* feat : - 블루투스, USB, USBToUSB, CDROM, MTP 정책 연동

- UI 정책 보기 부분 수정
  - 서버 -> 에이전트 수신 정책 파일로 저장 부분 수정
  - 에이전트 -> 정책 파일 저장 수정
  - 에이전트 IPC-> ecrmHeHelper.dll 정책 연동
  - ecrmHeHelper.dll IPC 정책 수진 정책 언동

* feat : - 블루투스, USB, USBToUSB, CDROM, MTP 정책 기능 연동
  - 파일 사이즈, 파일 이름 체크 파일 시그니처 차단, 컨탠츠 검색 기능 연동
  - popup 메시지에 장치 이름 추가되도록 연동
  -

Tocsg.Lib/VCL/Tocsg.Bluetooth.pas

@@ -489,8 +489,11 @@ procedure TThdBtDevNotify.Execute;
 var
   i: Integer;
   dwPvTick: DWORD;
+  once_: Boolean;
 begin
   dwPvTick := 0;
+  once_:= False;
+
   while not Terminated and not GetWorkStop do
   begin
     if BTDevice_.RefreshBTDevice(@bWorkStop_) then
@@ -523,8 +526,14 @@ begin
     begin
       dwPvTick := 0;
       SetBtDevsEnable(true);
-    end;
 
+    end;
+//    if bPreventBtDevs_ and not once_ then
+//    begin
+//      SetBtDevsEnable(false);
+//    end;
+//
+//    once_ := bPreventBtDevs_;
     Sleep(1000);
   end;
 end;

Tocsg.Module/AppCtrl/DLL_AppCtrl/ApiHookExplorer.pas

@@ -294,13 +294,19 @@ var
   deviceType: DWORD;
   isNetFile: Boolean;
   FileUseBlock: TFileUseBlock;
+  resultMsg: string;
+  curAppType: TCurAppType;
 begin
   Result := S_OK;
+  resultMsg := '';
 
   if (gAppHook = nil) then
     Exit;
 
-  if (gAppHook.Helper.CtrlOpt.ShFileCrMon.nKind = 0) and (gAppHook.Helper.CtrlOpt.FileUseBlock = fubNone) then
+  if (gAppHook.Helper.CtrlOpt.ShFileCrMon.nKind = 0) and
+    (gAppHook.Helper.CtrlOpt.FileUseBlock = fubNone) and
+    (gAppHook.Helper.CtrlOpt.IntCdromBlockNewFile.mode = abkNone) and
+    (gAppHook.Helper.CtrlOpt.IntUsbBlockNewFile.mode = abkNone) then
     Exit;
 
   var sDstPath: String;
@@ -348,39 +354,53 @@ begin
   end
   else
   begin
-    FileUseBlock := gAppHook.Helper.CtrlOpt.FileUseBlock;
+    var IntBlockNewFile: TIntBlockNewFile;
-
-    if FileUseBlock = fubBlock then
-      bBlock:= CheckAppPolicy(FileUseBlock, sSrcPath);
-
-    bBlock:= CheckContentPolicy(FileUseBlock, sSrcPath);
     var deviceName: string;
     case deviceType of
       DRIVE_CDROM:
       begin
         deviceName:= 'CDROM';
+        curAppType:= catCdrom;
+        IntBlockNewFile:= gAppHook.Helper.CtrlOpt.IntCdromBlockNewFile;
       end;
       DRIVE_REMOVABLE:
       begin
         deviceName:= 'REMOVABLE';
+        curAppType:= catUsb;
+        IntBlockNewFile:= gAppHook.Helper.CtrlOpt.IntUsbBlockNewFile;
       end;
+      else
+        exit;
     end;
 
-    if FileUseBlock = fubMonitor then
+    if IntBlockNewFile.mode = abkNone then
+      exit
+    else if IntBlockNewFile.mode = abkBlock then
+      FileUseBlock := fubBlock
+    else
+      FileUseBlock := fubMonitor;
+
+    DVLOG('ProcMon: mode(%d), blockByFilename(%s), contentsFilter(%s)',
+      [DWORD(IntBlockNewFile.mode), IntBlockNewFile.blockByFilename_list, IntBlockNewFile.contentsFilter_list]);
+
+    if FileUseBlock = fubBlock then
+      bBlock:= CheckAppPolicy(FileUseBlock, sSrcPath, IntBlockNewFile);
+
+    bBlock:= CheckContentPolicy(curAppType, FileUseBlock, sSrcPath, IntBlockNewFile, resultMsg);
+
+    if not bBlock then
     begin
       DVLOG('ProcMon: MATCHING!!!!!ALLOW!!!!!(%d)', [DWORD(bBlock)]);
-      SendHeCopyMessage(NOTI_HOOK_MONITOR_ATTACH, sSrcPath, True, deviceName);
+      SendHeCopyMessage(curAppType, NOTI_HOOK_MONITOR_ATTACH, sSrcPath, True, deviceName, resultMsg);
 //      ProcessNoti(NOTI_HOOK_MONITOR_ATTACH, sPath, True);
     end
     else
     begin
       DVLOG('ProcMon: MATCHING!!!!!BLOCK!!!!!(%d)', [DWORD(bBlock)]);
-      SendHeCopyMessage(NOTI_HOOK_BLOCK_ATTACH, sSrcPath, True, deviceName);
+      SendHeCopyMessage(curAppType, NOTI_HOOK_BLOCK_ATTACH, sSrcPath, True, deviceName, resultMsg);
     end;
   end;
 
-
-
   if bBlock then
     Result := E_ACCESSDENIED;
 

Tocsg.Module/AppCtrl/DLL_AppCtrl/AppHookClient.pas

@@ -11,7 +11,7 @@ unit AppHookClient;
 interface
 
 uses
-  Tocsg.ClientBase, System.Classes, WinApi.Windows, Tocsg.Packet,
+  Tocsg.ClientBase, System.Classes, WinApi.Windows, Tocsg.Packet,  superobject,  GlobalDefine,
   System.SysUtils;
 
 type
@@ -31,6 +31,9 @@ type
     property OnDisconnected: TNotifyEvent write evDisconnected_;
   end;
 
+
+  function ParseBlockFileNew(const ANode: ISuperObject; const ACurrentTarget: TIntBlockNewFile): TIntBlockNewFile;
+
 implementation
 
 uses
@@ -39,10 +42,37 @@ uses
 {$ELSE}
   AppHook,
 {$ENDIF}
-  Tocsg.Exception, superobject, GlobalDefine, Tocsg.Process, Tocsg.WndUtil,
+  Tocsg.Exception, Tocsg.Process, Tocsg.WndUtil,
   AppCtrlDefine, Tocsg.Json;
 
-{ TAppHookClient }
+
+
+function ParseBlockFileNew(const ANode: ISuperObject; const ACurrentTarget: TIntBlockNewFile): TIntBlockNewFile;
+begin
+  Result := ACurrentTarget;
+
+  if ANode = nil then
+    Exit;
+
+  Result.mode := TAttachBlockKind(ANode.I['mode']);
+  Result.userAlert := ANode.B['userAlert'];
+  Result.extList := ANode.S['extList'];
+  Result.excList := ANode.S['excList'];
+  Result.origTextCol := ANode.B['origTextCol'];
+  Result.origFileCol_use := ANode.B['origFileCol_use'];
+  Result.origFileCol_maxMb := ANode.I['origFileCol_maxMb'];
+  Result.origFileCol_minMb := ANode.I['origFileCol_minMb'];
+  Result.fileNameChk := ANode.B['fileNameChk'];
+  Result.contentsFilter_use := ANode.B['contentsFilter_use'];
+  Result.blockByFilename_use := ANode.B['blockByFilename_use'];
+  Result.blockByFilename_list := ANode.S['blockByFilename_list'];
+  Result.blockBySig_use := ANode.B['blockBySig_use'];
+  Result.blockBySig_list := ANode.S['blockBySig_list'];
+  Result.blockBySizeLimit_use := ANode.B['blockBySizeLimit_use'];
+  Result.blockBySizeLimit_minMb := ANode.I['blockBySizeLimit_minMb'];
+end;
+
+  { TAppHookClient }
 
 Constructor TAppHookClient.Create;
 begin
@@ -178,6 +208,14 @@ var
         Opt.bMtpWB := B['bMtpWB'];
         Opt.sMtpRoExp := S['sMtpRoExp'];
         Opt.bIsTest := B['bIsTest'];
+
+        //USB, Bluetooth, UsbToUsb
+        Opt.IntBtBlockNewFile       := ParseBlockFileNew(O['IntBtBlockNewFile'],       Opt.IntBtBlockNewFile);
+        Opt.IntUsbBlockNewFile      := ParseBlockFileNew(O['IntUsbBlockNewFile'],      Opt.IntUsbBlockNewFile);
+        Opt.IntUsbToUsbBlockNewFile := ParseBlockFileNew(O['IntUsbToUsbBlockNewFile'], Opt.IntUsbToUsbBlockNewFile);
+        Opt.IntCdromBlockNewFile    := ParseBlockFileNew(O['IntCdromBlockNewFile'],    Opt.IntCdromBlockNewFile);
+        Opt.IntMtpBlockNewFile      := ParseBlockFileNew(O['IntMtpBlockNewFile'],      Opt.IntMtpBlockNewFile);
+
       end;
 //      Opt := TTgJson.GetDataAsType<TAppCtrlOpt>(aRcv.O['Opt']);
 

Tocsg.Module/AppCtrl/LIB_Common/AppCtrlDefine.pas

@@ -126,7 +126,7 @@ const
 type
   TCurAppType = (catNormal, catOutlook, catWebb, catMsOffice, catHwp, catExplorer,
                  catAdobeReader, catNotepad, catkvHelper, catwinscp, catBizbox, catFilezilla,
-                 catChrome, catMsedge, catMswebv, catOlk, catWhale, catFquirt, catLINKENGKM);
+                 catChrome, catMsedge, catMswebv, catOlk, catWhale, catFquirt, catLINKENGKM, catUsb, catCdrom, catMtp);
 
   TDrmHeadInfo = record
     sEmpNo,
@@ -226,6 +226,12 @@ type
     bMtpWB: Boolean;
     sMtpRoExp: String;
     bIsTest: Boolean;
+  // mgkim 파일 생성 차단
+    IntUsbToUsbBlockNewFile,
+    IntUsbBlockNewFile,
+    IntCdromBlockNewFile,
+    IntMtpBlockNewFile,
+    IntBtBlockNewFile: TIntBlockNewFile;
   end;
 
   TAppCtrlHelper = class(TTgObject)

Tocsg.Module/Bs1Flt/MTPMon/MTPControl/ApiHookContents.pas

@@ -4,7 +4,7 @@ interface
 
 
 uses
-  Winapi.Windows, System.SysUtils, System.Classes, Winapi.WinSock2, StrUtils,
+  Winapi.Windows, System.SysUtils, System.Classes, Winapi.WinSock2, StrUtils, GlobalDefine,
   AppCtrlDefine, BsoneUtil, BsoneDebug, FileHandleListUnit, ObexParserUnit;
 
 const
@@ -141,11 +141,11 @@ function ReadFileHook(
   lpOverlapped: POverlapped
 ): BOOL; stdcall;
 
-function CheckContentPolicy(var FileUseBlock: TFileUseBlock; const sPath: string): Boolean;
+function CheckContentPolicy(curAppType: TCurAppType; FileUseBlock: TFileUseBlock; const sPath: string; var IntBlockNewFile: TIntBlockNewFile; var resultMsg: string): Boolean;
 function CheckExternalPolicy(Cmd: Integer;
   const Data: string): Boolean;
-function CheckAppPolicy(var FileUseBlock: TFileUseBlock; sPath: string): Boolean;
+function CheckAppPolicy(var FileUseBlock: TFileUseBlock; sPath: string; var IntBlockNewFile: TIntBlockNewFile): Boolean;
-procedure SendHeCopyMessage(cmd: DWORD; const sPath: string; bExistsFile: Boolean; deviceName: string);
+procedure SendHeCopyMessage(curAppType: TCurAppType; cmd: DWORD; const sPath: string; bExistsFile: Boolean; deviceName: string; resultMsg: string);
 
 var
   ozDeviceIoControl: TFun_DeviceIoControl = nil;
@@ -157,21 +157,23 @@ var
 implementation
 
 uses
-  BS1Hook, Tocsg.Packet, DefineHelper, GlobalDefine, ApiHookFile, superobject;
+  BS1Hook, Tocsg.Packet, Tocsg.Files, DefineHelper, ApiHookFile, superobject;
 
 
 
 function CheckExternalPolicy(Cmd: Integer; const Data: string): Boolean;
+var
+  SendCopyDataResult: int64;
 begin
   var hReceiver := FindWindow(PChar('TDlgeCrmHeMain'), nil);
-  var hReceiver1 := FindWindow(nil, PCHar('BSOne V2.0'));
-  DVLOG('CheckExternalPolicy: hReceiver (%d), (%d)', [DWORD(hReceiver), DWORD(hReceiver1)]);
 
-  Result := SendCopyData(gAppHook.Helper.CtrlOpt.hRcvWnd, Cmd, Data) = CMD_RESULT_ALLOW;
+  SendCopyDataResult:= SendCopyData(gAppHook.Helper.CtrlOpt.hRcvWnd, Cmd, Data);
+  DVLOG('CheckExternalPolicy: hReceiver (%d), Result(%d)', [DWORD(hReceiver),DWORD(SendCopyDataResult)]);
+  Result := SendCopyDataResult = CMD_RESULT_ALLOW;
 end;
 
 
-function CheckAppPolicy(var FileUseBlock: TFileUseBlock; sPath: string): Boolean;
+function CheckAppPolicy(var FileUseBlock: TFileUseBlock; sPath: string; var IntBlockNewFile: TIntBlockNewFile): Boolean;
 begin
   Result := True;
   // 2. ÆÄÀÏ °áÀç ½ÂÀÎ ¿©ºÎ üũ
@@ -191,61 +193,161 @@ begin
   end;
 end;
 
-function CheckContentPolicy(var FileUseBlock: TFileUseBlock; const sPath: string): Boolean;
+function CheckFileNamePolicy(const FilePath: string; var IntBlockNewFile: TIntBlockNewFile): Boolean;
 var
-  O: ISuperObject;
+  OnlyFileName: string;
+  SearchTarget, FormattedList: string;
 begin
-  Result := True;
+  Result := False;
 
-  // 파일 크기 검사
+  DVLOG('ProcMon:CheckFileNamePolicy.. blockByFilename_use(%d)', [DWORD(IntBlockNewFile.blockByFilename_use)]);
-  if (FileUseBlock = fubBlock) and (gAppHook.Helper.CtrlOpt.nBlockSizeMB > 0) then
+  if not IntBlockNewFile.blockByFilename_use then
+    Exit;
+
+  OnlyFileName := ExtractFileName(FilePath);
+
+  OnlyFileName := LowerCase(OnlyFileName);
+  FormattedList := LowerCase(IntBlockNewFile.blockByFilename_list);
+
+  SearchTarget := '|' + OnlyFileName + '|';
+  FormattedList := '|' + FormattedList + '|';
+
+  DVLOG('ProcMon:CheckFileNamePolicy.. SearchTarget(%s), FormattedList(%s)', [SearchTarget, FormattedList]);
+  Result := Pos(SearchTarget, FormattedList) > 0;
+end;
+
+function CheckSizePolicy(FilePath: string; var IntBlockNewFile: TIntBlockNewFile): Boolean;
+begin
+  Result:= False;
+
+  DVLOG('ProcMon:CheckSizePolicy.. blockBySizeLimit_use(%d)', [DWORD(IntBlockNewFile.blockBySizeLimit_use)]);
+  if IntBlockNewFile.blockBySizeLimit_use then
   begin
-    O := SO;
+    var ullLimitSize: ULONGLONG := IntBlockNewFile.blockBySizeLimit_minMb * 1048576;
-    O.S['Path'] := sPath;
+    if GetFileSize_path(FilePath) >= ullLimitSize then
-    O.I['Type'] := Integer(gAppHook.Helper.CurAppType);
+      Result:= True;
-    O.S['MName'] := gAppHook.ModuleName;
-
-    if not CheckExternalPolicy(HPCMD_CHECK_SIZE, O.AsString) then
-    begin
-
-      DVLOG('CheckContentPolicy: HPCMD_CHECK_SIZE not bUseContentFilter(%d)', [DWORD(gAppHook.Helper.CtrlOpt.bUseContentFilter)]);
-      if not gAppHook.Helper.CtrlOpt.bUseContentFilter then
-        FileUseBlock := fubMonitor;
   end
   else
-    begin
+    exit;
-      DVLOG('CheckContentPolicy: HPCMD_CHECK_SIZE ok bUseContentFilter(%d)', [DWORD(gAppHook.Helper.CtrlOpt.bUseContentFilter)]);
+end;
+
+function CheckSigPolicy(FilePath: string; var IntBlockNewFile: TIntBlockNewFile): Boolean;
+var
+  sExt: string;
+  sFounds: string;
+  ExtList: TStringList;
+begin
   Result := False;
-    end;
-  end;
 
-  // 내용 기반 필터링 (DLP 등)
+    DVLOG('ProcMon:CheckSigPolicy.. blockBySig_use(%d)', [DWORD(IntBlockNewFile.blockBySig_use)]);
-  if Result and gAppHook.Helper.CtrlOpt.bUseContentFilter then
+  if not IntBlockNewFile.blockBySig_use then
+    Exit;
+
+  sFounds := IntBlockNewFile.blockBySig_list;
+  if sFounds = '' then
+    Exit;
+
+  sExt := UpperCase(ExtractFileExt(FilePath));
+  if (Length(sExt) > 0) and (sExt[1] = '.') then
+    Delete(sExt, 1, 1);
+
+  ExtList:= TStringList.Create;
+  try
+    ExtList.StrictDelimiter := True;
+    ExtList.Delimiter := '|';
+    ExtList.DelimitedText := UpperCase(sFounds);
+
+    if ExtList.IndexOf(sExt) > -1 then
     begin
-    O := SO;
-    O.S['Path'] := sPath;
-    O.I['Type'] := Integer(gAppHook.Helper.CurAppType);
-    O.S['MName'] := gAppHook.ModuleName;
-
-    if not CheckExternalPolicy(HPCMD_CHECK_CONTENT, O.AsString) then
-    begin
-
-      DVLOG('CheckContentPolicy: HPCMD_CHECK_CONTENT not FileUseBlock(%d)', [DWORD(FileUseBlock)]);
-      if FileUseBlock = fubBlock then
-        FileUseBlock := fubMonitor;
-
-      Result := False;
-    end
-    else
-    begin
-      DVLOG('CheckContentPolicy: HPCMD_CHECK_CONTENT ok FileUseBlock(%d)', [DWORD(FileUseBlock)]);
       Result := True;
     end;
+  finally
+    ExtList.Free;
   end;
 end;
 
 
-procedure SendHeCopyMessage(cmd: DWORD; const sPath: string; bExistsFile: Boolean; deviceName: string);
+function CheckContentPolicy(curAppType: TCurAppType; FileUseBlock: TFileUseBlock; const sPath: string; var IntBlockNewFile: TIntBlockNewFile; var resultMsg: string): Boolean;
+var
+  O: ISuperObject;
+  bBasicBlocked: Boolean;
+  bInitialMonitor: Boolean;
+begin
+  Result := False;
+  bBasicBlocked := False;
+  bInitialMonitor := (FileUseBlock = fubMonitor);
+
+  if not bInitialMonitor then
+  begin
+    if CheckSizePolicy(sPath, IntBlockNewFile) then
+    begin
+      bBasicBlocked := True;
+      resultMsg := 'Blocked by file size policy.';
+    end
+    else if CheckFileNamePolicy(sPath, IntBlockNewFile) then
+    begin
+      bBasicBlocked := True;
+      resultMsg := 'Blocked by file name policy.';
+    end
+    else if CheckSigPolicy(sPath, IntBlockNewFile) then
+    begin
+      bBasicBlocked := True;
+      resultMsg := 'Blocked by file extension policy.';
+    end;
+  end;
+
+  if bBasicBlocked then
+  begin
+    O := SO;
+    O.S['Path'] := sPath;
+    O.I['Type'] := Integer(curAppType);
+    O.S['MName'] := gAppHook.ModuleName;
+    O.S['resultMsg'] := resultMsg;
+
+    DVLOG('CheckContentPolicy: HPCMD_BLOCK resultMsg(%s)', [resultMsg]);
+    if CheckExternalPolicy(HPCMD_BLOCK, O.AsString) then
+    begin
+      DVLOG('CheckContentPolicy: HPCMD_BLOCK ok FileUseBlock(%d)', [DWORD(FileUseBlock)]);
+    end;
+    Result := True;
+    exit;
+  end;
+
+
+  if IntBlockNewFile.contentsFilter_use then
+  begin
+    O := SO;
+    O.S['Path'] := sPath;
+    O.I['Type'] := Integer(curAppType);
+    O.S['MName'] := gAppHook.ModuleName;
+
+    resultMsg := 'Contents Policy.';
+    if CheckExternalPolicy(HPCMD_CHECK_CONTENT, O.AsString) then
+    begin
+      Result := True;
+      if bInitialMonitor then
+        FileUseBlock := fubMonitor
+      else
+        FileUseBlock := fubBlock;
+
+      DVLOG('CheckContentPolicy: HPCMD_CHECK_CONTENT ok FileUseBlock(%d)', [DWORD(FileUseBlock)]);
+    end
+    else
+    begin
+      Result := False;
+      FileUseBlock := fubMonitor;
+      DVLOG('CheckContentPolicy: HPCMD_CHECK_CONTENT not FileUseBlock(%d)', [DWORD(FileUseBlock)]);
+    end;
+  end
+  else
+  begin
+    if not bInitialMonitor and not bBasicBlocked then
+      FileUseBlock := fubMonitor;
+  end;
+end;
+
+
+procedure SendHeCopyMessage(curAppType: TCurAppType; cmd: DWORD; const sPath: string; bExistsFile: Boolean; deviceName: string; resultMsg: string);
 var
   llInfo: LONGLONG;
   Send: ISendPacket;
@@ -255,7 +357,7 @@ begin
       NOTI_HOOK_MONITOR_ATTACH,
       NOTI_HOOK_BLOCK_ATTACH :
       begin
-        llInfo := Integer(gAppHook.Helper.CurAppType);
+        llInfo := Integer(curAppType);
       end;
       else llInfo := 0;
     end;
@@ -268,6 +370,7 @@ begin
     Send.S['FPath'] := sPath;
     Send.I['FType'] := 1;
     Send.I['Info'] := llInfo;
+    Send.S['ResultMsg'] := resultMsg;
 
 
     if (gAppHook.Helper.CtrlOpt.hRcvWnd <> 0) then
@@ -590,6 +693,11 @@ begin
   if (hFile = 0) or (hFile = INVALID_HANDLE_VALUE) then
     Exit;
 
+  if (gAppHook.Helper.CtrlOpt.IntMtpBlockNewFile.mode = abkNone) or
+     (gAppHook.Helper.CtrlOpt.IntBtBlockNewFile.mode = abkNone) or
+     (gAppHook.Helper.CtrlOpt.IntUsbToUsbBlockNewFile.mode = abkNone) then
+    Exit;
+
   if dwCreationDisposition = CREATE_NEW then
     Exit;
   if dwCreationDisposition = TRUNCATE_EXISTING then
@@ -616,9 +724,6 @@ begin
       Exit;
   end;
 
-  if gAppHook.Helper.CtrlOpt.FileUseBlock = fubNone then
-    Exit;
-
   sPath:= lpFileName;
 
   if (Length(sPath) >= 2) and (sPath[1] = '.') and (sPath[2] = '\') then
@@ -788,15 +893,18 @@ var
   deviceName: string;
   block: Boolean;
   FileUseBlock: TFileUseBlock;
+  resultMsg: string;
+  curAppType: TCurAppType;
 begin
   data := nil;
   size := nInBufferSize;
   sbuff := '';
   inSize := 0;
   block:= False;
-
+  resultMsg := '';
   Result:= True;
 
+
   if not ghooked_ then
   begin
     Exit;
@@ -813,26 +921,45 @@ begin
     Exit;
   end;
 
-  FileUseBlock := gAppHook.Helper.CtrlOpt.FileUseBlock;
+
   var bBlockIf: Boolean := true;
+  var IntBlockNewFile: TIntBlockNewFile;
+//  DVLOG('DeviceIoControlProc: FileUseBlock(%d)',[DWORD(FileUseBlock)]);
+//  if FileUseBlock = fubNone then
+//    Exit;
 
-  DVLOG('DeviceIoControlProc: FileUseBlock(%d)',[DWORD(FileUseBlock)]);
+//  DVLOG('DeviceIoControlProc: hDevice(%p) size(%d) dwIoControlCode(%x)', [Pointer(hDevice), size, dwIoControlCode]);
-  if FileUseBlock = fubNone then
-    Exit;
-
-  DVLOG('DeviceIoControlProc: hDevice(%p) size(%d) dwIoControlCode(%x)', [Pointer(hDevice), size, dwIoControlCode]);
 
   case dwIoControlCode of
     IOCTL_SCSI_PASS_THROUGH_DIRECT:
       begin
 
         if appType_ = catLINKENGKM then
-          deviceName:= 'usbTousb'
+        begin
+          deviceName:= 'usbTousb';
+          curAppType:= catLINKENGKM;
+          IntBlockNewFile:= gAppHook.Helper.CtrlOpt.IntUsbToUsbBlockNewFile;
+        end
         else if appType_ = catExplorer then
-          deviceName:= 'cdrom'
+        begin
+          deviceName:= 'cdrom';
+          curAppType:= catCdrom;
+          IntBlockNewFile:= gAppHook.Helper.CtrlOpt.IntCdromBlockNewFile;
+        end
         else
           Exit;
 
+        if IntBlockNewFile.mode = abkNone then
+          exit
+        else if IntBlockNewFile.mode = abkBlock then
+          FileUseBlock := fubBlock
+        else
+          FileUseBlock := fubMonitor;
+
+        //DVLOG('DeviceIoControlProc: FileUseBlock(%d)',[DWORD(FileUseBlock)]);
+        if FileUseBlock = fubNone then
+          Exit;
+
         try
           scsi := nil;
           scsi := PSCSI_PASS_THROUGH_DIRECT(lpInBuffer);
@@ -860,6 +987,14 @@ begin
           Exit;
 
         deviceName:= 'mtp';
+        curAppType:= catMtp;
+        IntBlockNewFile:= gAppHook.Helper.CtrlOpt.IntMtpBlockNewFile;
+        if IntBlockNewFile.mode = abkNone then
+          exit
+        else if IntBlockNewFile.mode = abkBlock then
+          FileUseBlock := fubBlock
+        else
+          FileUseBlock := fubMonitor;
 
         data := PByte(lpInBuffer);
         size := nInBufferSize;
@@ -885,20 +1020,20 @@ begin
       DVLOG('DeviceIoControlProc: IsBufferCompare ok', []);
 
       if FileUseBlock = fubBlock then
-        bBlockIf:= CheckAppPolicy(FileUseBlock, sPath);
+        bBlockIf:= CheckAppPolicy(FileUseBlock, sPath, IntBlockNewFile);
 
