feat : Bs1FltUsbPortClearException api 추가, Bs1FltOpen API 추가

- 기존 UsbPort 예외 목록 초기화
  - Bs1FltOpen을 통해 다른 프로세스에서도 커널 드라이버 제어 가능

feat : 설치 폴더 및 programdata/tocsg 폴더 보호 기능 추가
  - 외부에서 접근 가능한 파일 예외(읽기만 가능)
  - 폴더 권한 변경 방지 및 보호

feat: 설치 레지스트리 보호 기능 추가
  - SoftWare\ecrHomeEdition 접근 방지 추가(regedit.exe 등 지정된 프로세스)

Tocsg.Module/Bs1Flt/bin/bs1flt.inf

@@ -10,7 +10,7 @@ ClassGuid   = {b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}    ;This value is determine
 ;Class = "ActivityMonitor"
 ;ClassGuid = {AE71EC8D-C1FD-4564-8AA9-D56ADE722321}
 Provider    = %ManufacturerName%
-DriverVer = 03/03/2026,16.39.0.536
+DriverVer = 03/09/2026,18.21.59.681
 CatalogFile = bs1flt.cat
 PnpLockdown = 1
 

Tocsg.Module/Bs1Flt/bin/bs1flt/bs1flt.inf

@@ -10,7 +10,7 @@ ClassGuid   = {b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}    ;This value is determine
 ;Class = "ActivityMonitor"
 ;ClassGuid = {AE71EC8D-C1FD-4564-8AA9-D56ADE722321}
 Provider    = %ManufacturerName%
-DriverVer = 03/03/2026,16.39.0.536
+DriverVer = 03/09/2026,18.21.59.681
 CatalogFile = bs1flt.cat
 PnpLockdown = 1
 

Tocsg.Module/Bs1Flt/bs1dc_Delphi/Bs1FltCtrl.pas

@@ -112,6 +112,10 @@ type
   TfpBs1fltProcessCreate = function(enable : DWORD ): DWORD; stdcall;
   TfpBs1fltSetProcessCreateBlockRule = function(name: LPCWSTR; cmd: LPCWSTR; parentName: LPCWSTR ): DWORD; stdcall;
   TfpBs1fltClearProcessCreateBlockRule = function():DWORD stdcall;
+
+  TfBs1fltClearUsbPortException = function() : DWORD stdcall;
+  TfBs1fltOpen = function() : DWORD stdcall;
+
   { TBs1fltControl Class }
   TBs1fltControl = class
   private
@@ -157,6 +161,9 @@ type
     FBs1fltSetProcessCreateBlockRule: TfpBs1fltSetProcessCreateBlockRule;
     FBs1fltClearProcessCreateBlockRule: TfpBs1fltClearProcessCreateBlockRule;
 
+    FBs1fltClearUsbPortException: TfBs1fltClearUsbPortException;
+    FBs1fltOpen: TfBs1fltOpen;
+
     function LoadFunc(var ProcPtr: Pointer; Ordinal: Integer): Boolean;
     procedure UnloadDll;
 
@@ -208,6 +215,10 @@ type
     function SetProcessCreateBlockRule(name, cmd, parentName: LPCWSTR): DWORD;
     //프로세스 생성 차단 정책 초기화
     function ClearProcessCreateBlockRule: DWORD;
+
+    function ClearUsbPortException: DWORD;
+    function Open: DWORD;
+
   end;
 
 var
@@ -252,7 +263,8 @@ const
   ORD_ProcessCreate               = 33;
   ORD_SetProcessCreateBlockRule   = 34;
   ORD_ClearProcessCreateBlockRule = 35;
-
+  ORD_ClearUsbPortException = 36;
+  ORD_Open = 37;
 { TBs1fltControl }
 
 constructor TBs1fltControl.Create;
@@ -345,6 +357,9 @@ begin
   AllLoaded := AllLoaded and LoadFunc(@FBs1fltSetProcessCreateBlockRule,    ORD_SetProcessCreateBlockRule);
   AllLoaded := AllLoaded and LoadFunc(@FBs1fltClearProcessCreateBlockRule,  ORD_ClearProcessCreateBlockRule);
 
