1. Field of the Invention
The present invention relates to a method and system for providing a sharing violation free environment for a trusted software agent that monitors file I/O operations and file manipulations done by other applications.
2. Description of the Related Art
A trusted software agent component typically relies on I/O file operations of other applications and examines files written by these applications. Such an agent can be found in fields such as anti-virus applications or data loss prevention agents. The agent is triggered to scan files, usually as a result of a file operation executed on the same files by another arbitrary application. Typically, such applications tend to perform a sequence of low level file operations, which can be regarded as a high level file save operation. Each low level operation may trigger the agent to examine the file, while the application may still request further access to the file. This situation may lead to sharing violations between the agent and the applications manipulating the files. While the agent can be designed to gracefully handle sharing violations, this situation can seriously damage the behavior of other applications in use.
For example, the problem may be caused when a user application requests exclusive rights to a file during the time that the agent is already holding the file. Some agent applications, especially anti-virus applications, have a strict solution—when the agent identifies that another application requests a file that it is using, it will either immediately release the file (allowing the application to continue) or force the application to wait, by delaying the return of the file handle. This solution is possible since the agent installs a file filter driver that can track create file requests by both the agent and by other applications. The two main drawbacks of this traditional solution are that the agent and application will handle the requests in a sequential, non concurrent manner, even if a sharing violation is not inevitable, and that the agent's file filter driver is required to realize that the same file is in use by the agent and other applications. This requirement, which may seem simple at first glance, is in fact very complicated. Files can be accessed using various file names due to symbolic links, shortcuts, relative paths, etc. The agent's file filter driver is required to resolve all requests in a manner which will ensure the recognition of different requests to the same files.
Thus, the traditional approach is complex and can interfere with the normal operation of applications. A need arises for a technique by which an agent can perform in a sharing violation free environment, which reduces complexity and eliminates interference with applications.