-      bBlockIf:= CheckContentPolicy(FileUseBlock, sPath);
+      bBlockIf:= CheckContentPolicy(curAppType, FileUseBlock, sPath, IntBlockNewFile, resultMsg);
 
-      if FileUseBlock = fubMonitor then
+      if not bBlockIf then
       begin
         DVLOG('DeviceIoControlProc: MATCHING!!!!!ALLOW!!!!! hDevice(%p)!! (%s), Matched Path: %s', [Pointer(hDevice), deviceName, PChar(fileHandle.path)]);
-        SendHeCopyMessage(NOTI_HOOK_MONITOR_ATTACH, sPath, True, deviceName);
+        SendHeCopyMessage(curAppType, NOTI_HOOK_MONITOR_ATTACH, sPath, True, deviceName, resultMsg);
         DVLOG('DeviceIoControlProc: MATCHING!!!!!ALLOW!!!!! OK....', []);
       end
       else
       begin
         DVLOG('DeviceIoControlProc: MATCHING!!!!!BLOCK!!!!! hDevice(%p)!! (%s), Matched Path: %s', [Pointer(hDevice), deviceName, PChar(fileHandle.path)]);
-        SendHeCopyMessage(NOTI_HOOK_BLOCK_ATTACH, sPath, True, deviceName);
+        SendHeCopyMessage(curAppType, NOTI_HOOK_BLOCK_ATTACH, sPath, True, deviceName, resultMsg);
         DVLOG('DeviceIoControlProc: MATCHING!!!!!BLOCK!!!!! OK....', []);
       end;
 
@@ -1041,8 +1176,13 @@ var
   opCode: Byte;
   sName: string;
   FileUseBlock: TFileUseBlock;
+  deviceName: string;
+  IntBlockNewFile: TIntBlockNewFile;
+  resultMsg: string;
+  curAppType: TCurAppType;
 begin
 
+  deviceName:= 'BlueTooth';
   FillChar(sin, SizeOf(sin), 0);
   FillChar(ip, SizeOf(ip), 0);
   Result:= 0;
@@ -1052,12 +1192,29 @@ begin
     Exit;
   end;
 
-  if (appType_ <> catFquirt) and (appType_ <> catLINKENGKM) then
+  if (appType_ = catFquirt) then
   begin
+    IntBlockNewFile:= gAppHook.Helper.CtrlOpt.IntBtBlockNewFile;
+    deviceName:= 'BlueTooth';
+    curAppType:= catFquirt;
+  end
+  else if (appType_ = catLINKENGKM) then
+  begin
+    IntBlockNewFile:= gAppHook.Helper.CtrlOpt.IntUsbToUsbBlockNewFile;
+    deviceName:= 'UsbToUsb';
+    curAppType:= catLINKENGKM;
+  end
+  else
     Exit;
-  end;
 
-  FileUseBlock := gAppHook.Helper.CtrlOpt.FileUseBlock;
+
+  if IntBlockNewFile.mode = abkNone then
+    exit
+  else if IntBlockNewFile.mode = abkBlock then
+    FileUseBlock := fubBlock
+  else
+    FileUseBlock := fubMonitor;
+
   var bBlockIf: Boolean := true;
 
   DVLOG('WSASendProc: FileUseBlock(%d)',[DWORD(FileUseBlock)]);
@@ -1128,20 +1285,22 @@ begin
         ]);
 
       if FileUseBlock = fubBlock then
-        bBlockIf:= CheckAppPolicy(FileUseBlock, sPath);
+      begin
+        bBlockIf:= CheckAppPolicy(FileUseBlock, sPath, IntBlockNewFile);
+      end;
 
-      bBlockIf:= CheckContentPolicy(FileUseBlock, sPath);
+      bBlockIf:= CheckContentPolicy(curAppType, FileUseBlock, sPath, IntBlockNewFile, resultMsg);
 
-      if FileUseBlock = fubMonitor then
+      if not bBlockIf then
       begin
         DVLOG('WSASendProc: MATCHING!!!!!ALLOW!!!!! hDevice(%p)!!, Path: (%s)', [Pointer(s), PChar(fileHandle.path)]);
-        SendHeCopyMessage(NOTI_HOOK_MONITOR_ATTACH, sPath, True, 'BlueTooth');
+        SendHeCopyMessage(curAppType, NOTI_HOOK_MONITOR_ATTACH, sPath, True, deviceName, resultMsg);
         DVLOG('WSASendProc: MATCHING!!!!!ALLOW!!!!! OK....(%d)', [DWORD(bBlockIf)]);
       end
       else
       begin
         DVLOG('WSASendProc: MATCHING!!!!!BLOCK!!!!! hDevice(%p)!!, Path: (%s)', [Pointer(s), PChar(fileHandle.path)]);
-        SendHeCopyMessage(NOTI_HOOK_BLOCK_ATTACH, sPath, True, 'BlueTooth');
+        SendHeCopyMessage(curAppType, NOTI_HOOK_BLOCK_ATTACH, sPath, True, deviceName, resultMsg);
         DVLOG('WSASendProc: MATCHING!!!!!BLOCK!!!!! OK....(%d)', [DWORD(bBlockIf)]);
       end;
 

Tocsg.Module/Bs1Flt/bin/bs1flt.inf

@@ -10,7 +10,7 @@ ClassGuid   = {b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}    ;This value is determine
 ;Class = "ActivityMonitor"
 ;ClassGuid = {AE71EC8D-C1FD-4564-8AA9-D56ADE722321}
 Provider    = %ManufacturerName%
-DriverVer = 03/09/2026,18.21.59.681
+DriverVer = 03/13/2026,13.27.3.571
 CatalogFile = bs1flt.cat
 PnpLockdown = 1
 

Tocsg.Module/Bs1Flt/bin/bs1flt/bs1flt.inf

@@ -10,7 +10,7 @@ ClassGuid   = {b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}    ;This value is determine
 ;Class = "ActivityMonitor"
 ;ClassGuid = {AE71EC8D-C1FD-4564-8AA9-D56ADE722321}
 Provider    = %ManufacturerName%
-DriverVer = 03/09/2026,18.21.59.681
+DriverVer = 03/13/2026,13.27.3.571
 CatalogFile = bs1flt.cat
 PnpLockdown = 1
 

Tocsg.Module/Bs1Flt/bs1dc_Delphi/DeviceGuard.Logic.pas

@@ -7,7 +7,7 @@ uses
   System.JSON, System.IOUtils, System.StrUtils,
   Winapi.Windows, Winapi.Messages, Winapi.ActiveX,
   Winapi.Bluetooth,
-  Tocsg.Obj, Tocsg.Driver, Tocsg.Path, Tocsg.Trace,
+  Tocsg.Obj, Tocsg.Driver, Tocsg.Path, Tocsg.Trace, Tocsg.DateTime,
   Bs1PolicyUnit,
   Bs1FltCtrl;
 
@@ -54,7 +54,7 @@ const
   GUID_DEVCLASS_USB       = '{36fc9e60-c465-11cf-8056-444553540000}';
   GUID_DEVCLASS_PORTS     = '{4d36e978-e325-11ce-bfc1-08002be10318}';
   GUID_DEVCLASS_MODEM     = '{4d36e96d-e325-11ce-bfc1-08002be10318}';
-  GUID_DEVCLASS_BLUETOOTH = '{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}';
+//  GUID_DEVCLASS_BLUETOOTH = '{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}';
   GUID_DEVCLASS_NET       = '{4d36e972-e325-11ce-bfc1-08002be10318}';
   GUID_DEVCLASS_INFRARED  = '{6bdd1fc5-810f-11d0-bec7-08002be2092f}';
   GUID_DEVCLASS_1394      = '{6bdd1fc1-810f-11d0-bec7-08002be2092f}';
@@ -98,6 +98,13 @@ type
     HwProfile: DWORD;
   end;
 
+  PBtDevEntT = ^TBtDevEntT;
+  TBtDevEntT = record
+    sAddress: String;
+    dtLastSeen,
+    dtLastUsed: TDateTime;
+    dInfo: BLUETOOTH_DEVICE_INFO;
+  end;
 
   PSPDevInfoListDetailData = ^TSPDevInfoListDetailData;
   TSPDevInfoListDetailData = packed record
@@ -146,6 +153,11 @@ type
     FOnPopup: TLogEvent;
 
     FUseRestart: Boolean;
+    BTDeviceList_: TList<PBtDevEntT>;
+
+    FDevChangeEvent: TEvent;
+
+
     // 헬퍼 함수
     function GetDeviceStringProperty(DevInfoSet: HDEVINFO; var DevData: TSPDevInfoData; PropId: DWORD): string;
     function GetDeviceStringPropertyDWORD(DevInfoSet: HDEVINFO; var DevData: SP_DEVINFO_DATA; PropId: DWORD): DWORD;
@@ -161,7 +173,9 @@ type
     procedure ApplySingleMatch(Policy: TPolicyItem; Match: TMatchCriteria);
 
 
+
   public
+    FSelfUpdateTick: Cardinal;
     constructor Create;
     destructor Destroy; override;
 
@@ -173,6 +187,9 @@ type
     function IsGeneralHIDDevice(const Info: TDeviceInfoDTO): Boolean;
     function IsSystemOrCriticalDevice(const Info: TDeviceInfoDTO): Boolean;
     procedure AllEnumSystemDevice;
+    function ManageBluetoothDevices(state: TDeviceState; const BlockList, ExceptionList: TArray<string>): Boolean;
+    function RefreshBTDeviceT(pbWorkStop: PBoolean = nil): Boolean;
+    function IsMouseOrKeyboard(ParentDevInst: DWORD): Boolean;
     // 정책 관리
     // 초기 정책 등록 (메모리)
     //procedure AddDefaultPolicy(const Name, GuidStr: string; IsBT: Boolean = False);
@@ -195,6 +212,10 @@ type
     function ScanForHardwareChanges: Boolean;
   end;
 
+  function CM_Get_Child(var pdnDevInst: DWORD; dnDevInst: DWORD; ulFlags: ULONG): DWORD; stdcall; external 'cfgmgr32.dll';
+function CM_Get_Sibling(var pdnDevInst: DWORD; dnDevInst: DWORD; ulFlags: ULONG): DWORD; stdcall; external 'cfgmgr32.dll';
+function CM_Get_Device_ID(dnDevInst: DWORD; Buffer: PWideChar; BufferLen: ULONG; ulFlags: ULONG): DWORD; stdcall; external 'cfgmgr32.dll' name 'CM_Get_Device_IDW';
+
   function CM_Get_DevNode_Status(out pulStatus: DWORD; out pulProblemNumber: DWORD;
     dnDevInst: DWORD; ulFlags: DWORD): DWORD; stdcall; external 'cfgmgr32.dll' name 'CM_Get_DevNode_Status';
   function CM_Locate_DevNode(var pdnDevInst: DEVINST; pDeviceID: PChar; ulFlags: ULONG): CONFIGRET; stdcall; external 'cfgmgr32.dll' name 'CM_Locate_DevNodeW';
@@ -248,7 +269,6 @@ implementation
 
 { TDeviceGuardEngine }
 
-
 constructor TDeviceGuardEngine.Create;
 var
   path: string;
@@ -268,6 +288,7 @@ begin
     CreateDefaultPolicies;
   end;
 
+  BTDeviceList_ := TList<PBtDevEntT>.Create;
 end;
 
 destructor TDeviceGuardEngine.Destroy;
@@ -275,15 +296,12 @@ begin
   Stop;
   FScanEvent.Free;
   gBs1Policy.Free;
-
+  FreeAndNil(BTDeviceList_);
   inherited;
 end;
 
 procedure TDeviceGuardEngine.Start;
 begin
-
-
-
   if FThread <> nil then Exit;
   FThread := TGuardThread.Create(Self);
   FThread.Start;
@@ -397,10 +415,8 @@ begin
   P := gBs1Policy.CreatePolicy('Bluetooth', BDC_BLUETOOTH, '');
   gBs1Policy.AddPolicyObject(P);
 
-//  P := gBs1Policy.CreatePolicy('Bluetooth File', BDC_BLUETOOTH_FILE, '');
+  P := gBs1Policy.CreatePolicy('Bluetooth file', BDC_BLUETOOTH, '');
-//  P.AddMatch(SPDRP_SERVICE, 'BTHUSB', 'USB');
+  P.AddMatch(SPDRP_SERVICE, 'BTHUSB|BTWUSB|BTMUSB', 'USB');
-//  P.AddMatch(SPDRP_SERVICE, 'BTWUSB', 'USB');
-//  P.AddMatch(SPDRP_SERVICE, 'BTMUSB', 'USB');
   gBs1Policy.AddPolicyObject(P);
 
 end;
@@ -412,6 +428,301 @@ begin
     FScanEvent.SetEvent;
 end;
 
+function TDeviceGuardEngine.IsMouseOrKeyboard(ParentDevInst: DWORD): Boolean;
+var
+  ChildInst: DWORD;
+  Buffer: array[0..MAX_PATH] of Char;
+  ChildId: string;
+  crStatus: DWORD;
+begin
+  Result := False;
+
+  // 첫 번째 자식 노드를 가져옵니다.
+  if CM_Get_Child(ChildInst, ParentDevInst, 0) = CR_SUCCESS then
+  begin
+    repeat
+      // 자식 노드의 Hardware ID를 읽어옵니다.
+      crStatus:= CM_Get_Device_ID(ChildInst, Buffer, Length(Buffer), 0);
+      if crStatus = CR_SUCCESS then
+      begin
+        ChildId := UpperCase(string(Buffer));
+
+        _Trace('[BS1] IsMouseOrKeyboard .. ChildId : %s', [ChildId]);
+        // 자식 장치 ID 중에 마우스/키보드 관련 키워드가 있는지 검사
+        // 1812: BLE 마우스/키보드
+        // 1124: 일반 블루투스 마우스/키보드
+        // HID: USB/블루투스 공통 휴먼 인터페이스 장치
+        if (Pos('1812', ChildId) > 0) or
+           (Pos('1124', ChildId) > 0) or
+           (Pos('HID', ChildId) > 0) or
+           (Pos('MOU', ChildId) > 0) or
+           (Pos('KBD', ChildId) > 0) then
+        begin
+          Result := True; // 마우스/키보드 기능 발견!
+          Break;
+        end;
+      end
+      else
+      begin
+        _Trace('[BS1] CM_Get_Device_ID .. fail %x', [crStatus]);
+      end;
+
+      // 다음 자식(형제 노드)으로 넘어갑니다.
+    until CM_Get_Sibling(ChildInst, ChildInst, 0) <> CR_SUCCESS;
+  end;
+end;
+
+function TDeviceGuardEngine.RefreshBTDeviceT(pbWorkStop: PBoolean = nil): Boolean;
+var
+  hFind: HBLUETOOTH_DEVICE_FIND;
+  BtDevSchParam: BLUETOOTH_DEVICE_SEARCH_PARAMS;
+  BtDevInfo: BLUETOOTH_DEVICE_INFO;
+  pInfo: PBtDevEntT;
+begin
+  Result := false;
+
+  BTDeviceList_.Clear;
+
+  ZeroMemory(@BtDevSchParam, SizeOf(BtDevSchParam));
+  BtDevSchParam.dwSize := SizeOf(BtDevSchParam);
+  BtDevSchParam.fReturnAuthenticated := true;
+  BtDevSchParam.fReturnRemembered := true;
+  BtDevSchParam.fReturnUnknown := true;
+  BtDevSchParam.fReturnConnected := true;
+//  BtDevSchParam.fIssueInquiry := true;
+//  BtDevSchParam.cTimeoutMultiplier := 10;
+
+  ZeroMemory(@BtDevInfo, SizeOf(BtDevInfo));
+  BtDevInfo.dwSize := SizeOf(BtDevInfo);
+  hFind := BluetoothFindFirstDevice(BtDevSchParam, BtDevInfo);
+
+  try
+    if hFind <> 0 then
+    begin
+      repeat
+        New(pInfo);
+        ZeroMemory(pInfo, SizeOf(TBtDevEntT));
+
+        BluetoothUpdateDeviceRecord(BtDevInfo);
+        pInfo.dInfo := BtDevInfo;
+        pInfo.sAddress := Format('%.2x:%.2x:%.2x:%.2x:%.2x:%.2x',
+              [BtDevInfo.Address.rgBytes[5], BtDevInfo.Address.rgBytes[4],
+               BtDevInfo.Address.rgBytes[3], BtDevInfo.Address.rgBytes[2],
+               BtDevInfo.Address.rgBytes[1], BtDevInfo.Address.rgBytes[0]]);
+
+        pInfo.dtLastSeen := ConvSystemTimeToDateTime_Local(BtDevInfo.stLastSeen);
+        try
+          if BtDevInfo.stLastUsed.wYear <> 0 then
+            pInfo.dtLastUsed := ConvSystemTimeToDateTime_Local(BtDevInfo.stLastUsed)
+          else
+            pInfo.dtLastUsed := 0;
+        except
+          pInfo.dtLastUsed := 0;
+        end;
+
+        var ucMajor: BYTE;
+        var ucMinor: BYTE;
+        var sMajor: string;
+        begin
+          ucMajor := BYTE((pInfo.dInfo.ulClassofDevice and $0000FF00) shr 8);
+          ucMinor := BYTE(pInfo.dInfo.ulClassofDevice and $000000FF);
+
+          case ucMajor of
+            $0 : sMajor := 'Misc';
+            $1 : sMajor := 'Computer';
+            $2 : sMajor := 'Phone';
+            $3 : sMajor := 'LanAccessPoint';
+            $4 : sMajor := 'Audio/Video';
+            $5 : sMajor := 'Peripheral';
+            $6 : sMajor := 'Imaging';
+            $1F : sMajor := 'Unclassified';
+          end;
+        end;
+
+        _Trace(Format(
+        '[BS1] RefreshBTDevice .. sMajor(%s)(%x), ulClassofDevice : %x, szName:%s', [sMajor, DWORD(ucMajor), pInfo.dInfo.ulClassofDevice, pInfo.dInfo.szName]));
+
+        BTDeviceList_.Add(pInfo);
+
+        if (pbWorkStop <> nil) and (pbWorkStop^ = true) then
+          exit;
+      until (hFind <> 0) and not BluetoothFindNextDevice(hFind, BtDevInfo);
+      Result := true;
+    end;
+  finally
+    if hFind <> 0 then
+    begin
+      BluetoothFindDeviceClose(hFind);
+    end;
+  end;
+
+  _Trace('=====================================');
+  _Trace('=====================================');
+end;
+
+function TDeviceGuardEngine.ManageBluetoothDevices(state: TDeviceState; const BlockList, ExceptionList: TArray<string>): Boolean;
+const
+  DICS_ENABLE = $00000001; // 장치 사용(Enable) 상수 추가
+  DICS_DISABLE = $00000002;
+var
+  hDevInfo: THandle;
+  DevInfoData: TSPDevInfoData;
+  Index: DWORD;
+  Buffer: array[0..2047] of Char;
+  ReqSize, DataType: DWORD;
+  P: PChar;
+  SearchStr: string;
+  bShouldDisable, bIsException: Boolean;
+  PropChangeParams: TSPPropChangeParams;
+  i: Integer;
+  friendlyName: string; // 내부 프로시저에서 쓰기 위해 위로 올림
+
+  // [추가] REG_MULTI_SZ 구조의 문자열을 모두 읽어 파이프(|)로 연결해 반환하는 헬퍼 함수
+  function GetMultiSzStr(Prop: DWORD): string;
+  begin
+    Result := '';
+    if SetupDiGetDeviceRegistryProperty(hDevInfo, DevInfoData, Prop, DataType, @Buffer[0], SizeOf(Buffer), ReqSize) then
+    begin
+      P := @Buffer[0];
+      while P^ <> #0 do
+      begin
+        Result := Result + string(P) + '|';
+        Inc(P, StrLen(P) + 1);
+      end;
+    end;
+  end;
+
+  // [핵심 추가] 장치를 차단(Disable) 또는 허용(Enable)하는 내부 프로시저
+  procedure ChangeDeviceState(aDisable: Boolean);
+  begin
+    FillChar(PropChangeParams, SizeOf(TSPPropChangeParams), 0);
+    PropChangeParams.ClassInstallHeader.cbSize := SizeOf(TSPClassInstallHeader);
+    PropChangeParams.ClassInstallHeader.InstallFunction := DIF_PROPERTYCHANGE;
+
+    // 차단 여부에 따라 상태값 결정
+    if aDisable then
+      PropChangeParams.StateChange := DICS_DISABLE
+    else
+      PropChangeParams.StateChange := DICS_ENABLE;
+
+    PropChangeParams.Scope := DICS_FLAG_GLOBAL;
+
+    FSelfUpdateTick := GetTickCount;
+
+    if SetupDiSetClassInstallParams(hDevInfo, @DevInfoData, @PropChangeParams, SizeOf(TSPPropChangeParams)) then
+    begin
+      if SetupDiCallClassInstaller(DIF_PROPERTYCHANGE, hDevInfo, @DevInfoData) then
+      begin
+        if aDisable then
+          _Trace(Format('[BS1] 블루투스 장치 차단(Disable) 적용: %s', [friendlyName]))
+        else
+          _Trace(Format('[BS1] 블루투스 장치 허용(Enable) 적용: %s', [friendlyName]));
+      end;
+    end;
+  end;
+
+begin
+  Result := False;
+  hDevInfo := SetupDiGetClassDevs(@GUID_DEVCLASS_BLUETOOTH, nil, 0, DIGCF_PRESENT);
+
+  if hDevInfo = INVALID_HANDLE_VALUE then
+    Exit;
+
+  try
+    Index := 0;
+    DevInfoData.cbSize := SizeOf(TSPDevInfoData);
+
+    while SetupDiEnumDeviceInfo(hDevInfo, Index, DevInfoData) do
+    begin
+      bShouldDisable := False;
+      bIsException := False;
+
+      friendlyName := GetDeviceStringProperty(hDevInfo, DevInfoData, SPDRP_FRIENDLYNAME);
+      if friendlyName = '' then
+        friendlyName := GetDeviceStringProperty(hDevInfo, DevInfoData, SPDRP_DEVICEDESC);
+
+      var DeviceClass := GetDeviceStringProperty(hDevInfo, DevInfoData, SPDRP_CLASS);
+      var Service := GetDeviceStringProperty(hDevInfo, DevInfoData, SPDRP_SERVICE);
+      var RemovalPolicy := GetDeviceStringPropertyDWORD(hDevInfo, DevInfoData, SPDRP_REMOVAL_POLICY);
+      var InstatllState := GetDeviceStringPropertyDWORD(hDevInfo, DevInfoData, SPDRP_INSTALL_STATE);
+
+      var ParentId := GetDevicePropertyString(hDevInfo, DevInfoData, DEVPKEY_Device_Parent);
+      var DeviceDriveDesc := GetDevicePropertyString(hDevInfo, DevInfoData, DEVPKEY_Device_DriverDesc);
+      var Manufacturer := GetDevicePropertyString(hDevInfo, DevInfoData, DEVPKEY_Device_Manufacturer);
+      var DeviceDesc := GetDevicePropertyString(hDevInfo, DevInfoData, DEVPKEY_Device_DeviceDesc);
+
+      var hwIds := GetMultiSzStr(SPDRP_HARDWAREID);
+      var compatIds := GetMultiSzStr(SPDRP_COMPATIBLEIDS);
+
+      // (로그 출력 생략 - 기존과 동일)
+
+      // 1. 통합 검색망(SearchStr) 생성
+      SearchStr := LowerCase(hwIds + compatIds + friendlyName + '|' + DeviceDesc);
+      _Trace('[BS1] SearchStr : %s', [SearchStr]);
+      // 2. 시스템 필수 블루투스 장치는 제어 대상에서 제외 (안전망)
+      if (Pos('usb\vid_', SearchStr) > 0) or
+         (Pos('bth\ms_bthbrb', SearchStr) > 0) or
+         (Pos('bth\ms_bthle', SearchStr) > 0) or
+         (Pos('bth\ms_rfcomm', SearchStr) > 0) then
+      begin
+        Inc(Index);
+        Continue;
+      end;
+
+      if (Pos('genericdevice', SearchStr) > 0) and IsMouseOrKeyboard(DevInfoData.DevInst) then
+      begin
+        // 이 장치는 겉보기엔 Generic이지만 실제로는 마우스/키보드입니다.
+        bIsException := True;
+      end;
+
+      // 3. 예외(Exception/Allow) 목록 검사
+      for i := 0 to High(ExceptionList) do
+      begin
+        if Pos(LowerCase(ExceptionList[i]), SearchStr) > 0 then
+        begin
+          bIsException := True;
+          Break;
+        end;
+      end;
+
+      // 4. 차단(Block) 목록 검사
+      if not bIsException and (state = dsDisable) then
+      begin
+        if Length(BlockList) = 0 then
+          bShouldDisable := True // BlockList가 비어있으면 기본적으로 전체 차단
+        else
+        begin
+          for i := 0 to High(BlockList) do
+          begin
+            if Pos(LowerCase(BlockList[i]), SearchStr) > 0 then
+            begin
+              bShouldDisable := True;
+              Break;
+            end;
+          end;
+        end;
+      end;
+
+      // [핵심 로직 변경] 차단 대상이면 Disable, 허용(예외) 대상이면 Enable 적용
+      if bShouldDisable then
+      begin
+        ChangeDeviceState(True);  // DICS_DISABLE
+        _Trace(Format('[BS1] [차단] (%s)', [SearchStr]));
+        Result := True; // 하나라도 차단 로직을 탔으면 True 반환
+      end
+      else
+      begin
+        ChangeDeviceState(False); // DICS_ENABLE (기존에 막혀있었다면 풀림)
+        _Trace(Format('[BS1] [허용] (%s)', [SearchStr]));
+      end;
+
+      Inc(Index);
+    end;
+  finally
+    SetupDiDestroyDeviceInfoList(hDevInfo);
+  end;
+end;
+
 {
 // -----------------------------------------------------------------------------
 // [핵심] 장치 매칭 로직 (C++ SetStateControlDevNode 로직 구현)
@@ -667,13 +978,13 @@ begin
         CurrentPropVal := GetDeviceStringProperty(hDevInfo, DevInfoData, Match.PropType).ToUpper;
 
 
-        if (CurrentPropVal <> '') and (Pos(Match.MatchData.ToUpper, CurrentPropVal) > 0) then
+        if (CurrentPropVal <> '') and (Pos(CurrentPropVal, Match.MatchData.ToUpper) > 0) then
           bIsMatch := True;
       end
       else
         bIsMatch := True; // 데이터 없으면 무조건 매칭
 
-      //TGuardThread(FThread).DoLog(Format('(%s)(%d), Match.Enumerator : (%s) PropType : %x (PropVal: %s<>%s)', [Policy.name, DWORD(bIsMatch), Match.Enumerator, Match.PropType, Match.MatchData.ToUpper, CurrentPropVal]));
+      _Trace('[BS1] (%s)(%d), Match.Enumerator : (%s) PropType : %x (PropVal: %s<>%s)', [Policy.name, DWORD(bIsMatch), Match.Enumerator, Match.PropType, Match.MatchData.ToUpper, CurrentPropVal]);
 
       if bIsMatch then
       begin
@@ -830,6 +1141,10 @@ begin
         gBs1Policy.CopyPoliciesTo(Policies);
       end;
 
+      tmp:= gBs1Policy.GetPolicyItem(DWORD(BDC_BLUETOOTH));
+      ManageBluetoothDevices(tmp.state_, [], ['1124', '1812', '110B', '1108']);
+
+
       for var Policy in Policies do
       begin
         // 블루투스는 별도 로직
@@ -853,13 +1168,21 @@ begin
   //      gBs1fltControl.SetPolicy(Policy.flag_, DWORD(Policy.state_), DWORD(Policy.isLog_));
 //        if (Policy.flag_ <> DWORD(BDC_MTP)) then
 //        begin
-
+        _Trace('[BS1] 블루투스 제어 시작');
-
+        tmp:= gBs1Policy.GetPolicyItem(DWORD(BDC_BLUETOOTH));
+        ManageBluetoothDevices(tmp.state_, [], ['1124', '1812', '110B', '1108']);
+        _Trace('[BS1] 블루투스 제어 끝... .: state : %d', [DWORD(tmp.state_)]);
 //        end;
         _Trace(Format('[BS1] EnforceSystemPolicy, flag(%d), state(%d),log(%d)', [DWORD(Policy.flag_), DWORD(Policy.state_), DWORD(Policy.isLog_)]));
 
         if (Policy.flag_ = DWORD(BDC_BLUETOOTH_FILE)) then
         begin
+          if( Policy.state_ = dsDisable) then
+          begin
+
+          end;
+
+//          gBs1FltControl.SetPolicy(DWORD(Policy.flag_), DWORD(Policy.state_), DWORD(Policy.isLog_));
           continue;
         end
         else if (Policy.flag_ = DWORD(BDC_MTP)) then
@@ -886,6 +1209,15 @@ begin
           continue;
         end;
 
+
+        if (Policy.flag_ = DWORD(BDC_BLUETOOTH)) then
+        begin
+          //마우스, 키보드, 오디오(이어폰)까지만 허용
+//          if Policy.state_ = dsDisable then
+//            ManageBluetoothDevices([], ['1124', '1812', '110B', '1108']);
+          continue;
+        end;
+
         gBs1FltControl.SetPolicy(DWORD(Policy.flag_), DWORD(Policy.state_), DWORD(Policy.isLog_));
 //        else if (Policy.flag_ = DWORD(BDC_USB)) then
 //        begin
@@ -1300,6 +1632,8 @@ begin
     if WaitResult = wrSignaled then
     begin
       try
+        Sleep(500);
+
         Engine.EnforceSystemPolicy;
       except
         on E: Exception do OutPutDebugStringW(PChar('[BS1] Scan Error: ' + E.Message));
@@ -1327,4 +1661,5 @@ begin
   end);
 end;
 
+
 end.

