE_BACKUP_FILES TRUE

Minivers can be used to protect against ransomware, as they search files with certain extensions (not tested though).

Minivers logs the name of the executable which produced the change, to avoid this change the following define:

#define LOG_IMAGE_FILENAME     TRUE