Tocsg.Module/Bs1Flt/bs1dc_Delphi/bs1DeviceControl.dfm

@@ -216,4 +216,13 @@ object Form1: TForm1
     TabOrder = 10
     OnClick = btnProcessCreateSettingClick
   end
+  object btnBlueToothEnum: TButton
+    Left = 544
+    Top = 176
+    Width = 129
+    Height = 25
+    Caption = #48660#47336#53804#49828' '#51109#52824' '#50676#44144
+    TabOrder = 11
+    OnClick = btnBlueToothEnumClick
+  end
 end

Tocsg.Module/Bs1Flt/bs1dc_Delphi/bs1DeviceControl.pas

@@ -52,6 +52,7 @@ type
     btnLogClear: TButton;
     btnDataFlowStart: TButton;
     btnProcessCreateSetting: TButton;
+    btnBlueToothEnum: TButton;
     procedure FormCreate(Sender: TObject);
     procedure FormDestroy(Sender: TObject);
     procedure BtnApplyClick(Sender: TObject);
@@ -66,6 +67,7 @@ type
     procedure btnLogClearClick(Sender: TObject);
     procedure OnDataFlowStartClick(Sender: TObject);
     procedure btnProcessCreateSettingClick(Sender: TObject);
+    procedure btnBlueToothEnumClick(Sender: TObject);
 
   private
     FEngine: TDeviceGuardEngine;
@@ -342,12 +344,22 @@ begin
 end;
 
 procedure TForm1.WMDeviceChange(var Msg: TMessage);
+var
+  CurrentTick: Cardinal;
 begin
   inherited;
   if Msg.WParam = DBT_DEVNODES_CHANGED then
   begin
+    CurrentTick := GetTickCount; // 현재 시간(밀리초) 가져오기
+    if (CurrentTick - FEngine.FSelfUpdateTick) < 1500 then
+    begin
+      Msg.Result := 1;
+      Exit; // 워커 스레드를 깨우지 않고 조용히 종료!
+    end;
+
     OnEngineLog('[System] 하드웨어 변경 감지 -> 재검사 요청');
     FEngine.TriggerScan;
+    Msg.Result := 1;
   end;
 end;
 
@@ -823,6 +835,12 @@ begin
   Handled := True;
 end;
 
+procedure TForm1.btnBlueToothEnumClick(Sender: TObject);
+begin
+  gDeviceGuardEngine.RefreshBTDeviceT;
+  gDeviceGuardEngine.ManageBluetoothDevices(dsEnable,[], []);
+end;
+
 procedure TForm1.btnDataFlowConfigClick(Sender: TObject);
 var
   dlg: TDataFlowSettingForm;

Tocsg.Module/Bs1Flt/bs1dc_Delphi/bs1dc.dproj.local

@@ -2,29 +2,29 @@
 <BorlandProject>
 	<Transactions>
     <Transaction>1899-12-30 00:00:00.000.374,=C:\mgkim\3.work\xPrint\src\bs1flt\MTPMon\MTPMon\Bs1MadHookInject.pas</Transaction>
-    <Transaction>1899-12-30 00:00:00.000.548,=C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Lib\VCL\Tocsg.Obj.pas</Transaction>
     <Transaction>1899-12-30 00:00:00.000.108,=C:\mgkim\3.work\test\delphi\bs1dc\Unit1.pas</Transaction>
+    <Transaction>1899-12-30 00:00:00.000.548,=C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Lib\VCL\Tocsg.Obj.pas</Transaction>
     <Transaction>1899-12-30 00:00:00.000.691,C:\mgkim\3.work\test\bs1dc.dproj=C:\mgkim\3.work\test\delphi\bs1dc\bs1dc.dproj</Transaction>
     <Transaction>1899-12-30 00:00:00.000.249,C:\mgkim\3.work\xPrint\src\bs1flt\bs1dc_Delphi\Unit4.pas=C:\mgkim\3.work\xPrint\src\bs1flt\bs1dc_Delphi\MessageBoxFrom.pas</Transaction>
     <Transaction>1899-12-30 00:00:00.000.121,=C:\mgkim\3.work\xPrint\src\bs1flt\bs1dc_Delphi\Unit4.pas</Transaction>
     <Transaction>1899-12-30 00:00:00.000.241,=C:\mgkim\3.work\xPrint\src\bs1flt\UsbMon_Delphi\Bs1FltCtrl.pas</Transaction>
     <Transaction>1899-12-30 00:00:00.000.950,=C:\mgkim\3.work\test\delphi\bs1dc\bs1DeviceControl.pas</Transaction>
-    <Transaction>1899-12-30 00:00:00.000.354,=C:\mgkim\3.work\xPrint\src\bs1flt\bs1dc_Delphi\Unit2.pas</Transaction>
+    <Transaction>1899-12-30 00:00:00.000.743,C:\mgkim\3.work\xPrint\src\bs1flt\bs1dc_Delphi\Unit2.pas=</Transaction>
     <Transaction>1899-12-30 00:00:00.000.431,C:\mgkim\3.work\xPrint\src\bs1flt\bs1dc_Delphi\Unit2.pas=C:\mgkim\3.work\xPrint\src\bs1flt\bs1dc_Delphi\DataFlowSettingForm.pas</Transaction>
     <Transaction>1899-12-30 00:00:00.000.271,=C:\mgkim\3.work\xPrint\src\MTPMon\dist\GlobalDefine.pas</Transaction>
     <Transaction>1899-12-30 00:00:00.000.853,=C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\bs1dc_Delphi\Bs1FltCtrl.pas</Transaction>
     <Transaction>1899-12-30 00:00:00.000.249,C:\mgkim\3.work\xPrint\src\bs1flt\bs1dc_Delphi\Unit4.dfm=C:\mgkim\3.work\xPrint\src\bs1flt\bs1dc_Delphi\MessageBoxFrom.dfm</Transaction>
     <Transaction>1899-12-30 00:00:00.000.459,C:\mgkim\3.work\xPrint\src\bs1flt\bs1dc_Delphi\DriveControlForm.dfm=C:\mgkim\3.work\xPrint\src\bs1flt\bs1dc_Delphi\Unit3.dfm</Transaction>
+    <Transaction>1899-12-30 00:00:00.000.354,=C:\mgkim\3.work\xPrint\src\bs1flt\bs1dc_Delphi\Unit2.pas</Transaction>
     <Transaction>1899-12-30 00:00:00.000.808,=C:\mgkim\3.work\xPrint\src\bs1flt\bs1dc_Delphi\Unit2.pas</Transaction>
-    <Transaction>1899-12-30 00:00:00.000.743,C:\mgkim\3.work\xPrint\src\bs1flt\bs1dc_Delphi\Unit2.pas=</Transaction>
     <Transaction>1899-12-30 00:00:00.000.864,C:\mgkim\3.work\test\Unit1.pas=C:\mgkim\3.work\test\bs1DeviceControl.pas</Transaction>
     <Transaction>1899-12-30 00:00:00.000.974,=C:\mgkim\3.work\test\Unit1.pas</Transaction>
     <Transaction>1899-12-30 00:00:00.000.287,=C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\bs1dc_Delphi\Unit4.pas</Transaction>
     <Transaction>1899-12-30 00:00:00.000.459,C:\mgkim\3.work\xPrint\src\bs1flt\bs1dc_Delphi\DriveControlForm.pas=C:\mgkim\3.work\xPrint\src\bs1flt\bs1dc_Delphi\Unit3.pas</Transaction>
     <Transaction>1899-12-30 00:00:00.000.526,C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\bs1dc_Delphi\ProcessCreateSettingForm.pas=C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\bs1dc_Delphi\Unit4.pas</Transaction>
     <Transaction>1899-12-30 00:00:00.000.431,C:\mgkim\3.work\xPrint\src\bs1flt\bs1dc_Delphi\Unit2.dfm=C:\mgkim\3.work\xPrint\src\bs1flt\bs1dc_Delphi\DataFlowSettingForm.dfm</Transaction>
-    <Transaction>1899-12-30 00:00:00.000.099,=C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Lib\VCL\Tocsg.Trace.pas</Transaction>
     <Transaction>1899-12-30 00:00:00.000.043,=C:\mgkim\3.work\xPrint\src\MTPMon\MTPControl\BsoneDebug.pas</Transaction>
+    <Transaction>1899-12-30 00:00:00.000.099,=C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Lib\VCL\Tocsg.Trace.pas</Transaction>
     <Transaction>1899-12-30 00:00:00.000.864,C:\mgkim\3.work\test\Unit1.dfm=C:\mgkim\3.work\test\bs1DeviceControl.dfm</Transaction>
     <Transaction>1899-12-30 00:00:00.000.259,C:\mgkim\3.work\test\delphi\bs1dc\DeviceGuard.Logic.pas=C:\mgkim\3.work\test\delphi\bs1dc\Unit1.pas</Transaction>
     <Transaction>1899-12-30 00:00:00.000.235,C:\mgkim\3.work\xPrint\src\bs1flt\bs1dc_Delphi\Unit1.pas=C:\mgkim\3.work\xPrint\src\bs1flt\bs1dc_Delphi\bs1PolicyUnit.pas</Transaction>

Tocsg.Module/Bs1Flt/bs1flt/bs1flt.c

@@ -1116,7 +1116,7 @@ Return Value:
         g_DebugLevel = 0;
     }
     
-    //g_DebugLevel = DEBUG_TRACE_INFO;
+    g_DebugLevel = DEBUG_TRACE_ALL;
     //
     //  Register with FltMgr to tell it our callback routines
     //

Tocsg.Module/Bs1Flt/bs1flt/bs1flt.vcxproj

@@ -166,6 +166,7 @@
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <Link>
       <AdditionalDependencies>fltmgr.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalOptions>/INTEGRITYCHECK /kernel %(AdditionalOptions)</AdditionalOptions>
     </Link>
     <DriverSign>
       <FileDigestAlgorithm>sha256</FileDigestAlgorithm>

Tocsg.Module/Bs1Flt/bs1flt/bs1flt_bluetooth_port_hook.c

@@ -8,6 +8,7 @@ enum
 	bluetooth_rfcomm,
 	bluetooth_btwusb,
 	bluetooth_bthusb,
+	bluetooth_bthenum, //테스트 필요..
 	bluetooth_maximum
 };
 
@@ -17,6 +18,7 @@ static WCHAR* s_bthname[] =
 	L"\\Driver\\RFCOMM",
 	L"\\Driver\\BTWUSB",
 	L"\\Driver\\BTHUSB",	
+	L"\\Driver\\BTHENUM",
 	NULL
 };
 
@@ -28,6 +30,7 @@ NTSTATUS BtkrnHookDispatch(PDEVICE_OBJECT deviceObject, PIRP irp);
 NTSTATUS RfcommHookDispatch(PDEVICE_OBJECT deviceObject, PIRP irp);
 NTSTATUS BtwusbHookDispatch(PDEVICE_OBJECT deviceObject, PIRP irp);
 NTSTATUS BthusbHookDispatch(PDEVICE_OBJECT deviceObject, PIRP irp);
+NTSTATUS BthEnumHookDispatch(PDEVICE_OBJECT deviceObject, PIRP irp);
 
 
 static PDRIVER_DISPATCH s_ProxyDispatchers[bluetooth_maximum] =
@@ -35,13 +38,15 @@ static PDRIVER_DISPATCH s_ProxyDispatchers[bluetooth_maximum] =
 	BtkrnHookDispatch,
 	RfcommHookDispatch,
 	BtwusbHookDispatch,
-	BthusbHookDispatch
+	BthusbHookDispatch,
+	BthEnumHookDispatch //테스트 필요
 };
 
 NTSTATUS BtkrnlDeviceIoControl(PDRIVER_DISPATCH dispath, PDEVICE_OBJECT deviceObject, PIRP irp);
 NTSTATUS RfcommInternalDeviceIoControl(PDRIVER_DISPATCH dispath, PDEVICE_OBJECT deviceObject, PIRP irp);
 NTSTATUS BtwusbDeviceIoControl(PDRIVER_DISPATCH dispath, PDEVICE_OBJECT deviceObject, PIRP irp);
 NTSTATUS BthusbDeviceIoControl(PDRIVER_DISPATCH dispath, PDEVICE_OBJECT deviceObject, PIRP irp);
+NTSTATUS BthEnumPnpControl(PDRIVER_DISPATCH dispath, PDEVICE_OBJECT deviceObject, PIRP irp);
 
 #define BTKRNL_COMMON_HOOK_HANDLERS \
     [IRP_MJ_DEVICE_CONTROL] = { NULL, IRP_MJ_DEVICE_CONTROL, TRUE, BtkrnlDeviceIoControl }, \
@@ -55,12 +60,16 @@ NTSTATUS BthusbDeviceIoControl(PDRIVER_DISPATCH dispath, PDEVICE_OBJECT deviceOb
 #define BTHUSB_COMMON_HOOK_HANDLERS \
     [IRP_MJ_DEVICE_CONTROL] = { NULL, IRP_MJ_DEVICE_CONTROL, TRUE, BthusbDeviceIoControl }, \
 
-static HOOK_CONTEXT g_BlueToothHookContexts[bluetooth_maximum] =
+#define BTHENUM_COMMON_HOOK_HANDLERS \
+    [IRP_MJ_PNP] = { NULL, IRP_MJ_PNP, TRUE, BthEnumPnpControl }, \
+
+static HOOK_CONTEXT g_BlueToothHookContexts[] =
 {
 	{ NULL, FALSE, 0, { BTKRNL_COMMON_HOOK_HANDLERS } },
 	{ NULL, FALSE, 0, { RFCOMM_COMMON_HOOK_HANDLERS } },
 	{ NULL, FALSE, 0, { BTWUSB_COMMON_HOOK_HANDLERS } },
 	{ NULL, FALSE, 0, { BTHUSB_COMMON_HOOK_HANDLERS } }
+	//{ NULL, FALSE, 0, { BTHENUM_COMMON_HOOK_HANDLERS } }
 };
 
 
@@ -72,7 +81,7 @@ NTSTATUS BlueToothHookDispatch_Common(ULONG ContextIndex, PDEVICE_OBJECT deviceO
 	PHOOK_CONTEXT hook = NULL;
 	PDRIVER_DISPATCH pOrgHandler = NULL;
 
-	if (ContextIndex >= bluetooth_maximum)
+	if (ContextIndex >= ARRAYSIZE(g_BlueToothHookContexts))
 		return STATUS_UNSUCCESSFUL;
 			
 	InterlockedIncrement((volatile LONG*)&g_BlueToothHookContexts[ContextIndex].IrpEnterCount);
@@ -102,6 +111,10 @@ NTSTATUS BlueToothHookDispatch_Common(ULONG ContextIndex, PDEVICE_OBJECT deviceO
 	return NtStatus;
 }
 
+NTSTATUS BthEnumHookDispatch(PDEVICE_OBJECT deviceObject, PIRP irp)
+{
+	return BlueToothHookDispatch_Common(bluetooth_bthenum, deviceObject, irp);
+}
 
 NTSTATUS BtkrnHookDispatch(PDEVICE_OBJECT deviceObject, PIRP irp)
 {
@@ -122,6 +135,296 @@ NTSTATUS BthusbHookDispatch(PDEVICE_OBJECT deviceObject, PIRP irp)
 	return BlueToothHookDispatch_Common(bluetooth_bthusb, deviceObject, irp);
 }
 
+// 매핑을 위한 구조체 정의
+typedef struct _BTH_UUID_MAPPING {
+	PWCHAR UuidLower;       // 소문자 UUID
+	PWCHAR UuidUpper;       // 대문자 UUID
+	PWCHAR ReadableName;    // 변환될 한글/영문 설명
+} BTH_UUID_MAPPING, * PBTH_UUID_MAPPING;
+
+// 기존 완료 루틴의 정보를 백업해둘 구조체 선언 (전역 헤더에 선언하세요)
+typedef struct _BTH_HOOK_CONTEXT {
+	PIO_COMPLETION_ROUTINE OldCompletionRoutine;
+	PVOID OldContext;
+	UCHAR OldControl;
+	char processName[50];
+} BTH_HOOK_CONTEXT, * PBTH_HOOK_CONTEXT;
+
+// 블루투스 주요 장치 UUID 매핑 테이블 (전역 배열)
+BTH_UUID_MAPPING g_BthUuidTable[] = {
+	// --- [보안 위협 / 데이터 유출 (차단 권장)] ---
+	{ L"1105", L"1105", L"파일 전송 (OBEX Object Push)" },
+	{ L"1101", L"1101", L"시리얼 통신 (Serial Port)" },
+	{ L"1115", L"1115", L"블루투스 테더링/공유 (PANU)" },
+	{ L"1116", L"1116", L"블루투스 핫스팟 (NAP)" },
+	{ L"1132", L"1132", L"문자 메시지 접근 (MAP)" },
+
+	// --- [미디어 / 오디오 (선택적 차단)] ---
+	{ L"110b", L"110B", L"오디오/헤드셋 스피커 (A2DP Sink)" },
+	{ L"110a", L"110A", L"오디오 소스 (A2DP Source)" },
+	{ L"1108", L"1108", L"구형 모노 헤드셋 (Headset)" },
+	{ L"111e", L"111E", L"핸즈프리 통화 (Handsfree)" },
+	{ L"110c", L"110C", L"미디어 리모컨 (AVRCP)" },
+
+	// --- [입력 장치 (허용 권장)] ---
+	{ L"1124", L"1124", L"마우스/키보드 (HID)" },
+	{ L"1812", L"1812", L"저전력 마우스/키보드 (BLE HID)" },
+
+	// 배열의 끝을 알리는 널(NULL) 값
+	{ NULL, NULL, L"알 수 없는 블루투스 장치" }
+};
+
+/**
+ * 하드웨어 ID 문자열 내에서 특정 UUID를 찾아 읽기 쉬운 이름으로 반환합니다.
+ * @param HardwareIdString: 검사할 문자열 (예: L"BTHENUM\\{0000110b-0000...}")
+ * @return 매칭된 장치의 한글 설명 포인터
+ */
+PWCHAR GetReadableBluetoothName(PWCHAR HardwareIdString) {
+	int i = 0;
+
+	if (HardwareIdString == NULL) {
+		return L"잘못된 장치 정보";
+	}
+
+	// 배열을 순회하며 매칭되는 UUID가 있는지 검사
+	while (g_BthUuidTable[i].UuidLower != NULL) {
+		// 소문자 또는 대문자가 포함되어 있는지 확인 (wcsstr)
+		if (wcsstr(HardwareIdString, g_BthUuidTable[i].UuidLower) != NULL ||
+			wcsstr(HardwareIdString, g_BthUuidTable[i].UuidUpper) != NULL)
+		{
+			return g_BthUuidTable[i].ReadableName;
+		}
+		i++;
+	}
+
+	// 매칭되는 값이 없으면 기본값 반환
+	return L"알 수 없는 블루투스 장치 (기타)";
+}
+
+#define TAG_LOG_STR 'goLB'
+NTSTATUS GetAllHardwareIdsAsString(
+	_In_ PWCHAR MultiSzBuffer,
+	_Out_ PUNICODE_STRING CombinedString
+) 
+{
+	PWCHAR currentString;
+	ULONG totalChars = 0;
+	USHORT maxLen = 0;
+
+	if (MultiSzBuffer == NULL || CombinedString == NULL) 
+	{
+		return STATUS_INVALID_PARAMETER;
+	}
+
+	// 1. 병합에 필요한 전체 문자열 길이 계산
+	currentString = MultiSzBuffer;
+	while (*currentString != L'\0') 
+	{
+		// 현재 문자열 길이 + 구분자("; ") 2글자
+		totalChars += (ULONG)wcslen(currentString) + 2;
+
+		// 다음 문자열로 포인터 이동 (현재길이 + NULL)
+		currentString += wcslen(currentString) + 1;
+	}
+
+	if (totalChars == 0) 
+	{
+		RtlInitUnicodeString(CombinedString, L"");
+		return STATUS_NOT_FOUND;
+	}
+
+	// UNICODE_STRING의 최대 크기는 65535 바이트(USHORT)로 제한됨
+	if ((totalChars * sizeof(WCHAR) + sizeof(WCHAR)) > 0xFFFF) 
+	{
+		return STATUS_BUFFER_OVERFLOW;
+	}
+
+	// 2. 메모리 할당 (NonPagedPool 사용 - 완료 루틴(DISPATCH_LEVEL)에서 안전)
+	maxLen = (USHORT)(totalChars * sizeof(WCHAR) + sizeof(WCHAR));
+
+	// 최신 WDK에서는 NonPagedPoolNx를 권장하나, 구버전 호환성을 위해 NonPagedPool 사용
+	CombinedString->Buffer = (PWCHAR)ExAllocatePoolWithTag(NonPagedPool, maxLen, TAG_LOG_STR);
+
+	if (CombinedString->Buffer == NULL) {
+		return STATUS_INSUFFICIENT_RESOURCES;
+	}
+
+	// UNICODE_STRING 구조체 초기화
+	CombinedString->MaximumLength = maxLen;
+	CombinedString->Length = 0;
+	CombinedString->Buffer[0] = L'\0';
+
+	// 3. 문자열 결합 (Concatenation)
+	currentString = MultiSzBuffer;
+	while (*currentString != L'\0')
+	{
+		UNICODE_STRING tempStr;
+		RtlInitUnicodeString(&tempStr, currentString);
+
+		// 현재 문자열을 붙임
+		RtlAppendUnicodeStringToString(CombinedString, &tempStr);
+
+		currentString += (tempStr.Length / sizeof(WCHAR)) + 1;
+
+		// 다음 문자열이 존재하면 구분자("; ") 삽입
+		if (*currentString != L'\0') {
+			RtlAppendUnicodeToString(CombinedString, L"; ");
+		}
+	}
+
+	return STATUS_SUCCESS;
+}
+
+// -----------------------------------------------------------------------
+// IRP_MN_QUERY_ID 완료 루틴 (여기서 기기 종류를 판별하고 차단합니다)
+// -----------------------------------------------------------------------
+NTSTATUS PnpQueryIdCompletionRoutine(
+	PDEVICE_OBJECT DeviceObject,
+	PIRP Irp,
+	PVOID Context
+) {
+	UNREFERENCED_PARAMETER(DeviceObject);
+	UNREFERENCED_PARAMETER(Context);
+	PBTH_HOOK_CONTEXT hookCtx = (PBTH_HOOK_CONTEXT)Context;
+	ULONG state = GetPolicyState(BDC_BLUETOOTH);
+	ULONG policyLog = IsPolicyLog(BDC_BLUETOOTH);	
+	WCHAR processName[50] = { 0, };
+	WCHAR notice[MAX_PATH] = { 0, };
+	NTSTATUS status = Irp->IoStatus.Status;
+	BOOLEAN bBlock = FALSE;
+	//if (Irp->PendingReturned) {
+	//	IoMarkIrpPending(Irp);
+	//}
+
+	//PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation(Irp);
+
+	// 하위 드라이버가 처리를 성공했고, 우리가 원하는 Hardware IDs 요청인 경우
+	if (NT_SUCCESS(Irp->IoStatus.Status) /*&&
+		irpSp->MinorFunction == IRP_MN_QUERY_ID &&
+		irpSp->Parameters.QueryId.IdType == BusQueryHardwareIDs*/)
+	{
+		if (Irp->IoStatus.Information != 0) 
+		{
+			UNICODE_STRING allHwIdsStr;
+			PWCHAR hwIds = (PWCHAR)Irp->IoStatus.Information;
+
+			status = GetAllHardwareIdsAsString(hwIds, &allHwIdsStr);
+			if (NT_SUCCESS(status))
+			{
+				PWCHAR name = GetReadableBluetoothName(allHwIdsStr.Buffer); // 로그에 사람이 읽을 수 있는 이름으로 남기기 위해 변환 시도				
+				KLogEx(DEBUG_TRACE_INFO, "btheunm connect : %S, %S", name, allHwIdsStr.Buffer);
+
+				if (wcsstr(allHwIdsStr.Buffer, L"110b") != NULL ||
+					wcsstr(allHwIdsStr.Buffer, L"110B") != NULL ||
+					wcsstr(allHwIdsStr.Buffer, L"1105") != NULL)
+				{
+					bBlock = TRUE;
+				}
+
+				//'1124', '1812', '110B', '1108'
+				if (policyLog)
+				{
+					if(hookCtx->processName)
+						RtlStringCbPrintfW(processName, sizeof(processName), L"%S", hookCtx->processName);
+
+					if (/*state == DISABLE &&*/ bBlock)
+						RtlStringCbPrintfW(notice, sizeof(notice), L"btheunm blocked(%s)(%s)", name, allHwIdsStr.Buffer);
+					else
+						RtlStringCbPrintfW(notice, sizeof(notice), L"btheunm allow(%s)(%s)", name, allHwIdsStr.Buffer);
+
+					SetLog(NULL, NULL, LOG_POLICY, BDC_BLUETOOTH, state, 0, processName, notice);
+				}
+
+				if (/*state == DISABLE &&*/ bBlock)
+				{
+					KLogEx(DEBUG_TRACE_INFO, "btheunm connect STATUS_ACCESS_DENIED !!!");
+					ExFreePool(hwIds); // BthEnum이 만들어준 원래 버퍼도 해제
+					Irp->IoStatus.Information = 0;
+					Irp->IoStatus.Status = STATUS_ACCESS_DENIED;
+				}
+				else
+				{
+
+				}
+				
+				if(allHwIdsStr.Buffer)
+					ExFreePoolWithTag(allHwIdsStr.Buffer, TAG_LOG_STR);
+			}
+			else
+			{
+				KLogEx(DEBUG_TRACE_ERROR, "GetAllHardwareIdsAsString Fail (%X)", status);
+			}			
+		}
+	}
+
+	// 상위 드라이버가 원래 등록해두었던 완료 루틴이 있다면 호출하여 흐름 복원
+	if (hookCtx->OldCompletionRoutine != NULL) {
+		BOOLEAN bInvoke = FALSE;
+		if (NT_SUCCESS(Irp->IoStatus.Status) && (hookCtx->OldControl & SL_INVOKE_ON_SUCCESS)) bInvoke = TRUE;
+		if (!NT_SUCCESS(Irp->IoStatus.Status) && (hookCtx->OldControl & SL_INVOKE_ON_ERROR)) bInvoke = TRUE;
+		if (Irp->Cancel && (hookCtx->OldControl & SL_INVOKE_ON_CANCEL)) bInvoke = TRUE;
+
+		if (bInvoke) {
+			status = hookCtx->OldCompletionRoutine(DeviceObject, Irp, hookCtx->OldContext);
+		}
+		else if (Irp->PendingReturned) {
+			IoMarkIrpPending(Irp);
+		}
+	}
+	else {
+		if (Irp->PendingReturned) {
+			IoMarkIrpPending(Irp);
+		}
+	}
+
+	// 할당했던 컨텍스트 메모리 해제 (메모리 릭 방지)
+	ExFreePoolWithTag(hookCtx, 'kooH');
+
+	return status;
+}
+
+NTSTATUS BthEnumPnpControl(PDRIVER_DISPATCH dispath, PDEVICE_OBJECT deviceObject, PIRP irp)
+{
+	PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation(irp);
+	ULONG processId = 0;
+	char szProcessName[20] = { 0, };
+
+	if (!g_bs1Flt.IsAttached)
+		goto $BthEnumCleanup;
+
+	if (!enable_bluetoothhook)
+		goto $BthEnumCleanup;
+
+	processId = HandleToULong(PsGetCurrentProcessId());
+	UGetProcessName(szProcessName);
+
+	// IRP_MN_QUERY_ID (장치 식별자 요청) 일 때만 완료 루틴을 답니다.
+	if (irpSp->MinorFunction == IRP_MN_QUERY_ID &&
+		irpSp->Parameters.QueryId.IdType == BusQueryHardwareIDs)
+	{
+		PBTH_HOOK_CONTEXT hookCtx = (PBTH_HOOK_CONTEXT)ExAllocatePoolWithTag(NonPagedPool, sizeof(BTH_HOOK_CONTEXT), 'kooH');
+
+		if (hookCtx != NULL) {
+			// 기존 스택의 완료 루틴 백업
+			hookCtx->OldCompletionRoutine = irpSp->CompletionRoutine;
+			hookCtx->OldContext = irpSp->Context;
+			hookCtx->OldControl = irpSp->Control;
+			strcpy(hookCtx->processName, szProcessName);
+
+			// 우리의 완료 루틴으로 현재 스택 위치 덮어쓰기 (IoSetCompletionRoutine 사용 불가)
+			irpSp->CompletionRoutine = PnpQueryIdCompletionRoutine;
+			irpSp->Context = hookCtx;
+			irpSp->Control = SL_INVOKE_ON_SUCCESS | SL_INVOKE_ON_ERROR | SL_INVOKE_ON_CANCEL;
+		}
+
+		// 원래의 BthEnum 함수 호출
+		return dispath(deviceObject, irp);
+	}
+$BthEnumCleanup:
+	// 그 외의 PnP 요청은 원래의 BthEnum 함수로 그대로 넘겨버림
+	return dispath(deviceObject, irp);
+}
+
 /**
 	@brief		ºí·çÅõ½º µ¿±Û ÈÄÅ·ÇÔ¼ö
 */
@@ -214,7 +517,7 @@ NTSTATUS RfcommInternalDeviceIoControl(PDRIVER_DISPATCH dispath, PDEVICE_OBJECT
 		if (blueToothlog)
 		{
 			RtlStringCbPrintfW(processName, sizeof(processName), L"%S", szProcessName);
-			RtlStringCbPrintfW(notice, sizeof(notice), L"controlCode(%X)", controlCode);
+			RtlStringCbPrintfW(notice, sizeof(notice), L"rfcom blocked(%X)", controlCode);
 			SetLog(NULL, NULL, LOG_POLICY, BDC_BLUETOOTH, blueToothState, 0, processName, notice);
 		}
 
@@ -520,7 +823,18 @@ NTSTATUS BthusbDeviceIoControl(PDRIVER_DISPATCH dispath, PDEVICE_OBJECT deviceOb
 
 	if (blueToothState == DISABLE)
 	{
-		KLogEx(DEBUG_TRACE_INFO, " bthusb blocked(%X)", controlCode);
+		if (processId == 4)
+			return dispath(deviceObject, irp);
+
+		if (IsDefalutLocalDiskExceptProcess(szProcessName))
+			return dispath(deviceObject, irp);
+
+		if (_strnicmp(szProcessName, "SystemSettings", strlen(szProcessName)) == 0 || 
+			_strnicmp(szProcessName, "RuntimeBroker.", strlen(szProcessName)) == 0 )
+			return dispath(deviceObject, irp);
+
+	
+		KLogEx(DEBUG_TRACE_INFO, " bthusb blocked(%s)(%X)", szProcessName, controlCode);
 
 		if (blueToothlog)
 		{
@@ -555,7 +869,7 @@ NTSTATUS BlueToothIrpHookInit()
 	PDRIVER_OBJECT obj = NULL;
 	PHOOK_CONTEXT hook = NULL;
 
-	for (i = 0; i < bluetooth_maximum; i++)
+	for (i = 0; i < ARRAYSIZE(g_BlueToothHookContexts); i++)
 	{
 		hook = &g_BlueToothHookContexts[i];
 
@@ -616,7 +930,7 @@ NTSTATUS BlueToothIrpHookCleanup()
 
 	KLogEx(DEBUG_TRACE_INFO, "Started...\n");
 
-	for (i = 0; i < bluetooth_maximum; i++)
+	for (i = 0; i < ARRAYSIZE(g_BlueToothHookContexts); i++)
 	{
 		hook = &g_BlueToothHookContexts[i];
 

Tocsg.Module/Bs1Flt/bs1flt/bs1flt_lst.c

@@ -942,6 +942,8 @@ BOOLEAN IsDefalutLocalDiskExceptProcess(char* name)
 	//"dllhost.exe",
 	"dwwin.exe",
 	"vmtoolsd.exe",
+	"eCrmHomeEditio",
+	"eCrmHeUninstal",
 	NULL
 	};
 

eCrmHE/DLL_eCrmHeHelper/BS1Hook.pas

@@ -430,6 +430,8 @@ Constructor TBS1Hook.Create;
         dtCreate_ := FileDateToDateTime(nDosTime);
   end;
 
+
+
 var
   IgrList: TStringList;
   //DrmInitInfo: TTgFileMapping<TDrmInfo>;
@@ -664,6 +666,7 @@ begin
 //    CtrlOpt.nBlockSizeMB := O.I['nBlockSizeMB'];
 
       var OEtcApps, OCurApp: ISuperObject;
+      var BlockFileNew: ISuperObject;
       var sPureAppName: string;
       begin
         OEtcApps := O.O['EtcABApps'];
@@ -685,9 +688,19 @@ begin
         end;
       end;
 
+      /////USB, Bluetooth, UsbToUsb, cdrom, mtp
+      CtrlOpt.IntBtBlockNewFile       := ParseBlockFileNew(O.O['IntBtBlockNewFile'],       CtrlOpt.IntBtBlockNewFile);
+      CtrlOpt.IntUsbBlockNewFile      := ParseBlockFileNew(O.O['IntUsbBlockNewFile'],      CtrlOpt.IntUsbBlockNewFile);
+      CtrlOpt.IntUsbToUsbBlockNewFile := ParseBlockFileNew(O.O['IntUsbToUsbBlockNewFile'], CtrlOpt.IntUsbToUsbBlockNewFile);
+      CtrlOpt.IntCdromBlockNewFile    := ParseBlockFileNew(O.O['IntCdromBlockNewFile'],    CtrlOpt.IntCdromBlockNewFile);
+      CtrlOpt.IntMtpBlockNewFile      := ParseBlockFileNew(O.O['IntMtpBlockNewFile'],      CtrlOpt.IntMtpBlockNewFile);
+
       Helper_.CtrlOpt := CtrlOpt;
       DVLOG('InitContentsFlowHook: hRcvWnd(%d), FileUseBlock(%d), bUseContentFilter(%d)',
         [DWORD(CtrlOpt.hRcvWnd), DWORD(CtrlOpt.FileUseBlock), DWORD(CtrlOpt.bUseContentFilter)]);
+
+      DVLOG('InitContentsFlowHook: USBBlockNewFile... mode(%d), blockByFilename(%d), blockBySizeLimit(%d)',
+        [DWORD(CtrlOpt.IntUsbBlockNewFile.mode), DWORD(CtrlOpt.IntUsbBlockNewFile.blockByFilename_use), DWORD(CtrlOpt.IntUsbBlockNewFile.blockBySizeLimit_use)]);
     end;
 
     InitContentsFlowHook;
@@ -1228,6 +1241,10 @@ begin
 
     DVLOG('ProcessAppCtrlOpt, hRcvWnd(%d), FileUseBlock(%d), bUseContentFilter(%d), ShFileCrMon.nKind(%d)',
       [DWORD(aOpt.hRcvWnd), DWORD(aOpt.FileUseBlock), DWORD(aOpt.bUseContentFilter), aOpt.ShFileCrMon.nKind]);
+
+    DVLOG('ProcessAppCtrlOpt, USBBlockNewFile... mode(%d), blockByFilename(%d), blockBySizeLimit(%d)',
+      [DWORD(aOpt.IntUsbBlockNewFile.mode), DWORD(aOpt.IntUsbBlockNewFile.blockByFilename_use), DWORD(aOpt.IntUsbBlockNewFile.blockBySizeLimit_use)]);
+
 //    DoInterceptRemove;
     aOpt.bMtpWB := aOpt.bMtpWB and (Helper_.CurAppType = catExplorer); // 탐색기에서만 활성화 되도록 24_0604 15:23:45 kku
 
@@ -1271,11 +1288,18 @@ begin
 
     if Helper_.CurAppType = catExplorer then
     begin
-      if aOpt.ShFileCrMon.nKind <> 0 then
+      if (aOpt.ShFileCrMon.nKind <> 0) or
+        (aOpt.IntUsbToUsbBlockNewFile.mode <> abkNone) or
+        (aOpt.IntCdromBlockNewFile.mode <> abkNone) or
+        (aOpt.IntMtpBlockNewFile.mode <> abkNone) then
       begin
         SplitString(UpperCase(Helper_.CtrlOpt.ShFileCrMon.sExpLst), '|', Helper_.FoExpList, false, true);
         InstallFileOperationHooks;
-      end else
+      end
+      else if (aOpt.ShFileCrMon.nKind = 0) or
+        (aOpt.IntUsbToUsbBlockNewFile.mode = abkNone) or
+        (aOpt.IntCdromBlockNewFile.mode = abkNone) or
+        (aOpt.IntMtpBlockNewFile.mode = abkNone) then
         UninstallFileOperationHooks;
     end;
 

eCrmHE/DLL_eCrmHeHelper/eCrmHeHelper.dproj

@@ -5,7 +5,7 @@
         <FrameworkType>VCL</FrameworkType>
         <Base>True</Base>
         <Config Condition="'$(Config)'==''">Release</Config>
-        <Platform Condition="'$(Platform)'==''">Win32</Platform>
+        <Platform Condition="'$(Platform)'==''">Win64</Platform>
         <TargetedPlatforms>3</TargetedPlatforms>
         <AppType>Library</AppType>
         <MainSource>eCrmHeHelper.dpr</MainSource>

eCrmHE/DLL_eCrmHeHelper/eCrmHeHelper.dproj.local

@@ -1,20 +1,20 @@
 <?xml version="1.0" encoding="utf-8"?>
 <BorlandProject>
 	<Transactions>
-    <Transaction>1899-12-30 00:00:00.000.934,C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\MTPMon\MTPControl\ObexParserUnit.pas=</Transaction>
-    <Transaction>1899-12-30 00:00:00.000.361,=C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\MTPMon\MTPControl\ObexParserUnit.pas</Transaction>
-    <Transaction>1899-12-30 00:00:00.000.033,=C:\mgkim\8.bsone\BSOne.SFC\eCrmHE\DLL_eCrmHeHelper\WindowFinderThread.pas</Transaction>
-    <Transaction>1899-12-30 00:00:00.000.581,=C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\MTPMon\MTPControl\ObexParserUnit.pas</Transaction>
-    <Transaction>1899-12-30 00:00:00.000.546,=C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\MTPMon\MTPControl\FileHandleListUnit.pas</Transaction>
-    <Transaction>1899-12-30 00:00:00.000.894,C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\MTPMon\MTPControl\FileHandleListUnit.pas=</Transaction>
-    <Transaction>1899-12-30 00:00:00.000.318,=C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\MTPMon\MTPControl\FileHandleListUnit.pas</Transaction>
     <Transaction>1899-12-30 00:00:00.000.796,C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\MTPMon\MTPControl\BsoneDebug.pas=</Transaction>
-    <Transaction>1899-12-30 00:00:00.000.508,=C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\MTPMon\MTPControl\BsoneUtil.pas</Transaction>
-    <Transaction>1899-12-30 00:00:00.000.853,C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\MTPMon\MTPControl\BsoneUtil.pas=</Transaction>
-    <Transaction>1899-12-30 00:00:00.000.283,=C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\MTPMon\MTPControl\BsoneUtil.pas</Transaction>
-    <Transaction>1899-12-30 00:00:00.000.691,=C:\mgkim\8.bsone\BSOne.SFC\eCrmHE\DLL_eCrmHeHelper\Unit1.pas</Transaction>
-    <Transaction>1899-12-30 00:00:00.000.246,=C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\MTPMon\MTPControl\BsoneDebug.pas</Transaction>
     <Transaction>1899-12-30 00:00:00.000.471,=C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\MTPMon\MTPControl\BsoneDebug.pas</Transaction>
-    <Transaction>1899-12-30 00:00:00.000.713,C:\mgkim\8.bsone\BSOne.SFC\eCrmHE\DLL_eCrmHeHelper\Unit1.pas=C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\MTPMon\MTPControl\ApiHookContents.pas</Transaction>
+    <Transaction>1899-12-30 00:00:00.000.033,=C:\mgkim\8.bsone\BSOne.SFC\eCrmHE\DLL_eCrmHeHelper\WindowFinderThread.pas</Transaction>
+    <Transaction>1899-12-30 00:00:00.000.246,=C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\MTPMon\MTPControl\BsoneDebug.pas</Transaction>
+    <Transaction>1899-12-30 00:00:00.000.318,=C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\MTPMon\MTPControl\FileHandleListUnit.pas</Transaction>
+    <Transaction>1899-12-30 00:00:00.000.894,C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\MTPMon\MTPControl\FileHandleListUnit.pas=</Transaction>
+    <Transaction>1899-12-30 00:00:00.000.546,=C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\MTPMon\MTPControl\FileHandleListUnit.pas</Transaction>
+    <Transaction>1899-12-30 00:00:00.000.934,C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\MTPMon\MTPControl\ObexParserUnit.pas=</Transaction>
+    <Transaction>1899-12-30 00:00:00.000.283,=C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\MTPMon\MTPControl\BsoneUtil.pas</Transaction>
+    <Transaction>1899-12-30 00:00:00.000.853,C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\MTPMon\MTPControl\BsoneUtil.pas=</Transaction>
+    <Transaction>1899-12-30 00:00:00.000.508,=C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\MTPMon\MTPControl\BsoneUtil.pas</Transaction>
+    <Transaction>1899-12-30 00:00:00.000.691,=C:\mgkim\8.bsone\BSOne.SFC\eCrmHE\DLL_eCrmHeHelper\Unit1.pas</Transaction>
+    <Transaction>1899-12-30 00:00:00.000.581,=C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\MTPMon\MTPControl\ObexParserUnit.pas</Transaction>
+    <Transaction>1899-12-30 00:00:00.000.361,=C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\MTPMon\MTPControl\ObexParserUnit.pas</Transaction>
+    <Transaction>1899-12-30 00:00:00.000.713,C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\MTPMon\MTPControl\ApiHookContents.pas=C:\mgkim\8.bsone\BSOne.SFC\eCrmHE\DLL_eCrmHeHelper\Unit1.pas</Transaction>
   </Transactions>
 </BorlandProject>

eCrmHE/EXE_eCrmHeHelper/DefineHelper.pas

@@ -56,6 +56,7 @@ const
   HPCMD_STOP_SCREEN_RECORD = 37;
   HPCDM_PRINT_INFO_LIST = 38;
   HPCMD_CHECK_SIZE = 39;	
+  HPCMD_BLOCK = 40;
 
   HPCMD_REP_NETDIR_PROGRESS = 201;
   HPCMD_REP_NETDIR_SCANPATH = 202;

eCrmHE/EXE_eCrmHeInstaller/DeCrmHeInstMain.pas

@@ -161,11 +161,12 @@ type
 
   TInstFileInfo = class(TTgObject)
   private
-    IgrFList_,
+    IgrFList_ : TStringList;
-    FileList_: TStringList;
+
     procedure OnZipConfirmItem(Sender : TObject; Item : TAbArchiveItem; ProcessType : TAbProcessType; var Confirm : Boolean);
   public
     CurrDir: String;
+    FileList_: TStringList;
     Constructor Create;
     Destructor Destroy; override;
     procedure SaveFileInfo(sPath: String);
@@ -183,7 +184,7 @@ uses
   Define, Tocsg.Path, ProcessUninstall, GlobalDefine, Tocsg.VTUtil,
   Tocsg.Safe, Tocsg.Exception, Tocsg.Service,
   Winapi.WinSvc, Tocsg.Process, Tocsg.Shell, Tocsg.Files,
-  Tocsg.Strings, CrmLogger, Tocsg.Trace, Tocsg.WTS, Tocsg.Win32, Condition,
+  Tocsg.Strings, CrmLogger, Tocsg.Trace, Tocsg.WTS, Tocsg.Win32, Condition, Tocsg.Encrypt,
   Tocsg.WinInfo, CrmUtil, AbUnzper,
   GlobalOutAddInDefine, DUserInfoAgree, ManagerModel, Tocsg.Convert, Lang,
   Tocsg.Hash;
@@ -247,6 +248,8 @@ var
   OA, O: ISuperObject;
   i: Integer;
   sHash: String;
+  ss: TStringStream;
+
 begin
   try
     OA := TSuperObject.Create(stArray);
@@ -255,6 +258,22 @@ begin
     begin
       if FileExists(FileList_[i]) then
       begin
+
+        if Pos('si.dat', FileList_[i]) > 0 then
+        begin
+          var sidat, encsidat: TStringStream;
+          var siO:ISuperObject;
+
+          Guard(sidat, TStringStream.Create('', TEncoding.UTF8));
+          sidat.LoadFromFile(FileList_[i]);
+//          siO := SO(sidat.DataString);
+          OutputDebugString(PChar(Format('[MGKIM] Encrypt ok : DataString : %s',[sidat.DataString])));
+          Guard(encsidat, TStringStream.Create(
+            EncStrToBinStr(ekAes256cbc, PASS_MODEL, sidat.DataString), TEncoding.UTF8));
+          encsidat.SaveToFile(FileList_[i]);
+          OutputDebugString(PChar(Format('[MGKIM] Encrypt ok : %s',[PChar(FileList_[i])])));
+        end;
+
         sHash := GetFileToSha256(FileList_[i]);
         if sHash <> '' then
         begin
@@ -262,13 +281,19 @@ begin
           O.S['P'] := FileList_[i];
           O.S['H'] := sHash;
           OA.AsArray.Add(O);
+
+          OutputDebugString(PChar(Format('[MGKIM] P: %s, H: %s',[PChar(FileList_[i]), PChar(sHash)])));
         end;
       end;
     end;
 
     O := SO;
     O.O['List'] := OA;
-    SaveJsonObjToFile(O, sPath);
+    Guard(ss, TStringStream.Create(
+      EncStrToBinStr(ekAes256cbc, PASS_MODEL, O.AsString), TEncoding.UTF8));
+
+    ss.SaveToFile(sPath);
+    //SaveJsonObjToFile(O, sPath);
   except
     on E: Exception do
       ETgException.TraceException(Self, E, 'Fail .. SaveFileInfo()');
@@ -802,7 +827,7 @@ begin
       AgentModel.Save(sInstDir + DIR_CONF + DAT_AGENT);
     end;
 
-    InstFileInfo.SaveFileInfo(sBackDir + 'rst.00');
+
 
     AddInstEnt('Tocsg.Installation.ServiceManager', 'Windows Service Registration');
 
@@ -821,6 +846,8 @@ begin
         exit;
       Sleep(1000);
 
+      InstFileInfo.FileList_.Add(PChar(sSysDir + DLL_SV));
+
       AddInstEnt('Tocsg.Installation.Validator', 'Validating the installation');
       if ServiceExists(NAME_SERVICE) or
           InstallServiceDll(sSysDir + DLL_SV,
@@ -842,6 +869,8 @@ begin
         exit;
       Sleep(1000);
 
+      InstFileInfo.FileList_.Add(PChar(sSysDir + EXE_SV));
+
       AddInstEnt('Tocsg.Installation.Validator', 'Validating the installation');
       if InstallService(NAME_SERVICE, sSysDir + EXE_SV, NAME_SERVICE,
               SERVICE_WIN32_OWN_PROCESS, SERVICE_AUTO_START) then
@@ -857,6 +886,11 @@ begin
       end;
     end;
 
+    if Result then
+    begin
+      InstFileInfo.SaveFileInfo(sBackDir + 'rst.00');
+    end;
+
   {$IFDEF _SILENT_}
     {$IFDEF _SHCD_}
       var sPath: String := GetWindowsDir;

eCrmHE/EXE_eCrmHomeEdition/BuildInfo.pas

@@ -3,7 +3,7 @@
 interface
 
 const
-  BUILD_DT = '2025-12-23 16:55:23';
+  BUILD_DT = '2026-03-18 20:12:14';
 
 implementation
 

eCrmHE/EXE_eCrmHomeEdition/DeCrmHeMain.dfm

@@ -10445,6 +10445,10 @@ object DlgeCrmHeMain: TDlgeCrmHeMain
       Caption = #54532#47196#49464#49828' '#51333#47308' '#48169#51648' '#54644#51228
       OnClick = miProcessTerminatePrevateClick
     end
+    object miIntegrityAultLog: TMenuItem
+      Caption = #47924#44208#49457' '#44048#49324' '#47196#44536' '#53580#49828#53944
+      OnClick = miIntegrityAultLogClick
+    end
   end
   object imgArrow: TPngImageList
     Height = 26

eCrmHE/EXE_eCrmHomeEdition/DeCrmHeMain.pas

@@ -179,6 +179,7 @@ type
     miPcCleanup_OffSafe: TMenuItem;
     miFilePerDel: TMenuItem;
     miProcessTerminatePrevate: TMenuItem;
+    miIntegrityAultLog: TMenuItem;
     procedure imgMainMouseDown(Sender: TObject; Button: TMouseButton;
       Shift: TShiftState; X, Y: Integer);
     procedure imgCloseClick(Sender: TObject);
@@ -283,6 +284,7 @@ type
     procedure miTempDelClick(Sender: TObject);
     procedure miRecycleDelClick(Sender: TObject);
     procedure miProcessTerminatePrevateClick(Sender: TObject);
+    procedure miIntegrityAultLogClick(Sender: TObject);
   private
     { Private declarations }
     HTTP_: TIdHTTP;
@@ -504,7 +506,7 @@ uses
   DSchPiNoti, DNoticeImg, Tocsg.Delete, Tocsg.PCRE, ProcessSoftcampDRM, DCurPolicyView,
   DCustomCttSchOpt,
   DViewCustomCttSchResult, STLabGuardModule, DEncryptDrm, ThdWebUrl, Winapi.ActiveX, ManagerPrint,
-  DPrintApproveReq, DReqPrintList, DPrintApproveReqA, DPrintApproveRst, Tocsg.AIP,
+  DPrintApproveReq, DReqPrintList, DPrintApproveReqA, DPrintApproveRst, Tocsg.AIP, Tocsg.Encrypt,
   DAip2KessDrm, DKess2AipDrm, Tocsg.Hash, BuildInfo, DDeleteCode,
   Winapi.AccCtrl, Winapi.AclAPI, DEjectDLL, DUsbInfo, DBs1Log, Tocsg.Printer, DBrowserOpt, DPerfectDel, Tocsg.Disk, DEncryptAip, DDecryptAip, Tocsg.Url;
 
@@ -719,14 +721,14 @@ var
     if FileExists(sPath) then
     begin
       Guard(ini, TIniFile.Create(sPath));
-      var SvrList: TStringList;
+//      var SvrList: TStringList;
-      Guard(SvrList, TStringList.Create);
+//      Guard(SvrList, TStringList.Create);
-      if SplitString(Trim(ini.ReadString('Force', 'SvrDest', '')), ';', SvrList) > 0 then
+//      if SplitString(Trim(ini.ReadString('Force', 'SvrDest', '')), ';', SvrList) > 0 then
-      begin
+//      begin
-        SetLength(DEST_FORCE, SvrList.Count);
+//        SetLength(DEST_FORCE, SvrList.Count);
-        for i := 0 to SvrList.Count - 1 do
+//        for i := 0 to SvrList.Count - 1 do
-          DEST_FORCE[i] := SvrList[i];
+//          DEST_FORCE[i] := SvrList[i];
-      end;
+//      end;
       CUSTOMER_TYPE := ConvCustomerCodeFromNick(Trim(ini.ReadString('Force', 'Customer', '')));
 
       if ini.ReadBool('Force', 'DebugMode', false) then
@@ -752,6 +754,46 @@ var
       InitForceConfig;
     end;
 
+    sPath := GetRunExePathDir + DAT_SERVERINFO;
+    TTgTrace.T('ServerInfo .. sPath : %s', [sPath]);
+    if FileExists(sPath) then
+    begin
+      var Path, SvrDest: string;
+      var ss: TStringStream;
+      var O, ItemObj: ISuperObject;
+      var ListObj: TSuperArray;
+      try
+        Guard(ss, TStringStream.Create('', TEncoding.UTF8));
+        ss.LoadFromFile(sPath);
+
+//        O := SO(ss.DataString);
+        O := SO(DecBinStrToStr(ekAes256cbc, PASS_MODEL, ss.DataString));
+        if O <> nil then
+        begin
+          SvrDest := O.S['SvrDest'];
+          TTgTrace.T('ServerInfo .. ServerInfo : %s', [SvrDest]);
+          var SvrList: TStringList;
+          Guard(SvrList, TStringList.Create);
+          if SplitString(SvrDest, ';', SvrList) > 0 then
+          begin
+            SetLength(DEST_FORCE, SvrList.Count);
+            for i := 0 to SvrList.Count - 1 do
+            begin
+              DEST_FORCE[i] := SvrList[i];
+            end;
+          end;
+        end;
+      except
+        on E: Exception do
+          ETgException.TraceException(Self, E, 'Fail .. ServerInfo json fail()');
+      end;
+    end
+    else
+    begin
+      MessageBox(Handle, '서버 정보가 없습니다. 재설치 해주세요.', PChar(APP_TITLE), MB_ICONWARNING or MB_OK);
+      Exit;
+    end;
+
   // 레지스트리에 버전 정보 추가 22_0801 17:49:10 kku
     SetRegValueString(HKEY_LOCAL_MACHINE, REG_HE, 'Version', SdkVersion, true);
 
@@ -982,9 +1024,13 @@ begin
   InitCtrls;
 
   //mgkim 테스트를 위해 주석
-  RecoverSvc_ := TRecoverService.Create;
 //  if bExeRecover then
+//  begin
+//    RecoverSvc_ := TRecoverService.Create;
 //    RecoverSvc_.StartService;
+//    TTgTrace.T('[MGKIM] RecoverSvc.. start', 2);
+//  end;
+
 
   if IsLogSendToWindbg then
   begin
@@ -2201,8 +2247,8 @@ begin
         end else
           lbConn.Font.Color := clWhite;
       end;
-
+      //mgkim
-      sVer := SdkVersion;
+      sVer := 'BSOne v' + SdkVersion + ' builddate: ' + BUILD_DT;
       if MgSvc_.Connected then
       begin
         sVer := sVer + ' (Manage Mode)';
@@ -5515,6 +5561,19 @@ begin
   dlg.Show;
 end;
 
+procedure TDlgeCrmHeMain.miIntegrityAultLogClick(Sender: TObject);
+begin
+  if RecoverSvc_ <> nil then
+  begin
+    RecoverSvc_.PerformInitialAudit;
+  end
+  else
+  begin
+    RecoverSvc_ := TRecoverService.Create;
+    FreeAndNil(RecoverSvc_);
+  end;
+end;
+
 procedure TDlgeCrmHeMain.miKess2AipClick(Sender: TObject);
 var
   dlg: TDlgKess2AipDrm;
@@ -6089,6 +6148,24 @@ begin
             msg.Result := 300;
         end;
       end;
+      HPCMD_BLOCK :
+      begin
+        var REnt: TRecentFnd;
+
+        sTemp := Copy(PChar(pCpData.lpData), 1, pCpData.cbData);
+        O := SO(sTemp);
+        msg.Result := 0;
+        REnt.dtReg := Now;
+        REnt.sMName := O.S['MName'];
+        REnt.sPath := O.S['Path'];
+        REnt.sFounds := O.S['resultMsg'];
+        REnt.sFoundsC := O.S['resultMsg'];
+        REnt.curAppType := TCurAppType(O.I['Type']);
+        REnt.bResult := True;
+        MgSvc_.AddRecentFnd(REnt);
+        msg.Result := 300;
+        TTgTrace.T('[MGKIM] HPCMD_BLOCK.. %d,,, %s',[msg.Result, O.S['resultMsg']], 1);
+      end;
       HPCMD_CHECK_CONTENT :
       begin
         sTemp := Copy(PChar(pCpData.lpData), 1, pCpData.cbData);
@@ -6108,6 +6185,7 @@ begin
         case TCurAppType(O.I['Type']) of
           catWebb    : nBlockMB := MgSvc_.ModePolicy.WebFileBlockMB;
           catOutlook : nBlockMB := MgSvc_.ModePolicy.OutFileBlockMB;
+          //mgkim bluetooth, usb, usbtousb 도 추가되어야함..
           else nBlockMB := MgSvc_.ModePolicy.AppFileBlockMB;
         end;
 
@@ -7052,7 +7130,7 @@ procedure TDlgeCrmHeMain.process_WM_NOTIFY_HOOKDATA(var msg: TMessage);
 var
   sPath: String;
 
-  function GetVioInfo: ISuperObject;
+  function GetVioInfo(var resultMsg: string): ISuperObject;
   var
     EntList, InfoList: TStringList;
     i: Integer;
@@ -7062,6 +7140,14 @@ var
     try
       if MgSvc_.GetRecentFnd(sPath, REnt) then
       begin
+
+        if Pos(RESULT_SEPARATOR, REnt.sFoundsC) = 0 then
+        begin
+          TTgTrace.T('[MGKIM] GetVioInfo.. sFoundsC(%s)', [REnt.sFoundsC]);
+          resultMsg:= REnt.sFoundsC;
+          exit;
+        end;
+
         Guard(EntList, TStringList.Create);
         SplitString(REnt.sFoundsC, RESULT_SEPARATOR, EntList);
 
@@ -7135,6 +7221,7 @@ var
   llSize: LONGLONG;
   i: Integer;
   FDeviceName: string;
+  resultMsg: string;
 begin
   try
 //    TTgTrace.T('process_WM_NOTIFY_HOOKDATA .. 1');
@@ -7145,6 +7232,7 @@ begin
     nFType := Rcv.I['FType']; // 0 : 없는 파일, 1: 존재 파일, 2 : 네트워크 파일, 3 : 특수 경로 파일
     dwPid := Rcv.I['PID'];
     FDeviceName := Rcv.S['FDeviceName'];
+
 // WebEx에서는 첨부 파일 접근이 지속적으로 반복되서 로그가 중복되는 현상이 있다.
 // 아래처럼 방지 처리
 
@@ -7368,6 +7456,106 @@ begin
               else
                 sMsg := Format('Process : %s, Path : %s', [sPName, sPath]);
             end;
+            catFquirt  :
+            begin
+              nMinMB := PO.IntBtBlockNewFile.origFileCol_minMb;
+              nLimitMB := PO.IntBtBlockNewFile.origFileCol_maxMb;
+              if PO.IntBtBlockNewFile.userAlert then
+              begin
+                O.B['M'] := true;
+//                bPopup := true;
+//                  bPopup := PO.OutlookAB.Kind = abkLog; // true; // 차단만 알림 팝업되도록 기능 수정 24_0820 14:32:50 kku
+              end;
+
+              bCollectTxt := PO.IntBtBlockNewFile.origTextCol;
+              bCollectFile := PO.IntBtBlockNewFile.origFileCol_use;
+              sCode := MONITOR_PROCESS_ATTACH;
+
+              if FDeviceName <> '' then
+                sMsg := Format('[%s] Process : %s, Path : %s', [FDeviceName, sPName, sPath])
+              else
+                sMsg := Format('Process : %s, Path : %s', [sPName, sPath]);
+            end;
+            catLINKENGKM  :
+            begin
+              nMinMB := PO.IntUsbToUsbBlockNewFile.origFileCol_minMb;
+              nLimitMB := PO.IntUsbToUsbBlockNewFile.origFileCol_maxMb;
+              if PO.IntUsbToUsbBlockNewFile.userAlert then
+              begin
+                O.B['M'] := true;
+//                bPopup := true;
+//                  bPopup := PO.OutlookAB.Kind = abkLog; // true; // 차단만 알림 팝업되도록 기능 수정 24_0820 14:32:50 kku
+              end;
+
+              bCollectTxt := PO.IntUsbToUsbBlockNewFile.origTextCol;;
+              bCollectFile := PO.IntUsbToUsbBlockNewFile.origFileCol_use;
+              sCode := MONITOR_PROCESS_ATTACH;
+
+              if FDeviceName <> '' then
+                sMsg := Format('[%s] Process : %s, Path : %s', [FDeviceName, sPName, sPath])
+              else
+                sMsg := Format('Process : %s, Path : %s', [sPName, sPath]);
+            end;
+            catUsb  :
+            begin
+              nMinMB := PO.IntUsbBlockNewFile.origFileCol_minMb;
+              nLimitMB := PO.IntUsbBlockNewFile.origFileCol_maxMb;
+              if PO.IntUsbBlockNewFile.userAlert then
+              begin
+                O.B['M'] := true;
+//                bPopup := true;
+//                bPopup := PO.OutlookAB.Kind = abkLog; // true; // 차단만 알림 팝업되도록 기능 수정 24_0820 14:32:50 kku
+              end;
+
+              bCollectTxt := PO.IntUsbBlockNewFile.origTextCol;
+              bCollectFile := PO.IntUsbBlockNewFile.origFileCol_use;
+              sCode := MONITOR_PROCESS_ATTACH;
+
+              if FDeviceName <> '' then
+                sMsg := Format('[%s] Process : %s, Path : %s', [FDeviceName, sPName, sPath])
+              else
+                sMsg := Format('Process : %s, Path : %s', [sPName, sPath]);
+            end;
+            catCdrom  :
+            begin
+              nMinMB := PO.IntCdromBlockNewFile.origFileCol_minMb;
+              nLimitMB := PO.IntCdromBlockNewFile.origFileCol_maxMb;
+              if PO.IntCdromBlockNewFile.userAlert then
+              begin
+                O.B['M'] := true;
+//                bPopup := true;
+//                bPopup := PO.OutlookAB.Kind = abkLog; // true; // 차단만 알림 팝업되도록 기능 수정 24_0820 14:32:50 kku
+              end;
+
+              bCollectTxt := PO.IntCdromBlockNewFile.origTextCol;
+              bCollectFile := PO.IntCdromBlockNewFile.origFileCol_use;
+              sCode := MONITOR_PROCESS_ATTACH;
+
+              if FDeviceName <> '' then
+                sMsg := Format('[%s] Process : %s, Path : %s', [FDeviceName, sPName, sPath])
+              else
+                sMsg := Format('Process : %s, Path : %s', [sPName, sPath]);
+            end;
+            catMtp  :
+            begin
+              nMinMB := PO.IntMtpBlockNewFile.origFileCol_minMb;
+              nLimitMB := PO.IntMtpBlockNewFile.origFileCol_maxMb;
+              if PO.IntMtpBlockNewFile.userAlert then
+              begin
+                O.B['M'] := true;
+//                bPopup := true;
+//                bPopup := PO.OutlookAB.Kind = abkLog; // true; // 차단만 알림 팝업되도록 기능 수정 24_0820 14:32:50 kku
+              end;
+
+              bCollectTxt := PO.IntMtpBlockNewFile.origTextCol;
+              bCollectFile := PO.IntMtpBlockNewFile.origFileCol_use;
+              sCode := MONITOR_PROCESS_ATTACH;
+
+              if FDeviceName <> '' then
+                sMsg := Format('[%s] Process : %s, Path : %s', [FDeviceName, sPName, sPath])
+              else
+                sMsg := Format('Process : %s, Path : %s', [sPName, sPath]);
+            end;
             else begin
   //            if (PO.EtcAB.Kind <> abkLog) and not PO.IsAllowLogAppAB then
   //              exit;
@@ -7453,9 +7641,9 @@ begin
               end;
 
 //              sCode := MONITOR_PROCESS_ATTACH_UPDOWN;
-              if FDeviceName <> '' then
+//              if FDeviceName <> '' then
-                sMsg := Format('[%s] Process : %s, Path : %s', [FDeviceName, sPName, sPath])
+//                sMsg := Format('[%s] Process : %s, Path : %s', [FDeviceName, sPName, sPath])
-              else
+//              else
                 sMsg := Format('Process : %s, Path : %s', [sPName, sPath]);
 
             end;
@@ -7467,21 +7655,20 @@ begin
             var FileExtractResultInfo: string;
 
             ZeroMemory(@LogInfo, SizeOf(LogInfo));
-            FileExtractResultInfo := GetFileExtractResultInfo;
+//            FileExtractResultInfo := GetFileExtractResultInfo;
 
             LogInfo.sCode := sCode;
+            LogInfo.sAppName := sPName;
+            LogInfo.sPath := sPath;
+            LogInfo.OVio := GetVioInfo(FileExtractResultInfo);
+            if sWebTitle <> '' then
+              LogInfo.sDevName := sWebTitle;
 
             if FileExtractResultInfo <> '' then
               LogInfo.sSummary := LogInfo.sSummary + sMsg + ' ErrorCode : ' + FileExtractResultInfo
             else
               LogInfo.sSummary := sMsg;
 
-            LogInfo.sAppName := sPName;
-            LogInfo.sPath := sPath;
-            LogInfo.OVio := GetVioInfo;
-            if sWebTitle <> '' then
-              LogInfo.sDevName := sWebTitle;
-
             if bCollectTxt then
               LogInfo.sBody := ExtrTextFromFile(sPath);
 
@@ -7529,6 +7716,7 @@ begin
 
           dwChkAbMon_ := GetTickCount;
           sChkAbMon_ := Rcv.S['FPath'];
+          resultMsg := Rcv.S['resultMsg'];
           bPrevent := true;
 
           nLimitMB := 20;
@@ -7615,7 +7803,104 @@ begin
   //            bCollectFile := PO.WebbAB.bCollectFile and not PO.IsIgrCollectCutWebAB;
               bPopup := PO.WebbAB.bPopup;
             end;
-            else begin
+            catFquirt  :
+            begin
+              nMinMB := PO.IntBtBlockNewFile.origFileCol_minMb;
+              nLimitMB := PO.IntBtBlockNewFile.origFileCol_maxMb;
+              if PO.IntBtBlockNewFile.userAlert then
+              begin
+                bPopup := true;
+              end;
+
+              bCollectTxt := PO.IntBtBlockNewFile.origTextCol;
+              bCollectFile := PO.IntBtBlockNewFile.origFileCol_use;
+              sCode := PREVENT_PROCESS_ATTACH;
+
+              if FDeviceName <> '' then
+                sMsg := Format('[%s] Process : %s, Path : %s', [FDeviceName, sPName, sPath])
+              else
+                sMsg := Format('Process : %s, Path : %s', [sPName, sPath]);
+            end;
+            catLINKENGKM  :
+            begin
+              nMinMB := PO.IntUsbToUsbBlockNewFile.origFileCol_minMb;
+              nLimitMB := PO.IntUsbToUsbBlockNewFile.origFileCol_maxMb;
+              if PO.IntUsbToUsbBlockNewFile.userAlert then
+              begin
+                bPopup := true;
+              end;
+
+              bCollectTxt := PO.IntUsbToUsbBlockNewFile.origTextCol;
+              bCollectFile := PO.IntUsbToUsbBlockNewFile.origFileCol_use;
+              sCode := PREVENT_PROCESS_ATTACH;
+
+              if FDeviceName <> '' then
+                sMsg := Format('[%s] Process : %s, Path : %s', [FDeviceName, sPName, sPath])
+              else
+                sMsg := Format('Process : %s, Path : %s', [sPName, sPath]);
+            end;
+            catUsb  :
+            begin
+              nMinMB := PO.IntUsbBlockNewFile.origFileCol_minMb;
+              nLimitMB := PO.IntUsbBlockNewFile.origFileCol_maxMb;
+              if PO.IntUsbBlockNewFile.userAlert then
+              begin
+                bPopup := true;
+              end;
+
+              bCollectTxt := PO.IntUsbBlockNewFile.origTextCol;
+              bCollectFile := PO.IntUsbBlockNewFile.origFileCol_use;
+              sCode := PREVENT_PROCESS_ATTACH;
+
+              TTgTrace.T('[MGKIM] NOTI_HOOK_BLOCK_ATTACH..catUsb.. userAlert(%d), bCollectTxt(%d), bCollectFile(%d), bPopup(%d)',
+                [DWORD(PO.IntUsbBlockNewFile.userAlert), DWORD(bCollectTxt), DWORD(bCollectFile), DWORD(bPopup)]);
+
+              if FDeviceName <> '' then
+                sMsg := Format('[%s] Process : %s, Path : %s', [FDeviceName, sPName, sPath])
+              else
+                sMsg := Format('Process : %s, Path : %s', [sPName, sPath]);
+            end;
+            catCdrom  :
+            begin
+              nMinMB := PO.IntCdromBlockNewFile.origFileCol_minMb;
+              nLimitMB := PO.IntCdromBlockNewFile.origFileCol_maxMb;
+              if PO.IntCdromBlockNewFile.userAlert then
+              begin
+                bPopup := true;
+              end;
+
+              bCollectTxt := PO.IntCdromBlockNewFile.origTextCol;
+              bCollectFile := PO.IntCdromBlockNewFile.origFileCol_use;
+              sCode := PREVENT_PROCESS_ATTACH;
+
+              if FDeviceName <> '' then
+                sMsg := Format('[%s] Process : %s, Path : %s', [FDeviceName, sPName, sPath])
+              else
+                sMsg := Format('Process : %s, Path : %s', [sPName, sPath]);
+            end;
+            catMtp  :
+            begin
+              nMinMB := PO.IntMtpBlockNewFile.origFileCol_minMb;
+              nLimitMB := PO.IntMtpBlockNewFile.origFileCol_maxMb;
+              if PO.IntMtpBlockNewFile.userAlert then
+              begin
+                bPopup := true;
+              end;
+
+              bCollectTxt := PO.IntMtpBlockNewFile.origTextCol;
+              bCollectFile := PO.IntMtpBlockNewFile.origFileCol_use;
+              sCode := PREVENT_PROCESS_ATTACH;
+
+              TTgTrace.T('[MGKIM] NOTI_HOOK_BLOCK_ATTACH..catMtp.. userAlert(%d), bCollectTxt(%d), bCollectFile(%d), bPopup(%d)',
+                [DWORD(PO.IntMtpBlockNewFile.userAlert), DWORD(bCollectTxt), DWORD(bCollectFile), DWORD(bPopup)]);
+
+              if FDeviceName <> '' then
+                sMsg := Format('[%s] Process : %s, Path : %s', [FDeviceName, sPName, sPath])
+              else
+                sMsg := Format('Process : %s, Path : %s', [sPName, sPath]);
+            end;
+            else
+            begin
               if CompareText('wechat.exe', sPName) = 0 then
               begin
               // 위챗은 첨부 시 전송 다열로그가 뜨는데 훅으로 차단을 해도 이 다열로그를 통해서 전송이 된다.
@@ -7629,9 +7914,6 @@ begin
               nLimitMB := PO.AppABLimitMB;
 //              sCode := PREVENT_PROCESS_ATTACH_UPDOWN;
 
-              if FDeviceName <> '' then
-                sMsg := Format('[%s] Process : %s, Path : %s', [FDeviceName, sPName, sPath])
-              else
               sMsg := Format('Process : %s, Path : %s', [sPName, sPath]);
 
               if (Pos('>', sPName) > 0) or (GetFileExt(sPath).ToUpper = 'CRSWAP') then
@@ -7685,18 +7967,19 @@ begin
             var FileExtractResultInfo: string;
             FileExtractResultInfo := GetFileExtractResultInfo;
             ZeroMemory(@LogInfo, SizeOf(LogInfo));
+
             LogInfo.sCode := sCode;
+            LogInfo.sAppName := sPName;
+            LogInfo.sPath := sPath;
+            LogInfo.OVio := GetVioInfo(FileExtractResultInfo);
+            if sWebTitle <> '' then
+              LogInfo.sDevName := sWebTitle;
+
             if FileExtractResultInfo <> '' then
               LogInfo.sSummary := LogInfo.sSummary + sMsg + ' Error:' + FileExtractResultInfo
             else
               LogInfo.sSummary := sMsg;
 
-            LogInfo.sAppName := sPName;
-            LogInfo.sPath := sPath;
-            LogInfo.OVio := GetVioInfo;
-            if sWebTitle <> '' then
-              LogInfo.sDevName := sWebTitle;
-
             if (TCurAppType(Rcv.I['Info']) = catWebb) and (sRecentBwUrl_ <> '') then
             begin
               LogInfo.sDestIpUrl := sRecentBwUrl_;

eCrmHE/EXE_eCrmHomeEdition/FPolicyView.pas

@@ -201,6 +201,13 @@ resourcestring
   RS_AlramKind3 = '알림센터 사용';
   RS_AfterShutdown = '일정시간 뒤 PC 종료';
 
+  RS_BlueToothFIleNew = '블루투스 파일 차단';
+  RS_UsbToothFIleNew = 'USB 파일 차단';
+  RS_UsbToUsbToothFIleNew = 'USB To Usb 파일 차단';
+  RS_CdromToothFIleNew = 'Cdrom 파일 차단';
+  RS_MtpToothFIleNew = 'MTP 파일 차단';
+
+
 {$R *.dfm}
 
 Constructor TFrmPolicyView.Create(aOwner: TComponent);
@@ -888,21 +895,53 @@ begin
         sfkPopup    : AddEnt(pNode, RS_SharedFolderBlock, RS_PopupOnly);
         sfkLog      : AddEnt(pNode, RS_SharedFolderBlock, RS_Log);
       end;
-      case PO.DrmAccessKind of
+
-        dakNone  : AddEnt(pNode, RS_OpenDRM, 'OFF');
+      //mgkim
-        dakEmpNo : AddEnt(pNode, RS_OpenDRM, RS_Person);
+//      case PO.DrmAccessKind of
-        dakDept  : AddEnt(pNode, RS_OpenDRM, RS_Dept);
+//        dakNone  : AddEnt(pNode, RS_OpenDRM, 'OFF');
-        dakAll   : AddEnt(pNode, RS_OpenDRM, RS_All);
+//        dakEmpNo : AddEnt(pNode, RS_OpenDRM, RS_Person);
-      end;
+//        dakDept  : AddEnt(pNode, RS_OpenDRM, RS_Dept);
-      case PO.DrmModifyKind of
+//        dakAll   : AddEnt(pNode, RS_OpenDRM, RS_All);
-        dakNone  : AddEnt(pNode, RS_ModifyDRM, 'OFF');
+//      end;
-        dakEmpNo : AddEnt(pNode, RS_ModifyDRM, RS_Person);
+//      case PO.DrmModifyKind of
-        dakDept  : AddEnt(pNode, RS_ModifyDRM, RS_Dept);
+//        dakNone  : AddEnt(pNode, RS_ModifyDRM, 'OFF');
-        dakAll   : AddEnt(pNode, RS_ModifyDRM, RS_All);
+//        dakEmpNo : AddEnt(pNode, RS_ModifyDRM, RS_Person);
-      end;
+//        dakDept  : AddEnt(pNode, RS_ModifyDRM, RS_Dept);
+//        dakAll   : AddEnt(pNode, RS_ModifyDRM, RS_All);
+//      end;
+
       AddEnt(pNode, RS_DecDRM, BooleanToStr(PO.IsDrmDecrypt, 'ON', 'OFF'));
       AddEnt(pNode, RS_AttDRM, BooleanToStr(PO.IsDrmAttAble, 'ON', 'OFF'));
 
+      case PO.IntBtBlockNewFile.mode of
+        abkNone   : AddEnt(pNode, RS_BlueToothFIleNew, 'OFF');
+        abkBlock  : AddEnt(pNode, RS_BlueToothFIleNew, '차단');
+        abkLog    : AddEnt(pNode, RS_BlueToothFIleNew, '로그 수집');
+      end;
+
+      case PO.IntUsbBlockNewFile.mode of
+        abkNone   : AddEnt(pNode, RS_UsbToothFIleNew, 'OFF');
+        abkBlock  : AddEnt(pNode, RS_UsbToothFIleNew, '차단');
+        abkLog    : AddEnt(pNode, RS_UsbToothFIleNew, '로그 수집');
+      end;
+
+      case PO.IntUsbToUsbBlockNewFile.mode of
+        abkNone   : AddEnt(pNode, RS_UsbToUsbToothFIleNew, 'OFF');
+        abkBlock  : AddEnt(pNode, RS_UsbToUsbToothFIleNew, '차단');
+        abkLog    : AddEnt(pNode, RS_UsbToUsbToothFIleNew, '로그 수집');
+      end;
+
+      case PO.IntCdromBlockNewFile.mode of
+        abkNone   : AddEnt(pNode, RS_CdromToothFIleNew, 'OFF');
+        abkBlock  : AddEnt(pNode, RS_CdromToothFIleNew, '차단');
+        abkLog    : AddEnt(pNode, RS_CdromToothFIleNew, '로그 수집');
+      end;
+      case PO.IntMtpBlockNewFile.mode of
+        abkNone   : AddEnt(pNode, RS_MtpToothFIleNew, 'OFF');
+        abkBlock  : AddEnt(pNode, RS_MtpToothFIleNew, '차단');
+        abkLog    : AddEnt(pNode, RS_MtpToothFIleNew, '로그 수집');
+      end;
+
     // 화면 및 클립보드 설정
       pNode := AddEnt(nil, RS_ScreenLogoSet, '');
       case PO.ClipBlockKind of

eCrmHE/EXE_eCrmHomeEdition/License.pas

@@ -23,7 +23,6 @@ const
   Lc_CodeDivider = '-_--_-';
   MacSeparator = '_qts09_';
   Lc_Password = 'UPS8XVKkKCBMGT1d3qD6.E9xRO6BX7';
-
 //  SdkVersion = MajorVersion + '.' + MinorVersion + '.' + RevVersion + '.' + AFFID;
 
   KeyMap: array [0..9] of AnsiString =

eCrmHE/EXE_eCrmHomeEdition/Manager/ManagerHook.pas

@@ -116,6 +116,12 @@ type
     PrtWaterCfg: TPrtWaterCfg;
     ShFileCrMon: TShFileCrMon;
 
+    IntBtBlockNewFile,
+    IntUsbBlockNewFile,
+    IntCdromBlockNewFile,
+    IntMtpBlockNewFile,
+    IntUsbToUsbBlockNewFile: TIntBlockNewFile;
+
     OutFileBlockMB,
     WebFileBlockMB,
     AppFileBlockMB: Integer;
@@ -352,6 +358,71 @@ end;
 function TManagerHook.IsChangeHookPolicy(aPO: TPrefModel): Boolean;
 var
   PPO: TPrefModel;
+
+function IsBlockNewFileChangePolicy():Boolean;
+begin
+//    IntBtBlockNewFile,
+//    IntUsbBlockNewFile,
+//    IntUsbToUsbBlockNewFile,
+//    IntCdromBlockNewFile,
+//    IntMtpBlockNewFile: TIntBlockNewFile;
+  Result := (aPO.IntBtBlockNewFile.mode <> IntBtBlockNewFile.mode) or                 //bluetooth
+            (aPO.IntBtBlockNewFile.userAlert <> IntBtBlockNewFile.userAlert) or
+            (aPO.IntBtBlockNewFile.extList <> IntBtBlockNewFile.extList) or
+            (aPO.IntBtBlockNewFile.excList <> IntBtBlockNewFile.excList) or
+            (aPO.IntBtBlockNewFile.contentsFilter_use <> IntBtBlockNewFile.contentsFilter_use) or
+            (aPO.IntBtBlockNewFile.blockByFilename_use <> IntBtBlockNewFile.blockByFilename_use) or
+            (aPO.IntBtBlockNewFile.blockByFilename_list <> IntBtBlockNewFile.blockByFilename_list) or
+            (aPO.IntBtBlockNewFile.blockBySig_use <> IntBtBlockNewFile.blockBySig_use) or
+            (aPO.IntBtBlockNewFile.blockBySig_list <> IntBtBlockNewFile.blockBySig_list) or
+            (aPO.IntBtBlockNewFile.blockBySizeLimit_use <> IntBtBlockNewFile.blockBySizeLimit_use) or
+            (aPO.IntBtBlockNewFile.blockBySizeLimit_minMb <> IntBtBlockNewFile.blockBySizeLimit_minMb) or
+            (aPO.IntUsbBlockNewFile.mode <> IntUsbBlockNewFile.mode) or               //usb
+            (aPO.IntUsbBlockNewFile.userAlert <> IntUsbBlockNewFile.userAlert) or
+            (aPO.IntUsbBlockNewFile.extList <> IntUsbBlockNewFile.extList) or
+            (aPO.IntUsbBlockNewFile.excList <> IntUsbBlockNewFile.excList) or
+            (aPO.IntUsbBlockNewFile.contentsFilter_use <> IntUsbBlockNewFile.contentsFilter_use) or
+            (aPO.IntUsbBlockNewFile.blockByFilename_use <> IntUsbBlockNewFile.blockByFilename_use) or
+            (aPO.IntUsbBlockNewFile.blockByFilename_list <> IntUsbBlockNewFile.blockByFilename_list) or
+            (aPO.IntUsbBlockNewFile.blockBySig_use <> IntUsbBlockNewFile.blockBySig_use) or
+            (aPO.IntUsbBlockNewFile.blockBySig_list <> IntUsbBlockNewFile.blockBySig_list) or
+            (aPO.IntUsbBlockNewFile.blockBySizeLimit_use <> IntUsbBlockNewFile.blockBySizeLimit_use) or
+            (aPO.IntUsbBlockNewFile.blockBySizeLimit_minMb <> IntUsbBlockNewFile.blockBySizeLimit_minMb) or
+            (aPO.IntUsbToUsbBlockNewFile.mode <> IntUsbToUsbBlockNewFile.mode) or               //UsbtoUsb
+            (aPO.IntUsbToUsbBlockNewFile.userAlert <> IntUsbToUsbBlockNewFile.userAlert) or
+            (aPO.IntUsbToUsbBlockNewFile.extList <> IntUsbToUsbBlockNewFile.extList) or
+            (aPO.IntUsbToUsbBlockNewFile.excList <> IntUsbToUsbBlockNewFile.excList) or
+            (aPO.IntUsbToUsbBlockNewFile.contentsFilter_use <> IntUsbToUsbBlockNewFile.contentsFilter_use) or
+            (aPO.IntUsbToUsbBlockNewFile.blockByFilename_use <> IntUsbToUsbBlockNewFile.blockByFilename_use) or
+            (aPO.IntUsbToUsbBlockNewFile.blockByFilename_list <> IntUsbToUsbBlockNewFile.blockByFilename_list) or
+            (aPO.IntUsbToUsbBlockNewFile.blockBySig_use <> IntUsbToUsbBlockNewFile.blockBySig_use) or
+            (aPO.IntUsbToUsbBlockNewFile.blockBySig_list <> IntUsbToUsbBlockNewFile.blockBySig_list) or
+            (aPO.IntUsbToUsbBlockNewFile.blockBySizeLimit_use <> IntUsbToUsbBlockNewFile.blockBySizeLimit_use) or
+            (aPO.IntUsbToUsbBlockNewFile.blockBySizeLimit_minMb <> IntUsbToUsbBlockNewFile.blockBySizeLimit_minMb) or
+            (aPO.IntCdromBlockNewFile.mode <> IntCdromBlockNewFile.mode) or               //cdrom
+            (aPO.IntCdromBlockNewFile.userAlert <> IntCdromBlockNewFile.userAlert) or
+            (aPO.IntCdromBlockNewFile.extList <> IntCdromBlockNewFile.extList) or
+            (aPO.IntCdromBlockNewFile.excList <> IntCdromBlockNewFile.excList) or
+            (aPO.IntCdromBlockNewFile.contentsFilter_use <> IntCdromBlockNewFile.contentsFilter_use) or
+            (aPO.IntCdromBlockNewFile.blockByFilename_use <> IntCdromBlockNewFile.blockByFilename_use) or
+            (aPO.IntCdromBlockNewFile.blockByFilename_list <> IntCdromBlockNewFile.blockByFilename_list) or
+            (aPO.IntCdromBlockNewFile.blockBySig_use <> IntCdromBlockNewFile.blockBySig_use) or
+            (aPO.IntCdromBlockNewFile.blockBySig_list <> IntCdromBlockNewFile.blockBySig_list) or
+            (aPO.IntCdromBlockNewFile.blockBySizeLimit_use <> IntCdromBlockNewFile.blockBySizeLimit_use) or
+            (aPO.IntCdromBlockNewFile.blockBySizeLimit_minMb <> IntCdromBlockNewFile.blockBySizeLimit_minMb) or
+            (aPO.IntMtpBlockNewFile.mode <> IntMtpBlockNewFile.mode) or               //mtp
+            (aPO.IntMtpBlockNewFile.userAlert <> IntMtpBlockNewFile.userAlert) or
+            (aPO.IntMtpBlockNewFile.extList <> IntMtpBlockNewFile.extList) or
+            (aPO.IntMtpBlockNewFile.excList <> IntMtpBlockNewFile.excList) or
+            (aPO.IntMtpBlockNewFile.contentsFilter_use <> IntMtpBlockNewFile.contentsFilter_use) or
+            (aPO.IntMtpBlockNewFile.blockByFilename_use <> IntMtpBlockNewFile.blockByFilename_use) or
+            (aPO.IntMtpBlockNewFile.blockByFilename_list <> IntMtpBlockNewFile.blockByFilename_list) or
+            (aPO.IntMtpBlockNewFile.blockBySig_use <> IntMtpBlockNewFile.blockBySig_use) or
+            (aPO.IntMtpBlockNewFile.blockBySig_list <> IntMtpBlockNewFile.blockBySig_list) or
+            (aPO.IntMtpBlockNewFile.blockBySizeLimit_use <> IntMtpBlockNewFile.blockBySizeLimit_use) or
+            (aPO.IntMtpBlockNewFile.blockBySizeLimit_minMb <> IntMtpBlockNewFile.blockBySizeLimit_minMb);
+end;
+
 begin
   PPO := gMgSvc.PrefModel;
   Result := (aPO.DrmAccessKind <> DrmAccessKind) or
@@ -419,7 +490,8 @@ begin
               ( (aPO.MtpBlockKind = ubkReadOnly) or (MtpBlockKind = ubkReadOnly) ) ) or
             (MtpRoExp <> aPO.MtpExcept) or
             (PrtNameH <> PPO.PrtNameH) or
-            not CompareMem(@PrtWaterCfg, @aPO.PrtWaterCfg, SizeOf(PrtWaterCfg));
+            not CompareMem(@PrtWaterCfg, @aPO.PrtWaterCfg, SizeOf(PrtWaterCfg)) or
+            IsBlockNewFileChangePolicy;
 end;
 
 procedure TManagerHook.SendWndCaptureBlock(hPipe: THandle; hTg: HWND; bVal: Boolean);
@@ -601,6 +673,11 @@ begin
     end;
   end;
 
+  O.O['IntBtBlockNewFile'] := TTgJson.ValueToJsonObject<TIntBlockNewFile>(IntBtBlockNewFile);
+  O.O['IntUsbBlockNewFile'] := TTgJson.ValueToJsonObject<TIntBlockNewFile>(IntUsbBlockNewFile);
+  O.O['IntUsbToUsbBlockNewFile'] := TTgJson.ValueToJsonObject<TIntBlockNewFile>(IntUsbToUsbBlockNewFile);
+  O.O['IntCdromBlockNewFile'] := TTgJson.ValueToJsonObject<TIntBlockNewFile>(IntCdromBlockNewFile);
+  O.O['IntMtpBlockNewFile'] := TTgJson.ValueToJsonObject<TIntBlockNewFile>(IntMtpBlockNewFile);
   O.O['EtcABApps'] := OEtc;
 
   SaveJsonObjToFile(O, GetRunExePathDir + DIR_CONF + 'noenc_hpli.dat');
@@ -844,6 +921,12 @@ begin
 //      Result.sPrintWaterImg := '*HB*|' + PrtNameH
 //    else
     Result.sPrintWaterImg := '' ;
+    Result.IntBtBlockNewFile := IntBtBlockNewFile;
+    Result.IntUsbBlockNewFile := IntUsbBlockNewFile;
+    Result.IntUsbToUsbBlockNewFile := IntUsbToUsbBlockNewFile;
+    Result.IntCdromBlockNewFile := IntCdromBlockNewFile;
+    Result.IntMtpBlockNewFile := IntMtpBlockNewFile;
+
   except
     on E: Exception do
       ETgException.TraceException(Self, E, 'Fail .. GetCtrlOpt()');
@@ -1304,6 +1387,12 @@ begin
     WebFileBlockMB := PO.WebFileBlockMB;
     AppFileBlockMB := PO.AppFileBlockMB;
 
+    IntBtBlockNewFile := PO.IntBtBlockNewFile;
+    IntUsbBlockNewFile := PO.IntUsbBlockNewFile;
+    IntUsbToUsbBlockNewFile := PO.IntUsbToUsbBlockNewFile;
+    IntCdromBlockNewFile := PO.IntCdromBlockNewFile;
+    IntMtpBlockNewFile := PO.IntMtpBlockNewFile;
+
     if DefHookOpt_.sTaskDir <> '' then
       ForceDirectories(DefHookOpt_.sTaskDir);
 
@@ -1316,7 +1405,7 @@ begin
       if not NotUseDRM then
         sTgApps_mad_ := DRM_SUPPORT_APPS;
 
-      sTgApps_mad_:= sTgApps_mad_ + '|FSQUIRT.exe';
+      sTgApps_mad_:= sTgApps_mad_ + '|FSQUIRT.exe|LINKENGKM.exe';
       if IsPrintWaterHook then
       begin
         sABApps := sPrtWaterSupportApp_;
@@ -1356,7 +1445,11 @@ begin
     if bCaptureBlockApps then
       SumString(sABApps, sCaptureBlockApps, '|');
 
-    if (MtpBlockKind = ubkReadOnly) or (ShFileCrMon.nKind <> 0) then
+    if (MtpBlockKind = ubkReadOnly) or
+       (ShFileCrMon.nKind <> 0) or
+       (IntUsbBlockNewFile.mode <> abkNone) or
+       (IntMtpBlockNewFile.mode <> abkNone) or
+       (IntCdromBlockNewFile.mode <> abkNone) then
       SumString(sABApps, 'explorer.exe', '|');
 
     _Trace(Format('      sABApps .. [%s]', [sABApps]), 1);

eCrmHE/EXE_eCrmHomeEdition/Manager/ManagerModel.pas

@@ -83,7 +83,6 @@ type
   TBlockFRename = (bfrFalse, bfrAll, bfrExe, bfrPopup, bfrLog, bfrNoExe);
   TBlockFdRename = (bdrFalse, bdrAll, bdrThis, bdrPopup, bdrLog);
   TClipBlockKind = (cbkNone, cbkBlock, cbkPopup, cbkLog);
-  TFileMonKind = (fmkNone, fmkAll, fmkIncExt, fmkIgrExt);
   TShareFolderKind = (sfkNone, sfkAllBlock, sfkAddBlock, sfkPopup, sfkLog);
   TFileCollectPlan = (fcpNone, fcpOnce, fcpWeek, fcpMonthDate, fcpMonthWeek);
   TFileCollectKind = (fckNone, fckFile, fckFolder, fckFolderIncSub, fckFolderFKwd);
@@ -212,6 +211,7 @@ type
     ContentFilter: TContentFilter;
   end;
 
+
   TPrefModel = class(TTgObject)
   private
 //    VpnIpList,
@@ -616,6 +616,14 @@ type
     EtcAbExts: String;
     PrtOcrTxtExtList: TStringList;
 
+    IntBtBlockNewFile,
+    IntUsbBlockNewFile,
+    IntUsbToUsbBlockNewFile,
+    IntCdromBlockNewFile,
+    IntMtpBlockNewFile: TIntBlockNewFile;
+
+    IgnoreDriverLoad: Boolean;
+
     Constructor Create(sPoName: String; bLoad: Boolean = true; bSaveAble: Boolean = true);
     Destructor Destroy; override;
 
@@ -1683,6 +1691,16 @@ begin
 
       if ForceDirectories(sDir) then
         ss.SaveToFile(sDir + Format('%s-%s%s', [NAME_PREF, sPoFName_, EXT_PROP]));
+
+      var plainText: TStringStream;
+      //mgkim plainText
+      Guard(plainText, TStringStream.Create(GetPolicyToJsonObj.AsString, TEncoding.UTF8));
+
+      if ForceDirectories(sDir) then
+        plainText.SaveToFile(sDir + Format('%s-%s_painText%s', [NAME_PREF, sPoFName_, EXT_PROP]));
+
+      _Trace('정책 저장 : %s' ,[sDir + Format('%s-%s%s', [NAME_PREF, sPoFName_, EXT_PROP])], 1);
+
     end else
     if ORecent_ <> nil then
     begin
@@ -2003,6 +2021,8 @@ begin
         LogKeepDays := 10;
       BtConNotiDSec := O.I['BtConNotiDSec'];
       SplitString(UpperCase(O.S['GetPrtOcrTxt']), '|', PrtOcrTxtExtList);
+
+      IgnoreDriverLoad := O.B['IgnoreDriverLoad'];
     end;
 
     Save;
@@ -2088,6 +2108,114 @@ function TPrefModel.LoadFromJsonObj(aO: ISuperObject; CP: Boolean): Boolean;
     end;
   end;
 
+  function GetIniBlockFileNew(const sKeyName: string): TIntBlockNewFile;
+  var
+    i: Integer;
+    O: ISuperObject;
+    sTemp: String;
+  begin
+      O := GetJsonObj(sKeyName);
+      var mode := O.S['mode'];
+      if mode = 'true' then
+        Result.mode := abkBlock
+      else if mode ='log' then
+        Result.mode := abkLog
+      else
+        Result.mode := abkNone;
+
+      Result.userAlert := O.B['userAlert'];
+      Result.origTextCol := O.B['origTextCol'];
+      Result.fileNameChk := O.B['fileNameChk'];
+
+      if O.O['origFileCol'] <> nil then
+      begin
+        Result.origFileCol_use := O.O['origFileCol'].B['use'];
+        Result.origFileCol_maxMb := O.O['origFileCol'].I['maxMb'];
+        Result.origFileCol_minMb := O.O['origFileCol'].I['minMb'];
+      end else begin
+        Result.origFileCol_use := False;
+      end;
+
+      if (O.O['extList'] <> nil) and (O.O['extList'].DataType = stArray) then
+      begin
+        sTemp := '';
+        for i := 0 to O.A['extList'].Length - 1 do
+          SumString(sTemp, O.A['extList'].S[i], '|');
+        Result.extList := sTemp;
+      end;
+
+      if (O.O['excList'] <> nil) and (O.O['excList'].DataType = stArray) then
+      begin
+        sTemp := '';
+        for i := 0 to O.A['excList'].Length - 1 do
+          SumString(sTemp, O.A['excList'].S[i], '|');
+        Result.excList := sTemp;
+      end;
+
+      if O.O['contentsFilter'] <> nil then
+      begin
+        Result.contentsFilter_use := O.O['contentsFilter'].B['use'];
+        if Result.contentsFilter_use then
+        begin
+          if (O.O['contentsFilter'].O['list'] <> nil) and (O.O['contentsFilter'].O['list'].DataType = stArray) then
+          begin
+            sTemp := '';
+            for i := 0 to O.O['contentsFilter'].A['list'].Length - 1 do
+              SumString(sTemp, O.O['contentsFilter'].A['list'].S[i], '|');
+            Result.contentsFilter_list := sTemp;
+          end;
+        end;
+
+
+      end else begin
+        Result.origFileCol_use := False;
+      end;
+
+      if O.O['blockByFilename'] <> nil then
+      begin
+        Result.blockByFilename_use := O.O['blockByFilename'].B['use'];
+        if Result.blockByFilename_use then
+        begin
+          if (O.O['blockByFilename'].O['list'] <> nil) and (O.O['blockByFilename'].O['list'].DataType = stArray) then
+          begin
+            sTemp := '';
+            for i := 0 to O.O['blockByFilename'].A['list'].Length - 1 do
+              SumString(sTemp, O.O['blockByFilename'].A['list'].S[i], '|');
+            Result.blockByFilename_list := sTemp;
+          end;
+        end;
+
+      end else begin
+        Result.blockByFilename_use := False;
+      end;
+
+      if O.O['blockBySig'] <> nil then
+      begin
+        Result.blockBySig_use := O.O['blockBySig'].B['use'];
+        if Result.blockBySig_use then
+        begin
+          if (O.O['blockBySig'].O['list'] <> nil) and (O.O['blockBySig'].O['list'].DataType = stArray) then
+          begin
+            sTemp := '';
+            for i := 0 to O.O['blockBySig'].A['list'].Length - 1 do
+              SumString(sTemp, O.O['blockBySig'].A['list'].S[i], '|');
+            Result.blockBySig_list := sTemp;
+          end;
+        end;
+
+      end else begin
+        Result.blockBySig_use := False;
+      end;
+
+      if O.O['blockBySizeLimit'] <> nil then
+      begin
+        Result.blockBySizeLimit_use := O.O['blockBySizeLimit'].B['use'];
+        Result.blockBySizeLimit_minMb := O.O['blockBySizeLimit'].I['minMb'];
+      end else begin
+        Result.blockBySizeLimit_use := False;
+      end;
+
+  end;
 var
   sTemp: String;
   i: Integer;
@@ -2991,6 +3119,58 @@ begin
         AppRcdApps := sTmp;
     end;
 
+//  mgkim 정책 추가확인 26-03-16 블루투스 파일 반출 차단 정책 추가
+//{
+//  "mode": "partial",		# 모드
+//  "userAlert": true,		#사용자 알림 수행
+//  "extList": [			# 확장 목록
+//    "jpg",
+//    "exe",
+//    "png"
+//  ],
+//  "excList": [			# 예외 목록
+//    "gif",
+//    "hi"
+//  ],
+//  "origTextCol": true,		# 원문 수집
+//  "origFileCol": {
+//    "use": true,		# 원본 수집
+//    "maxMb": 30,		# 다음 크기까지
+//    "minMb": 20			# 다음 크기이상
+//  },
+//  "fileNameChk": true,		# 파일 이름 검사
+//  "contentsFilter": {
+//    "use": true,		# 컨텐츠 필터 사용 여부
+//    "list": [			# 선택된 컨텐츠 필터
+//      "D017",
+//      "D018"
+//    ]
+//  },
+//  "blockByFilename": {		# 파일명 차단
+//    "use": false,		# 파일명 차단 사용 여부
+//    "list": []			# 파일명 리스트
+//  },
+//  "blockBySig": {		# 시그니처 차단
+//    "use": false,		# 시그니처 차단 사용 여부
+//    "list": []			# 시그니처 리스트
+//  },
+//  "blockBySizeLimit": {		# 크기 차단
+//    "use": false,		# 크기 차단 사용 여부
+//    "minMb": 0			# 다음 크기 이상
+//  }
+//}
+
+    IntBtBlockNewFile:= GetIniBlockFileNew('int_btBlockNewFile');
+    _Trace('블루 투스 파일 차단 정책 시작 : mode : %d, content : %s',[Integer(IntBtBlockNewFile.mode), IntBtBlockNewFile.contentsFilter_list], 1);
+    IntUsbBlockNewFile:= GetIniBlockFileNew('int_usbBlockNewFile');
+    _Trace('Usb 파일 차단 정책 시작 : mode : %d, content : %s',[Integer(IntUsbBlockNewFile.mode), IntUsbBlockNewFile.contentsFilter_list], 1);
+    IntUsbToUsbBlockNewFile:= GetIniBlockFileNew('int_usbToUsbBlockNewFile');
+    _Trace('Usb To Usb 파일 차단 정책 시작 : mode : %d, content : %s',[Integer(IntUsbToUsbBlockNewFile.mode), IntUsbToUsbBlockNewFile.contentsFilter_list], 1);
+    IntCdromBlockNewFile:= GetIniBlockFileNew('int_cdBlockNewFile');
+    _Trace('Cdrom 파일 차단 정책 시작 : mode : %d, content : %s',[Integer(IntCdromBlockNewFile.mode), IntCdromBlockNewFile.contentsFilter_list], 1);
+    IntMtpBlockNewFile:= GetIniBlockFileNew('int_mtpBlockNewFile');
+    _Trace('Mtp 파일 차단 정책 시작 : mode : %d, content : %s',[Integer(IntMtpBlockNewFile.mode), IntMtpBlockNewFile.contentsFilter_list], 1);
+
     bLoaded_ := true;
     IsOldPolicy := false;
     ProcessAfterSetPolicy;
@@ -4447,6 +4627,15 @@ begin
     Result.I['SecuExitWaitSec'] := SecuExitWaitSec;
 
     Result.B['IsTempGroup'] := IsTempGroup;
+
+    // 블루투스 차단, USB, 파일 차단 기능 추가
+    _Trace('IntBtBlockNewFile mode  :%d', [Integer(IntBtBlockNewFile.mode)], 1);
+    Result.O['IntBtBlockNewFile'] := TTgJson.ValueToJsonObject<TIntBlockNewFile>(IntBtBlockNewFile);
+    Result.O['IntUsbBlockNewFile'] := TTgJson.ValueToJsonObject<TIntBlockNewFile>(IntUsbBlockNewFile);
+    Result.O['IntUsbToUsbBlockNewFile'] := TTgJson.ValueToJsonObject<TIntBlockNewFile>(IntUsbToUsbBlockNewFile);
+    Result.O['IntCdromBlockFileNew'] := TTgJson.ValueToJsonObject<TIntBlockNewFile>(IntCdromBlockNewFile);
+    Result.O['IntMtpUsbBlockNewFile'] := TTgJson.ValueToJsonObject<TIntBlockNewFile>(IntMtpBlockNewFile);
+
   except
     on E: Exception do
       ETgException.TraceException(Self, E, 'Fail .. GetPolicyToJsonObj()');
@@ -4482,6 +4671,121 @@ begin
 end;
 
 procedure TPrefModel.SetPolicyFromJsonObj(aO: ISuperObject);
+
+ function GetBlockFileNew(const sKeyName: string): TIntBlockNewFile;
+  var
+    i: Integer;
+    sTemp: String;
+    O: ISuperObject;
+  begin
+
+      O := SO(aO.S[sKeyName]);
+      if O = nil then
+      begin
+        _Trace('GetBlockFileNew, nil',1);
+        Exit;
+      end;
+
+      var mode := O.S['mode'];
+      if mode = 'true' then
+        Result.mode := abkBlock
+      else if mode ='log' then
+        Result.mode := abkLog
+      else
+        Result.mode := abkNone;
+
+      Result.userAlert := O.B['userAlert'];
+      Result.origTextCol := O.B['origTextCol'];
+      Result.fileNameChk := O.B['fileNameChk'];
+
+      if O.O['origFileCol'] <> nil then
+      begin
+        Result.origFileCol_use := O.O['origFileCol'].B['use'];
+        Result.origFileCol_maxMb := O.O['origFileCol'].I['maxMb'];
+        Result.origFileCol_minMb := O.O['origFileCol'].I['minMb'];
+      end else begin
+        Result.origFileCol_use := False;
+      end;
+
+      if (O.O['extList'] <> nil) and (O.O['extList'].DataType = stArray) then
+      begin
+        sTemp := '';
+        for i := 0 to O.A['extList'].Length - 1 do
+          SumString(sTemp, O.A['extList'].S[i], '|');
+        Result.extList := sTemp;
+      end;
+
+      if (O.O['excList'] <> nil) and (O.O['excList'].DataType = stArray) then
+      begin
+        sTemp := '';
+        for i := 0 to O.A['excList'].Length - 1 do
+          SumString(sTemp, O.A['excList'].S[i], '|');
+        Result.excList := sTemp;
+      end;
+
+      if O.O['contentsFilter'] <> nil then
+      begin
+        Result.contentsFilter_use := O.O['contentsFilter'].B['use'];
+        if Result.contentsFilter_use then
+        begin
+          if (O.O['contentsFilter'].O['list'] <> nil) and (O.O['contentsFilter'].O['list'].DataType = stArray) then
+          begin
+            sTemp := '';
+            for i := 0 to O.O['contentsFilter'].A['list'].Length - 1 do
+              SumString(sTemp, O.O['contentsFilter'].A['list'].S[i], '|');
+            Result.contentsFilter_list := sTemp;
+          end;
+        end;
+
+
+      end else begin
+        Result.origFileCol_use := False;
+      end;
+
+      if O.O['blockByFilename'] <> nil then
+      begin
+        Result.blockByFilename_use := O.O['blockByFilename'].B['use'];
+        if Result.blockByFilename_use then
+        begin
+          if (O.O['blockByFilename'].O['list'] <> nil) and (O.O['blockByFilename'].O['list'].DataType = stArray) then
+          begin
+            sTemp := '';
+            for i := 0 to O.O['blockByFilename'].A['list'].Length - 1 do
+              SumString(sTemp, O.O['blockByFilename'].A['list'].S[i], '|');
+            Result.blockByFilename_list := sTemp;
+          end;
+        end;
+
+      end else begin
+        Result.blockByFilename_use := False;
+      end;
+
+      if O.O['blockBySig'] <> nil then
+      begin
+        Result.blockBySig_use := O.O['blockBySig'].B['use'];
+        if Result.blockBySig_use then
+        begin
+          if (O.O['blockBySig'].O['list'] <> nil) and (O.O['blockBySig'].O['list'].DataType = stArray) then
+          begin
+            sTemp := '';
+            for i := 0 to O.O['blockBySig'].A['list'].Length - 1 do
+              SumString(sTemp, O.O['blockBySig'].A['list'].S[i], '|');
+            Result.blockBySig_list := sTemp;
+          end;
+        end;
+
+      end else begin
+        Result.blockBySig_use := False;
+      end;
+
+      if O.O['blockBySizeLimit'] <> nil then
+      begin
+        Result.blockBySizeLimit_use := O.O['blockBySizeLimit'].B['use'];
+        Result.blockBySizeLimit_minMb := O.O['blockBySizeLimit'].I['minMb'];
+      end else begin
+        Result.blockBySizeLimit_use := False;
+      end;
+  end;
 begin
   try
     with aO do
@@ -4937,6 +5241,27 @@ begin
 
       SecuExitWaitSec := I['SecuExitWaitSec'];
 
+      //mgkim 프로세스 시작 시 정책 읽어ㅏ야함..
+      IntBtBlockNewFile:= TTgJson.GetDataAsType<TIntBlockNewFile>(O['IntBtBlockNewFile']);
+//      IntBtBlockNewFile := GetBlockFileNew(O['int_btBlockNewFile']);
+      _Trace('블루 투스 파일 차단 정책 끝 : mode : %d',[Integer(IntBtBlockNewFile.mode)], 1);
+      IntUsbBlockNewFile:= TTgJson.GetDataAsType<TIntBlockNewFile>(O['IntUsbBlockNewFile']);
+//            IntUsbBlockNewFile := GetBlockFileNew(O['int_usbBlockNewFile']);
+
+      _Trace('Usb 차단 정책 끝 : mode : %d',[Integer(IntUsbBlockNewFile.mode)], 1);
+      IntUsbToUsbBlockNewFile:= TTgJson.GetDataAsType<TIntBlockNewFile>(O['IntUsbToUsbBlockNewFile']);
+//      IntUsbToUsbBlockNewFile := GetBlockFileNew(O['int_usbToUsbBlockNewFile']);
+
+      _Trace('Usb TO Usb 차단 정책 끝 : mode : %d',[Integer(IntUsbToUsbBlockNewFile.mode)], 1);
+      IntCdromBlockNewFile:= TTgJson.GetDataAsType<TIntBlockNewFile>(O['IntCdromBlockNewFile']);
+//      IntCdromBlockNewFile := GetBlockFileNew(O['int_cdBlockNewFile']);
+
+      _Trace('Cdrom 차단 정책 끝 : mode : %d',[Integer(IntCdromBlockNewFile.mode)], 1);
+      IntMtpBlockNewFile:= TTgJson.GetDataAsType<TIntBlockNewFile>(O['IntMtpUsbBlockNewFile']);
+//      IntMtpBlockNewFile := GetBlockFileNew(O['int_mtpBlockNewFile']);
+
+      _Trace('Mtp 차단 정책 끝 : mode : %d',[Integer(IntMtpBlockNewFile.mode)], 1);
+
       SetOldDefault;
     end;
 

eCrmHE/EXE_eCrmHomeEdition/Manager/ManagerService.pas

@@ -85,6 +85,7 @@ type
   PRecentFnd = ^TRecentFnd;
   TRecentFnd = record
     dtReg: TDateTime;
+    curAppType: TCurAppType;
     sMName,
     sPath,
     sFounds,
@@ -263,6 +264,12 @@ type
     sOutABPatterns_: String;
     CbPatternEnts_: TPatternEntList;
 
+    BtcontentsFilter_list_,
+    UsbcontentsFilter_list_,
+    CdromcontentsFilter_list_,
+    MtpcontentsFilter_list_,
+    UsbToUsbcontentsFilter_list_: string;
+    agentStatTime_: string;
   // RDP 로그인된 상태 체크 23_0926 08:58:58 kku
     bIsRdpLogon_: Boolean;
 
@@ -581,6 +588,8 @@ type
     procedure SendAppInstInfo;
     function SendHwInfo: Boolean;
     procedure SendScreenRecord(sReason, sMp4Path: String; nMilSec: Integer);
+    //mgkim
+    procedure SendAuditLog(const JsonReport: string);
 
     function SendApproval(nType: Integer; pData: Pointer; bUpFileCnt: Integer = 0): String;
     procedure SendAgreeInfo;
@@ -1383,78 +1392,6 @@ begin
   ThdAppMon_ := nil;
   xPrintLogService_ := nil;
 
-  bFltCtrlInit_ := false;
-  FltCtrlPolicy_ := 0;
-  FltCtrl_ := TBs1fltControl.Create;
-  DcFltCtrlEnt_ := TDictionary<String,String>.Create;
-
-  if UseFltCtrl then
-  begin
-    var state : DWORD;
-    state := FltCtrl_.InitDriver(GetRunExePathDir, FltCtrlCallback);
-    if state = 0 then
-    begin
-      var PPid: DWORD;
-      var parentDir: string;
-      var programdataDir: string;
-
-      _Trace('장치 접근 제어 준비 .. OK', 1);
-      FltCtrl_.BeginControl(1);
-      //폴더 보호 적용
-      PPid:= GetProcessPPidByPid(GetCurrentProcessId());
-      parentDir:= ExtractFileDir(ExcludeTrailingPathDelimiter(GetRunExePathDir));
-      programdataDir := parentDir[1] + ':\ProgramData\Tocsg';
-
-      _Trace('장치 접근 제어 준비 .. 폴더 보호 시작 : %s, PPid : %d',[parentDir, PPid], 1);
-      FltCtrl_.SetPid(PG_PID_ALLOW, PPid);
-
-      FltCtrl_.SetPath(PG_PATH_BLACK, Pchar(programdataDir));
-      FltCtrl_.SetPath(PG_PATH_BLACK, Pchar(parentDir));
-      FltCtrl_.SetProcessPath(PG_PID_ALLOW, Pchar('eCrmHeHelper.exe'));
-      FltCtrl_.SetProcessPath(PG_PID_ALLOW, Pchar('KvCttSch.exe'));
-      FltCtrl_.SetProcessPath(PG_PID_ALLOW, Pchar('KvCttSchW.exe'));
-      FltCtrl_.SetProcessPath(PG_PID_ALLOW, Pchar('BSWmcr.exe'));
-      FltCtrl_.SetProcessPath(PG_PID_ALLOW, Pchar('BSOne-AIP-Decrypt14.exe'));
-      FltCtrl_.SetProcessPath(PG_PID_ALLOW, Pchar('BSOne-AIP-Decrypt.exe'));
-      FltCtrl_.SetProcessPath(PG_PID_ALLOW, Pchar('Bs1tri.exe'));
-      FltCtrl_.SetProcessPath(PG_PID_ALLOW, Pchar('eCrmInterCaller.exe'));
-      FltCtrl_.SetProcessPath(PG_PID_ALLOW, Pchar('filter.exe'));
-      FltCtrl_.SetProcessPath(PG_PID_ALLOW, Pchar('kvoop.exe'));
-      FltCtrl_.SetProcessPath(PG_PID_ALLOW, Pchar('tstxtract.exe'));
-      FltCtrl_.SetProcessPath(PG_PID_ALLOW, Pchar('FilterTestDotNet.exe'));
-
-      FltCtrl_.SetFileName(PG_FILE_ALLOW, Pchar('Bs1ovi.dll'));
-      FltCtrl_.SetFileName(PG_FILE_ALLOW, Pchar('Bs1ovm.dll'));
-      FltCtrl_.SetFileName(PG_FILE_ALLOW, Pchar('eCrmHeHelper.dll'));
-      FltCtrl_.SetFileName(PG_FILE_ALLOW, Pchar('eCrmHeHelper32.dll'));
-      FltCtrl_.SetFileName(PG_FILE_ALLOW, Pchar('Bs1shl.dll'));
-      FltCtrl_.SetFileName(PG_FILE_ALLOW, Pchar('Bs1ovi.dll'));
-      FltCtrl_.SetFileName(PG_FILE_ALLOW, Pchar('libeay32.dll'));
-      FltCtrl_.SetFileName(PG_FILE_ALLOW, Pchar('ssleay32.dll'));
-      FltCtrl_.SetFileName(PG_FILE_ALLOW, Pchar('bsonex64.sys'));
-
-      _Trace('장치 접근 제어 준비 .. 폴더 보호 끝', 1);
-      FltCtrl_.FolderProtectControl(1);
-
-      //장치 차단
-      FltCtrl_.SetDeviceProtect(1);
-      FltCtrl_.SetHook(DWORD(BDC_USB), 1);
-      FltCtrl_.SetHook(DWORD(BDC_BLUETOOTH), 1);
-      //프로세스 보호
-      FltCtrl_.ProcessProtect(1);
-      FltCtrl_.ProcessCreate(1);
-      FltCtrl_.SetProcessProtectId(GetCurrentProcessId);
-      //레지스트리 보호
-      FltCtrl_.SetRegProtect(1);
-      bFltCtrlInit_ := true;
-
-    end else
-      _Trace('장치 접근 제어 준비 .. Fail : %d',[state],1);
-  end;
-
-  DeviceGuard_:= TDeviceGuardEngine.Create;
-//  DeviceGuard_.CreateDefaultPolicies;
-
   sUtcOffset_ := '+00:00';
   try
     var TS: TTimeSpan := TTimeZone.Local.GetUtcOffset(Now);
@@ -1708,6 +1645,86 @@ begin
     FindAipMdWnd(true);
   end;
 
+  //mgkim bs1flt load
+  bFltCtrlInit_ := false;
+  FltCtrlPolicy_ := 0;
+  FltCtrl_ := TBs1fltControl.Create;
+  DcFltCtrlEnt_ := TDictionary<String,String>.Create;
+
+//  IgnoreDriverLoad
+  _Trace('에이전트 시작 시간: %s',[agentStatTime_], 1);
+  agentStatTime_:= FormatDateTime('yyyy-mm-dd"T"hh:nn:ss"+09:00"', Now);
+  if UseFltCtrl then
+  begin
+    var state : DWORD;
+    state := FltCtrl_.InitDriver(GetRunExePathDir, FltCtrlCallback);
+    if state = 0 then
+    begin
+      var PPid: DWORD;
+      var parentDir: string;
+      var programdataDir: string;
+
+      _Trace('장치 접근 제어 준비 .. OK', 1);
+      FltCtrl_.BeginControl(1);
+      //폴더 보호 적용
+      PPid:= GetProcessPPidByPid(GetCurrentProcessId());
+      parentDir:= ExtractFileDir(ExcludeTrailingPathDelimiter(GetRunExePathDir));
+      programdataDir := parentDir[1] + ':\ProgramData\Tocsg';
+
+      _Trace('장치 접근 제어 준비 .. 폴더 보호 시작 : %s, PPid : %d',[parentDir, PPid], 1);
+      FltCtrl_.SetPid(PG_PID_ALLOW, PPid);
+
+      FltCtrl_.SetPath(PG_PATH_BLACK, Pchar(programdataDir));
+      FltCtrl_.SetPath(PG_PATH_BLACK, Pchar(parentDir));
+      FltCtrl_.SetProcessPath(PG_PID_ALLOW, Pchar('eCrmHeHelper.exe'));
+      FltCtrl_.SetProcessPath(PG_PID_ALLOW, Pchar('KvCttSch.exe'));
+      FltCtrl_.SetProcessPath(PG_PID_ALLOW, Pchar('KvCttSchW.exe'));
+      FltCtrl_.SetProcessPath(PG_PID_ALLOW, Pchar('BSWmcr.exe'));
+      FltCtrl_.SetProcessPath(PG_PID_ALLOW, Pchar('BSOne-AIP-Decrypt14.exe'));
+      FltCtrl_.SetProcessPath(PG_PID_ALLOW, Pchar('BSOne-AIP-Decrypt.exe'));
+      FltCtrl_.SetProcessPath(PG_PID_ALLOW, Pchar('Bs1tri.exe'));
+      FltCtrl_.SetProcessPath(PG_PID_ALLOW, Pchar('eCrmInterCaller.exe'));
+      FltCtrl_.SetProcessPath(PG_PID_ALLOW, Pchar('filter.exe'));
+      FltCtrl_.SetProcessPath(PG_PID_ALLOW, Pchar('kvoop.exe'));
+      FltCtrl_.SetProcessPath(PG_PID_ALLOW, Pchar('tstxtract.exe'));
+      FltCtrl_.SetProcessPath(PG_PID_ALLOW, Pchar('FilterTestDotNet.exe'));
+
+      FltCtrl_.SetFileName(PG_FILE_ALLOW, Pchar('Bs1ovi.dll'));
+      FltCtrl_.SetFileName(PG_FILE_ALLOW, Pchar('Bs1ovm.dll'));
+      FltCtrl_.SetFileName(PG_FILE_ALLOW, Pchar('eCrmHeHelper.dll'));
+      FltCtrl_.SetFileName(PG_FILE_ALLOW, Pchar('eCrmHeHelper32.dll'));
+      FltCtrl_.SetFileName(PG_FILE_ALLOW, Pchar('Bs1shl.dll'));
+      FltCtrl_.SetFileName(PG_FILE_ALLOW, Pchar('Bs1ovi64.dll'));
+      FltCtrl_.SetFileName(PG_FILE_ALLOW, Pchar('libeay32.dll'));
+      FltCtrl_.SetFileName(PG_FILE_ALLOW, Pchar('ssleay32.dll'));
+      FltCtrl_.SetFileName(PG_FILE_ALLOW, Pchar('bsonex64.sys'));
+      FltCtrl_.SetFileName(PG_FILE_ALLOW, Pchar('hpli.dat'));
+
+      _Trace('장치 접근 제어 준비 .. 폴더 보호 끝', 1);
+      FltCtrl_.FolderProtectControl(1);
+
+      //장치 차단
+      FltCtrl_.SetDeviceProtect(1);
+      FltCtrl_.SetHook(DWORD(BDC_USB), 1);
+      FltCtrl_.SetHook(DWORD(BDC_BLUETOOTH), 1);
+      //프로세스 보호
+
+      FltCtrl_.ProcessCreate(1);
+      FltCtrl_.ProcessProtect(1);
+      FltCtrl_.SetProcessProtectId(GetCurrentProcessId);
+      _Trace('프로세스 보호 끝', 1);
+      //레지스트리 보호
+      FltCtrl_.SetRegProtect(1);
+      bFltCtrlInit_ := true;
+
+    end else
+      _Trace('장치 접근 제어 준비 .. Fail : %d',[state],1);
+  end;
+
+  DeviceGuard_:= TDeviceGuardEngine.Create;
+//  DeviceGuard_.CreateDefaultPolicies;
+
+
 // 에이전트 최초 상태정보 보낼때 참조할 수 있도록 미리 실행 시켜줌 23_0411 12:30:37 kku
   TimerCheckOsConfig(nil);
   TimerCheckSecurity(nil);
@@ -1836,6 +1853,8 @@ begin
 
   if NotUseUAC then
     InstallOutlookPlugIn_forHD(hRcvHwnd_);
+
+
 end;
 
 Destructor TManagerService.Destroy;
@@ -6905,6 +6924,41 @@ begin
         if sOutABPatterns_ <> OutlookAB.ContentFilter.sPatterns then
           sOutABPatterns_ := OutlookAB.ContentFilter.sPatterns;
 
+        if IntBtBlockNewFile.contentsFilter_use then
+        begin
+          if BtcontentsFilter_list_ <> IntBtBlockNewFile.contentsFilter_list then
+            BtcontentsFilter_list_ := IntBtBlockNewFile.contentsFilter_list
+        end else
+          BtcontentsFilter_list_ := '';
+
+        if IntUsbBlockNewFile.contentsFilter_use then
+        begin
+          if UsbcontentsFilter_list_ <> IntUsbBlockNewFile.contentsFilter_list then
+            UsbcontentsFilter_list_ := IntUsbBlockNewFile.contentsFilter_list
+        end else
+          UsbcontentsFilter_list_ := '';
+
+        if IntUsbToUsbBlockNewFile.contentsFilter_use then
+        begin
+          if UsbToUsbcontentsFilter_list_ <> IntUsbToUsbBlockNewFile.contentsFilter_list then
+            UsbToUsbcontentsFilter_list_ := IntUsbToUsbBlockNewFile.contentsFilter_list
+        end else
+          UsbToUsbcontentsFilter_list_ := '';
+
+        if IntCdromBlockNewFile.contentsFilter_use then
+        begin
+          if CdromcontentsFilter_list_ <> IntCdromBlockNewFile.contentsFilter_list then
+            CdromcontentsFilter_list_ := IntCdromBlockNewFile.contentsFilter_list
+        end else
+          CdromcontentsFilter_list_ := '';
+
+        if IntMtpBlockNewFile.contentsFilter_use then
+        begin
+          if MtpcontentsFilter_list_ <> IntMtpBlockNewFile.contentsFilter_list then
+            MtpcontentsFilter_list_ := IntMtpBlockNewFile.contentsFilter_list
+        end else
+          MtpcontentsFilter_list_ := '';
+
         if MgHook_ = nil then
         begin
           if DrmAccessKind <> dakNone then
@@ -7750,7 +7804,7 @@ begin
   // 페어링 되었던 다른 장치와의 연결 정보에도 영향을 줄 수 있습니다.
     Result := BluetoothRemoveDevice(pEnt.dInfo.Address) = 0;
     if not Result then
-      _Trace('Fail .. ProcessPreventBT(), Name="%s"', [pEnt.dInfo.szName]);
+      _Trace('Fail .. ProcessPreventBT(), Name="%s", sTemp1=%s', [pEnt.dInfo.szName, sTemp1]);
     Result := true; // 차단 대상이면 위 작업과 별개로 장치 차단을 하도록 함 22_0630 09:15:10 kku
     exit;
   end;
@@ -7784,11 +7838,16 @@ begin
 
     BtDevTypeToStr(pEnt.dInfo.ulClassofDevice, sMajor, sMinor);
     sLog := Format('Name : %s, Type : %s (%s), Address : %s', [pEnt.dInfo.szName, sMajor, sMinor, pEnt.sAddress]);
+    TTgTrace.T('OnBtDevEntNotify() .. sLog=%s', [sLog], 4);
+
     PO := GetModePolicy;
     bPopup := PO.BTPopup;
     sData := String(pEnt.dInfo.szName) + '|' + Format('%s (%s)', [sMajor, sMinor]) + '|' + pEnt.sAddress;
     if bPrevent then
     begin
+
+//      FltCtrl_.SetPolicy(DWORD(BDC_BLUETOOTH), DWORD(bPrevent), DWORD(1));
+
       sData := sData + '|PV';
       if bPopup then
           PopupMessage(TYPE_MSG_PREVENT_BLUETOOTH, sData);
@@ -7806,6 +7865,9 @@ begin
       end else
         SendEventLog(URI_USER_ACTION, PREVENT_BLUETOOTH, sLog);
     end else begin
+
+//      FltCtrl_.SetPolicy(DWORD(BDC_BLUETOOTH), DWORD(bPrevent), DWORD(1));
+
       if PrefModel_.BtConNotiDSec > 0 then
       begin
       // 일정 시간동안 다시 알림 하지 않도록 기능 보완
@@ -7966,7 +8028,7 @@ var
   nUnzipDepth,   nDecompDepth: Integer;
   ExtList: TStringList;
 
-  function FindContent(var unable : string ; sTgPath: String; var sFounds, sFoundsC: String): Boolean;
+  function FindContent(var unable : string ; fileNameChk: Boolean; sTgPath: String; var sFounds, sFoundsC: String): Boolean;
   var
     sExtrTxt,
     sSchTxt, sFound: String;
@@ -7985,7 +8047,10 @@ var
         exit;
       end;
 
-      sExtrTxt := 'FileName : ' + ExtractFileName(sTgPath) + #13#10#13#10 + sExtrTxt;
+      if fileNameChk then
+        sExtrTxt := 'FileName : ' + ExtractFileName(sTgPath) + #13#10#13#10 + sExtrTxt
+      else
+        sExtrTxt := sExtrTxt;
 
       sFounds := '';
       sFoundsC := '';
@@ -8069,7 +8134,7 @@ var
     end;
   end;
 
-  function ProcessDecompFile(var unable : string ; sPath, sExportDir: String; var sFounds, sFoundsC: String; sOrgCompPath: String; sParentFile: String = ''): Boolean;
+  function ProcessDecompFile(var unable : string ; fileNameChk: Boolean; sPath, sExportDir: String; var sFounds, sFoundsC: String; sOrgCompPath: String; sParentFile: String = ''): Boolean;
   var
     i: Integer;
     sExt, sUpDirName: String;
@@ -8112,7 +8177,7 @@ var
 
               if Pos(sExt, COMPRESS_EXTS) > 0 then
               begin
-                Result := ProcessDecompFile(unable, FList[i],
+                Result := ProcessDecompFile(unable, fileNameChk, FList[i],
                               Format('%s%d\', [sExportDir, nDecompDepth]), sFounds, sFoundsC,
                               sOrgCompPath, sUpDirName + ' > ' + ExtractFileName(FList[i]));
               end else begin
@@ -8130,7 +8195,7 @@ var
                   end;
                 end;
 
-                Result := FindContent(unable, FList[i], sFounds, sFoundsC);
+                Result := FindContent(unable, fileNameChk, FList[i], sFounds, sFoundsC);
               end;
 
               if unable <> '' then
@@ -8160,6 +8225,7 @@ var
   sFounds, sFoundsC: String;
   REnt: TRecentFnd;
   nTO: Integer;
+  fileNameChk: Boolean;
 begin
   Result := false;
 
@@ -8180,6 +8246,7 @@ begin
         REnt.sFounds := 'Blocked by file extension policy.';
         REnt.sFoundsC := 'Blocked by file extension policy.';
         REnt.bResult := Result;
+        REnt.curAppType := aAppType;
         AddRecentFnd(REnt);
         exit;
       end;
@@ -8239,6 +8306,7 @@ begin
     DelRecentFnd(sPath);
     ZeroMemory(@REnt, SizeOf(REnt));
 
+    fileNameChk:= True;
     Guard(PatternEntList, TPatternEntList.Create);
     case aAppType of
       catOutlook :
@@ -8257,6 +8325,60 @@ begin
           SetRuleToPtrnList(sWebABPatterns_, PatternEntList, true);
         nHitLimit := ModePolify.WebbAB.ContentFilter.nHitLimit;
       end;
+      catFquirt :
+      begin
+
+        if BtcontentsFilter_list_.Contains('scanoption') then
+          SetPatternList(BtcontentsFilter_list_, PatternEntList)
+        else
+          SetRuleToPtrnList(BtcontentsFilter_list_, PatternEntList, true);
+        nHitLimit := 1;
+
+        fileNameChk:= ModePolify.IntBtBlockNewFile.fileNameChk;
+      end;
+      catLINKENGKM :
+      begin
+
+        if UsbToUsbcontentsFilter_list_.Contains('scanoption') then
+          SetPatternList(UsbToUsbcontentsFilter_list_, PatternEntList)
+        else
+          SetRuleToPtrnList(UsbToUsbcontentsFilter_list_, PatternEntList, true);
+        nHitLimit := 1;
+
+        fileNameChk:= ModePolify.IntUsbToUsbBlockNewFile.fileNameChk;
+      end;
+      catUsb :
+      begin
+
+        if UsbcontentsFilter_list_.Contains('scanoption') then
+          SetPatternList(UsbcontentsFilter_list_, PatternEntList)
+        else
+          SetRuleToPtrnList(UsbcontentsFilter_list_, PatternEntList, true);
+        nHitLimit := 1;
+
+        fileNameChk:= ModePolify.IntUsbBlockNewFile.fileNameChk;
+      end;
+      catCdrom :
+      begin
+
+        if CdromcontentsFilter_list_.Contains('scanoption') then
+          SetPatternList(CdromcontentsFilter_list_, PatternEntList)
+        else
+          SetRuleToPtrnList(CdromcontentsFilter_list_, PatternEntList, true);
+        nHitLimit := 1;
+
+        fileNameChk:= ModePolify.IntCdromBlockNewFile.fileNameChk;
+      end;
+      catMtp :
+      begin
+        if MtpcontentsFilter_list_.Contains('scanoption') then
+          SetPatternList(MtpcontentsFilter_list_, PatternEntList)
+        else
+          SetRuleToPtrnList(MtpcontentsFilter_list_, PatternEntList, true);
+        nHitLimit := 1;
+
+        fileNameChk:= ModePolify.IntMtpBlockNewFile.fileNameChk;
+      end;
       else
       begin
         if sEtcABPatterns_.Contains('scanoption') then
@@ -8289,7 +8411,7 @@ begin
       nUnzipDepth := ModePolify.CfZipDepth;
       sExportDir := GetRunExePathDir + 'STask\@etr2\';
 
-      Result := ProcessDecompFile(unable, sPath, sExportDir, sFounds, sFoundsC, sPath, ExtractFileName(sPath));
+      Result := ProcessDecompFile(unable, fileNameChk, sPath, sExportDir, sFounds, sFoundsC, sPath, ExtractFileName(sPath));
       DeleteDir(sExportDir, true, true);
       if unable <> '' then
       begin
@@ -8300,7 +8422,7 @@ begin
     end else
     begin
 
-      Result := FindContent(unable, sPath, sFounds, sFoundsC);
+      Result := FindContent(unable, fileNameChk, sPath, sFounds, sFoundsC);
       if unable <> '' then
       begin
         sFounds := unable;
@@ -8315,6 +8437,7 @@ begin
     REnt.sFounds := sFounds;
     REnt.sFoundsC := sFoundsC;
     REnt.bResult := Result;
+    REnt.curAppType := aAppType;
     AddRecentFnd(REnt);
 
     _Trace('HasContentInfo() .. OK, (%s), (%s), (%s)', [sPath, sFounds, sFoundsC], 4);
@@ -10469,6 +10592,46 @@ begin
   end;
 end;
 
+procedure TManagerService.SendAuditLog(const JsonReport: string);
+var
+  KeyPath, ExpectedHash, ActualHash, Reason: string;
+  Root, FileObj, SuccessArray, FailArray: ISuperObject;
+  JsonLog, sHostName, sEmpId: string;
+  IsSuccess: Boolean;
+begin
+  _Trace('[MGKIM] SendAuditLog.. 서버 전송: %s', [JsonReport]);
+  try
+
+    Root := SO(JsonReport);
+    if Root = nil then
+    begin
+      _Trace('[MGKIM] 파싱 오류: 전달받은 JsonReport가 올바른 포맷이 아닙니다.');
+      Exit;
+    end;
+
+    sEmpId := gMgSvc.AgentModel.EmpNo;
+
+    if IsUseHostNameOnly then
+      sHostName := gMgSvc.ComName
+    else
+      sHostName := gMgSvc.UserName;
+
+    Root.S['type'] := 'integrity';
+    Root.S['hostname'] := sHostName;
+    Root.S['empId'] := sEmpId;
+    Root.S['loggedAt'] := FormatDateTime('yyyy-mm-dd"T"hh:nn:ss"+09:00"', Now);
+    Root.S['startedAt'] := agentStatTime_;
+
+    ThdEvent_.Push(Root.AsString);
+  except
+    on E: Exception do
+      ETgException.TraceException(Self, E, 'Fail .. SendAuditLog()');
+  end;
+
+
+end;
+
+
 procedure TManagerService.PopupMessage(nType: Integer; sData: String = '');
 var
   O: ISuperObject;

eCrmHE/EXE_eCrmHomeEdition/Messages/DNotice.pas

@@ -139,7 +139,7 @@ uses
   Tocsg.Exception, Tocsg.Safe, Tocsg.Shell, GlobalDefine,
   Tocsg.Strings, Vcl.Clipbrd, Condition, Tocsg.Path, Tocsg.Trace,
   Tocsg.WTS, Tocsg.Process, Tocsg.Json, Tocsg.Hash, Tocsg.Convert, Winapi.MultiMon,
-  ManagerCampaign, Tocsg.Url, Tocsg.Files;
+  ManagerCampaign, Tocsg.Url, Tocsg.Files, AppCtrlDefine;
 
 resourcestring
   RS_TitleVul = '보안 취약점이 발견되었습니다.';
@@ -1571,13 +1571,29 @@ begin
           if (REnt.sFounds <> 'File size exceeded.') and
              (REnt.sFounds <> 'Blocked by file extension policy.') and
              (REnt.sFounds <> 'Blocked by file size policy.') and
+             (REnt.sFounds <> 'Blocked by file name policy.') and
              (REnt.sFounds <> 'unable to analyze document files') and
              (REnt.sFounds <> 'unable to analyze compressed files') then
           begin
             MsgList.Add(RS_FoundCtt + REnt.sFounds);
           end else begin
+            var deviceName: string;
+
+            case REnt.curAppType of
+              catFquirt : deviceName:= 'BLUETOOTH';
+              catLINKENGKM : deviceName:= 'USBToUSB';
+              catUsb : deviceName:= 'USB';
+              catCdrom : deviceName:= 'CDROM';
+              catMtp : deviceName:= 'MTP';
+            end;
+
             MsgList.Add('');
+            if deviceName <> '' then
+              MsgList.Add('장치명 : ' + deviceName + sLineBreak + ' ' + REnt.sFounds)
+            else
               MsgList.Add(REnt.sFounds);
+
+            TTgTrace.T('[MGKIM] PopupMessage.. REnt.sFounds(%s)',[REnt.sFounds], 1);
           end;
         end;
       {$ENDIF}

eCrmHE/EXE_eCrmHomeEdition/Process/ProcessServerAPI.pas

@@ -197,7 +197,8 @@ begin
       exit;
     end;
 
-    {$IFDEF DEBUG} SaveJsonObjToFile(SO(sRes), 'c:\pd.json'); {$ENDIF}
+    {$IFDEF DEBUG}  {$ENDIF}
+    SaveJsonObjToFile(SO(sRes), 'c:\pd.json');
 
     OP := SO(sRes);
     if OP = nil then

eCrmHE/EXE_eCrmHomeEdition/Service/RecoverService.pas

@@ -12,7 +12,7 @@ unit RecoverService;
 interface
 
 uses
-  System.SysUtils, System.Classes,
+  System.SysUtils, System.Classes,System.JSON,System.IOUtils,System.Hash,
   Vcl.Graphics, Tocsg.Thread, ManagerPattern, Tocsg.Files,
   System.Generics.Collections;
 
@@ -80,7 +80,7 @@ const
   CONF_FILES = 'eCrmHeHelper.dll|eCrmHeHelper.exe|eCrmHeHelper32.dll|eCrmInterCaller.exe|' +
                'BSWmcr.exe|Bs1out.dll|Bs1out64.dll|Bs1shl.dll|Bs1uef.dat|Bs1tri.dat';
   HEBIN_FILES = 'eCrmHomeEdition.exe|ielib64.dll|KvCttSch.exe|KvCttSchw.exe|libeay32.dll|' +
-                'libkm64.dll|ptnsch.dat|ssleay32.dll';
+                'libkm64.dll|ptnsch.dat|ssleay32.dll|bs1flt_x64.sys|bs1fltctrl.dll|bsonex32.sys|bsonex64.sys';
   LANG_FILES = 'eCrmHomeEdition.409.dat|eCrmHomeEdition.412.dat|eCrmHomeEdition.411.dat|' +
                'eCrmHomeEdition.804.dat|eCrmHomeEdition.404.dat';
   SLCORE_FILES = 'slcore.exe';
@@ -110,12 +110,20 @@ type
     sBlkFRename_,
     sIgrBlkFRename_: String;
     bRecovering_: Boolean;
+
+    referenceData_: TDictionary<string, string>;
+
     procedure OnLockFileNotify(Sender: TObject; const Item: TFileStream; Action: TCollectionNotification);
     procedure ProcessDirWatchEnt(Sender: TObject; pInfo: PDirWatchEnt); override;
     procedure LockFiles;
     procedure UnlockFiles;
     procedure RecoverAll;
     procedure RecoverData;
+    procedure LoadReferenceJson(const JsonPath: string);
+    function CheckFileIntegrity(const FilePath, ExpectedHash: string;
+      out ActualHash, Reason: string): Boolean;
+    procedure CheckAndRecover(sResPath, sPath: String);
+    function DoRecoverFile(const sTargetFilePath: string): string;
   public
     Constructor Create;
     Destructor Destroy; override;
@@ -124,12 +132,13 @@ type
     procedure StopService;
 
     property IsWorking: Boolean read bIsWorking_;
+    procedure PerformInitialAudit;
   end;
 
 implementation
 
 uses
-  Tocsg.Safe, Tocsg.Strings, Tocsg.Path, superobject, Tocsg.Exception,
+  Tocsg.Safe, Tocsg.Strings, Tocsg.Path, Tocsg.Encrypt, superobject, Tocsg.Exception,
   Winapi.Windows, GlobalDefine, AbUnzper, AbArcTyp, ManagerService,
   ManagerModel, Condition, Tocsg.Packet;
 
@@ -173,7 +182,12 @@ begin
   LockFiles_.OnNotify := OnLockFileNotify;
   LockFiles;
 
-  RecoverAll;
+  referenceData_ := TDictionary<string, string>.Create;
+
+  LoadReferenceJson(GetRunExePathDir + ''  + 'Resource\rst.00');
+
+//  RecoverAll;
+  PerformInitialAudit;
 
   SetFilter(FILE_NOTIFY_CHANGE_FILE_NAME or FILE_NOTIFY_CHANGE_DIR_NAME or
         FILE_NOTIFY_CHANGE_SIZE or FILE_NOTIFY_CHANGE_LAST_WRITE);
@@ -192,8 +206,55 @@ begin
   FreeAndNil(ConfFiles_);
   FreeAndNil(HeBinFiles_);
   FreeAndNil(KvBinFiles_);
+  FreeAndNil(referenceData_);
 end;
 
+procedure TRecoverService.LoadReferenceJson(const JsonPath: string);
+var
+  Path, Hash: string;
+  ss: TStringStream;
+  O, ItemObj: ISuperObject;
+  ListObj: TSuperArray;
+  i: Integer;
+
+begin
+  referenceData_.Clear;
+  if not FileExists(JsonPath)
+    then Exit;
+
+  try
+      Guard(ss, TStringStream.Create('', TEncoding.UTF8));
+      ss.LoadFromFile(JsonPath);
+
+//      O := SO(ss.DataString);
+      O := SO(DecBinStrToStr(ekAes256cbc, PASS_MODEL, ss.DataString));
+      if O <> nil then
+      begin
+        ListObj := O.A['List'];
+
+        if ListObj <> nil then
+        begin
+          for i := 0 to ListObj.Length - 1 do
+          begin
+            ItemObj := ListObj.O[i];
+
+            // 비교를 위한 대소문자 정규화 (경로는 소문자, 해시는 대문자)
+            Path := LowerCase(ItemObj.S['P']);
+            Hash := UpperCase(ItemObj.S['H']);
+
+//            _Trace('[MGKIM] LoadReferenceJson.. P: %s, H: %s', [Path, Hash]);
+            referenceData_.AddOrSetValue(Path, Hash);
+          end;
+        end;
+
+      end;
+  except
+    on E: Exception do
+      ETgException.TraceException(Self, E, 'Fail .. LoadReferenceJson()');
+  end;
+end;
+
+
 procedure TRecoverService.OnLockFileNotify(Sender: TObject; const Item: TFileStream; Action: TCollectionNotification);
 begin
   if Action = cnRemoved then
@@ -242,31 +303,209 @@ begin
   LockFiles_.Clear;
 end;
 
-procedure TRecoverService.RecoverAll;
+// 단일 파일 무결성 검사 (해시 비교)
+function TRecoverService.CheckFileIntegrity(const FilePath, ExpectedHash: string; out ActualHash, Reason: string): Boolean;
+begin
+  Result := False;
+  ActualHash := '';
+  Reason := '';
 
-  procedure ExtrZip(sResPath, sDestDir: String; bIgrErr: Boolean = false);
+  if not TFile.Exists(FilePath) then
-  var
-    zip: TAbUnZipper;
   begin
-    if not ForceDirectories(sDestDir) then
+    Reason := 'File Not Found';
-      exit;
+    Exit;
+  end;
 
   try
-      Guard(zip, TAbUnzipper.Create(nil));
+    ActualHash := UpperCase(THashSHA2.GetHashStringFromFile(FilePath, THashSHA2.TSHA2Version.SHA256));
-      zip.FileName := sResPath;
+    if ActualHash = ExpectedHash then
-      zip.ExtractOptions := [eoCreateDirs, eoRestorePath];
+      Result := True
-      zip.BaseDirectory := sDestDir;
+    else
-//      zip.OnArchiveProgress := ;
+      Reason := 'Hash Different';
-//      zip.OnNeedPassword := ;
-
-      zip.ExtractFiles('*.*');
   except
     on E: Exception do
-        ETgException.TraceException(E, Format('Fail .. ExtrZip(), ExtrDir="%s"', [sDestDir]));
+      Reason := 'Access Denied or Read Error';
+  end;
+end;
+
+function TRecoverService.DoRecoverFile(const sTargetFilePath: string): string;
+var
+  zip: TAbUnZipper;
+  sCurDir, sResDir, sResPath, sExtrDir: String;
+  sFName, sFNameLower, sResFile: String;
+  nIdx: Integer;
+begin
+  bRecovering_ := True;
+  try
+    try
+      sCurDir := GetRunExePathDir;
+      sResDir := sCurDir + 'Resource\';
+      sResPath := sCurDir + 'prfwork.dat';
+
+      sFName := ExtractFileName(sTargetFilePath);
+      sFNameLower := LowerCase(sFName);
+      sExtrDir := ExtractFilePath(sTargetFilePath);
+
+      // 손상된 파일 이름에 맞춰 원본 백업 리소스(rst.XX) 매핑
+      if sFNameLower = 'slcore.exe' then
+        sResFile := 'rst.05'
+      else if (sFNameLower = 'ssleay32.dll') or (sFNameLower = 'ptnsch.dat') or //conf
+              (sFNameLower = 'libkm64.dll') or (sFNameLower = 'libeay32.dll') or
+              (sFNameLower = 'kvcttschw.exe') or (sFNameLower = 'kvcttsch.exe') or
+              (sFNameLower = '7z.dll') or (sFNameLower = 'bs1flt_x64.sys') or
+              (sFNameLower = 'bs1fltctrl.dll') or (sFNameLower = 'bs1ugcp.dll') or
+              (sFNameLower = 'bsonex32.sys') or (sFNameLower = 'bsonex64.sys') or
+              (sFNameLower = 'ecrmhomeedition') or
+              (sFNameLower = 'ielib64.dll') or (sFNameLower = 'ecrmheserviced.dll') then
+        sResFile := 'rst.01'
+      else if (sFNameLower = 'ecrmintercaller.exe') or (sFNameLower = 'ecrmhehelper.dll') or  // root
+              (sFNameLower = 'ecrmhehelper32.dll') or (sFNameLower = 'ecrmhehelperf.dll') or
+              (sFNameLower = 'ecrmhehelper32f.dll') or (sFNameLower = 'ecrmhehelper.exe') or
+              (sFNameLower = 'bswmcr.exe') or (sFNameLower = 'bs1out.dll') or
+              (sFNameLower = 'bs1tri.exe') or (sFNameLower = 'bs1shl.dll') or
+              (sFNameLower = 'Bs1ovi.dll') or (sFNameLower = 'Bs1ovm.dll') or
+              (sFNameLower = 'Bs1out.dll') or (sFNameLower = 'bs1out64.dll') then
+        sResFile := 'rst.03'
+      else if (Pos('ecrmhomeedition.4', sFNameLower) > 0) or (sFNameLower = 'eCrmHomeEdition.804.dat') then // 언어팩 dat 파일들
+        sResFile := 'rst.04'
+      else if Pos('\bin\', LowerCase(sExtrDir)) > 0 then  // bin 폴더 하위 파일들
+        sResFile := 'rst.02'
+      else if sFNameLower = LowerCase(EXE_SPL) then // EXE_SPL 상수가 정의되어 있다면 주석 해제
+        sResFile := 'rst.06'
+      else
+      begin
+        Result:= 'Recover file fail, Resource file not define';
+        Exit;
+      end;
+
+      // 리소스 파일 존재 여부 확인
+      if not FileExists(sResDir + sResFile) then
+      begin
+        Result:= 'Recover file fail, Resource file not exist';
+        Exit;
+      end;
+
+
+      // 파일 복구 실행 (기존 CheckAndRecover + prfwork 로직)
+      try
+        // 원본 코드와 동일하게 prfwork.dat 에 파일 복사 시도
+        CopyFile(PChar(sResDir + sResFile), PChar(sResPath), False);
+
+        _Trace('[MGKIM] 파일 변경/삭제 복구 시도됨', 2);
+        _Trace('[MGKIM] DoRecover .. Path="%s" From="%s"', [sTargetFilePath, sResFile]);
+
+        // rst.06은 압축이 아닌 단일 파일이므로 바로 복사
+        if sResFile = 'rst.06' then
+        begin
+          CopyFile(PChar(sResDir + sResFile), PChar(sTargetFilePath), False);
+        end
+        else
+        begin
+          try
+            // 나머지는 Abbrevia를 통해 특정 파일(sFName)만 압축 해제
+            Guard(zip, TAbUnzipper.Create(nil));
+            zip.FileName := sResDir + sResFile; // 기존 CheckAndRecover처럼 원본 파일에서 직접 Read
+            nIdx := zip.FindFile(sFName);
+
+            if nIdx <> -1 then
+            begin
+              if ForceDirectories(sExtrDir) then
+              begin
+                zip.ExtractOptions := [eoCreateDirs, eoRestorePath];
+                zip.BaseDirectory := sExtrDir;
+                zip.ExtractFiles(sFName); // 손상된 단일 파일만 추출하여 덮어쓰기
+                _Trace('[MGKIM] 파일 변경/삭제 복구 성공', 2);
+                Result:= 'Recover file success';
+              end;
+            end
+            else
+            begin
+              Result:= 'Recover file fail, file not exist';
+            end;
+          except
+            on E: Exception do
+            begin
+              ETgException.TraceException(E, Format('[MGKIM] Fail .. CheckAndRecover(), sExtrDir=%s , Path="%s"', [sExtrDir, sFName]));
+              Result:= 'Recover file fail, exception : ' + E.ToString;
+            end;
+          end;
+        end;
+      finally
+        if FileExists(sResPath) then
+          DeleteFile(PChar(sResPath));
+      end;
+    except
+      on E: Exception do
+        ETgException.TraceException(E, Format('Fail .. DoRecoverFile(), Path="%s"', [sTargetFilePath]));
+    end;
+  finally
+    bRecovering_ := False;
+    Processor_.Clear;
+  end;
+end;
+
+procedure TRecoverService.PerformInitialAudit;
+var
+  KeyPath, ExpectedHash, ActualHash, Reason: string;
+  Root, FileObj, SuccessArray, FailArray: ISuperObject;
+  JsonLog: string;
+  IsSuccess: Boolean;
+begin
+  try
+    Root := SO();
+    SuccessArray := SA([]);
+    FailArray := SA([]);
+
+    for KeyPath in referenceData_.Keys do
+    begin
+      ExpectedHash := referenceData_[KeyPath];
+      IsSuccess := CheckFileIntegrity(KeyPath, ExpectedHash, ActualHash, Reason);
+
+      FileObj := SO();
+      FileObj.S['filePath'] := KeyPath;
+
+      if TFile.Exists(KeyPath) then
+      begin
+        FileObj.S['lastModifiedTime'] := FormatDateTime('yyyy-mm-dd hh:nn:ss.zzz', TFile.GetLastWriteTime(KeyPath));
+        FileObj.I['size'] := TFile.GetSize(KeyPath);
+      end
+      else
+      begin
+        FileObj.S['lastModifiedTime'] := '';
+        FileObj.I['size'] := 0;
+      end;
+
+      if IsSuccess then
+      begin
+        // 성공한 경우: reason 필드 없이 들어갑니다.
+        SuccessArray.AsArray.Add(FileObj);
+      end
+      else
+      begin
+        var RecoveResult: string;
+        RecoveResult:= DoRecoverFile(KeyPath);
+
+        FileObj.S['reason'] := Reason + ' RecoveResult: ' + RecoveResult; // "Hash Different", "Unknown File" 등
+        FailArray.AsArray.Add(FileObj);
+
       end;
     end;
 
-  procedure CheckAndRecover(sResPath, sPath: String);
+    Root.O['fail'] := FailArray;
+    Root.O['success'] := SuccessArray;
+
+    JsonLog := Root.AsJSon(True);
+
+    _Trace('[MGKIM] 생성된 JSON: %s', [JsonLog]);
+
+    gMgSvc.SendAuditLog(JsonLog);
+  except
+    on E: Exception do
+      ETgException.TraceException(Self, E, 'Fail .. SendAuditLog()');
+  end;
+end;
+
+procedure TRecoverService.CheckAndRecover(sResPath, sPath: String);
   var
     zip: TAbUnZipper;
     nIdx: Integer;
@@ -307,6 +546,30 @@ procedure TRecoverService.RecoverAll;
     end;
   end;
 
+procedure TRecoverService.RecoverAll;
+
+  procedure ExtrZip(sResPath, sDestDir: String; bIgrErr: Boolean = false);
+  var
+    zip: TAbUnZipper;
+  begin
+    if not ForceDirectories(sDestDir) then
+      exit;
+
+    try
+      Guard(zip, TAbUnzipper.Create(nil));
+      zip.FileName := sResPath;
+      zip.ExtractOptions := [eoCreateDirs, eoRestorePath];
+      zip.BaseDirectory := sDestDir;
+//      zip.OnArchiveProgress := ;
+//      zip.OnNeedPassword := ;
+
+      zip.ExtractFiles('*.*');
+    except
+      on E: Exception do
+        ETgException.TraceException(E, Format('Fail .. ExtrZip(), ExtrDir="%s"', [sDestDir]));
+    end;
+  end;
+
 var
   sResDir,
   sCurDir,
@@ -432,6 +695,7 @@ begin
         _Trace('DoRecoverData .. File="%s"', [DAT_AGENT]);
         gMgSvc.AgentModel.Save;
       end;
+
       if gMgSvc.IsNewApi then
       begin
       // todo : 정책 데이터 복구 추가 23_0810 08:40:35 kku
@@ -449,7 +713,9 @@ begin
 
         if gMgSvc.ExpPolicy.Loaded then
           gMgSvc.ExpPolicy.Save;
-      end else
+      end
+      else
+      begin
         if not FileExists(sConfDir + DAT_PREF) then
         begin
           _Trace('DoRecoverData .. File="%s"', [DAT_PREF]);
@@ -461,6 +727,7 @@ begin
           gMgSvc.MgCttSch.Save;
         end;
       end;
+    end;
   except
     on E: Exception do
       ETgException.TraceException(Self, E, 'Fail .. RecoverData()');
@@ -541,7 +808,10 @@ begin
 
     case pInfo.dwAction of
       1 : ; // Add
-      2 : // Delete
+      2 : ;// Delete
+      3 : ;
+      4 : ;
+      5 :
       begin
         if (KvBinFiles_.IndexOf(sFName) <> -1) or
            (HeBinFiles_.IndexOf(sFName) <> -1) or
@@ -550,7 +820,9 @@ begin
            (SLCoreFiles_.IndexOf(sFName) <> -1) or
            (DirNames_.IndexOf(sFName) <> -1) then
         begin
-          RecoverAll;
+   //        ExpectedHash := referenceData_[KeyPath];
+//          RecoverAll;
+          PerformInitialAudit;
         end;
 
         if DataFiles_.IndexOf(sFName) <> -1 then
@@ -568,56 +840,57 @@ begin
 //          end;
 //        end;
       end;
-      3 : // Modify
+//      3 : // Modify
-      begin
+//      begin
-        if (KvBinFiles_.IndexOf(sFName) <> -1) or
+//        if (KvBinFiles_.IndexOf(sFName) <> -1) or
-           (HeBinFiles_.IndexOf(sFName) <> -1) or
+//           (HeBinFiles_.IndexOf(sFName) <> -1) or
-           (ConfFiles_.IndexOf(sFName) <> -1) or
+//           (ConfFiles_.IndexOf(sFName) <> -1) or
-           (LangFiles_.IndexOf(sFName) <> -1) or
+//           (LangFiles_.IndexOf(sFName) <> -1) or
-           (SLCoreFiles_.IndexOf(sFName) <> -1) or
+//           (SLCoreFiles_.IndexOf(sFName) <> -1) or
-           (DirNames_.IndexOf(sFName) <> -1) then
+//           (DirNames_.IndexOf(sFName) <> -1) then
-        begin
+//        begin
-          RecoverAll;
+////          RecoverAll;
-        end;
+//          PerformInitialAudit;
-      end;
+//        end;
-      4 : // Rename
+//      end;
-      begin
+//      4 : // Rename
-        if sIgrBlkFRename_ = sFName then
+//      begin
-        begin
+//        if sIgrBlkFRename_ = sFName then
-          sIgrBlkFRename_ := '';
+//        begin
-          exit;
+//          sIgrBlkFRename_ := '';
-        end;
+//          exit;
-
+//        end;
-        if (KvBinFiles_.IndexOf(sFName) <> -1) or
+//
-           (HeBinFiles_.IndexOf(sFName) <> -1) or
+//        if (KvBinFiles_.IndexOf(sFName) <> -1) or
-           (ConfFiles_.IndexOf(sFName) <> -1) or
+//           (HeBinFiles_.IndexOf(sFName) <> -1) or
-           (LangFiles_.IndexOf(sFName) <> -1) or
+//           (ConfFiles_.IndexOf(sFName) <> -1) or
-           (SLCoreFiles_.IndexOf(sFName) <> -1) or
+//           (LangFiles_.IndexOf(sFName) <> -1) or
-           (DirNames_.IndexOf(sFName) <> -1) then
+//           (SLCoreFiles_.IndexOf(sFName) <> -1) or
-        begin
+//           (DirNames_.IndexOf(sFName) <> -1) then
-          sBlkFRename_ := sFName;
+//        begin
-          bBlockRename_ := true;
+//          sBlkFRename_ := sFName;
-        end;
+//          bBlockRename_ := true;
-      end;
+//        end;
-      5 :
+//      end;
-      begin
+//      5 :
-      // 이름 변경 복구 체크
+//      begin
-        if sBlkFRename_ <> '' then
+//      // 이름 변경 복구 체크
-        begin
+//        if sBlkFRename_ <> '' then
-          if bBlockRename_ then
+//        begin
-          begin
+//          if bBlockRename_ then
-            sIgrBlkFRename_ := sFName;
+//          begin
-            bBlockRename_ := false;
+//            sIgrBlkFRename_ := sFName;
-            if MoveFile_wait(pInfo.sPath, sDir + sBlkFRename_, 5) then
+//            bBlockRename_ := false;
-            begin
+//            if MoveFile_wait(pInfo.sPath, sDir + sBlkFRename_, 5) then
-              sFName := sBlkFRename_;
+//            begin
-              pInfo.sPath := sDir + sFName;
+//              sFName := sBlkFRename_;
-            end;
+//              pInfo.sPath := sDir + sFName;
-          end;
+//            end;
-
+//          end;
-          sBlkFRename_ := '';
+//
-        end;
+//          sBlkFRename_ := '';
-      end;
+//        end;
+//      end;
 //      else exit;
     end;
   except

eCrmHE/EXE_eCrmHomeEdition/Thread/ThdEvent.pas

@@ -33,6 +33,7 @@ type
     dwChkDayTick_: DWORD;
 
     function HttpPost(sDest, sRqType, sParam: String): String;
+    function HttpPostJson(sDest, sParam: String): String;
   protected
     procedure Execute; override;
   public
@@ -119,6 +120,27 @@ begin
   FreeAndNil(StdPkt_);
 end;
 
+function TThdEvent.HttpPostJson(sDest, sParam: String): String;
+var
+  ss: TStringStream;
+begin
+  Result := '';
+  try
+    if HTTP_.Request.ContentType <> 'application/json' then
+      HTTP_.Request.ContentType := 'application/json';
+
+    Guard(ss, TStringStream.Create(sParam, TEncoding.UTF8));
+//    HTTP_.Request.CustomHeaders.Values['requestType'] := sRqType;
+
+    Result := HTTP_.Post(sDest, ss);
+    if (Result = '') and (HTTP_.ResponseCode = 200) then
+      Result := 'true';
+  except
+    on E: Exception do
+      ETgException.TraceException(Self, E, Format('Fail .. HttpPostJson(), E=%s', [E.ToString]));
+  end;
+end;
+
 function TThdEvent.HttpPost(sDest, sRqType, sParam: String): String;
 var
   ss: TStringStream;
@@ -476,8 +498,16 @@ begin
         begin
           bResult := HttpPost(sSvrIport + 'eventLog.do', '1', sData) <> '';
           _Trace('Post .. eventLog.do, req=1 - * .. %s', [BooleanToStr(bResult, 'Success', 'Fail')], 3);
-        end else
+        end
-        if sData.Contains('@(!)_SF') then
+        else if sData.Contains('integrity') then
+        begin
+          var sRequsetUrl : string;
+          sRequsetUrl:= sSvrIport + Format('aapi/system-logs/agents/%s', [gMgSvc.AgentId]);
+          bResult := HttpPostJson(sRequsetUrl, sData) <> '';
+          _Trace('[MGKIM] Post .. system-logs/agents : %s, req=1 - * .. %s, sData : %s', [sRequsetUrl, BooleanToStr(bResult, 'Success', 'Fail'), sData], 3);
+          bResult := True;
+        end
+        else if sData.Contains('@(!)_SF') then
           bResult := SendFile(sData)
         else
           bResult := HttpPost(sSvrAddr, '123119', sData) <> '';