+  AllLoaded := AllLoaded and LoadFunc(@FBs1fltClearUsbPortException,  ORD_ClearUsbPortException);
+  AllLoaded := AllLoaded and LoadFunc(@FBs1fltOpen,  ORD_Open);
+
   if not AllLoaded then
   begin
     UnloadDll;
@@ -536,4 +551,14 @@ begin
   if Assigned(FBs1fltClearProcessCreateBlockRule) then Result := FBs1fltClearProcessCreateBlockRule() else Result := BS1FLT_ERR_NOT_LOADED;
 end;
 
+function TBs1fltControl.ClearUsbPortException(): DWORD;
+begin
+  if Assigned(FBs1fltClearUsbPortException) then Result := FBs1fltClearUsbPortException() else Result := BS1FLT_ERR_NOT_LOADED;
+end;
+
+function TBs1fltControl.Open(): DWORD;
+begin
+  if Assigned(FBs1fltOpen) then Result := FBs1fltOpen() else Result := BS1FLT_ERR_NOT_LOADED;
+end;
+
 end.

Tocsg.Module/Bs1Flt/bs1flt/bs1flt_common.h

@@ -18,8 +18,8 @@
 
 
 /// 레지스트리 보호대상 정의
-#define REG_BS1_REGPATH_KEY_W						L"SOFTWARE\\eCrmHomeEdition"	
-#define REG_BS1_REGPATH_KEY_W_64					L"SOFTWARE\\WOW6432NODE\\eCrmHomeEdition"	
+#define REG_BS1_REGPATH_KEY_W						L"SOFTWARE\\ECRMHOMEEDITION"
+#define REG_BS1_REGPATH_KEY_W_64					L"SOFTWARE\\WOW6432NODE\\ECRMHOMEEDITION"	
 
 #define REG_MINIMAL_BS1SERVICE_KEY_W		L"SYSTEM\\CurrentControlSet\\Services\\SvcCrmHe"
 //#define REG_MINIMAL_SAFEMODE_BS1SERVICE_KEY_W		L"\\CONTROL\\SAFEBOOT\\MINIMAL\\BS1SERVICE"

Tocsg.Module/Bs1Flt/bs1flt/bs1flt_connet.c

@@ -222,7 +222,7 @@ Bs1FltMssageProc(
 	__out PULONG ReturnOutputBufferLength
 )
 {
-	NTSTATUS		ntStatus = STATUS_SUCCESS;
+	NTSTATUS ntStatus = STATUS_SUCCESS;
 	PBS1FLT_MESSAGE msg = NULL;
 
 	PAGED_CODE();
@@ -231,6 +231,10 @@ Bs1FltMssageProc(
 	UNREFERENCED_PARAMETER(ConnectionCookie);
 	UNREFERENCED_PARAMETER(ReturnOutputBufferLength);
 	UNREFERENCED_PARAMETER(OutputBufferSize);
+
+	if (ReturnOutputBufferLength)
+		*ReturnOutputBufferLength = 0;
+
 	try
 	{
 		msg = (PBS1FLT_MESSAGE)InputBuffer;
@@ -372,9 +376,16 @@ Bs1FltMssageProc(
 		break;
 		case GET_PROCESS_NOTIFY_STATUS:
 		{
-			*(DWORD*)OutputBuffer = (DWORD)GetProcessNotifyStatus();
-			*ReturnOutputBufferLength = sizeof(DWORD);
-			KLogEx(DEBUG_TRACE_INFO, "GET_PROCESS_NOTIFY_STATUS(%d)\n", *(DWORD*)OutputBuffer);
+			if (OutputBuffer != NULL && OutputBufferSize >= sizeof(DWORD))
+			{
+				*(DWORD*)OutputBuffer = (DWORD)GetProcessNotifyStatus();
+				*ReturnOutputBufferLength = sizeof(DWORD);
+				KLogEx(DEBUG_TRACE_INFO, "GET_PROCESS_NOTIFY_STATUS(%d)\n", *(DWORD*)OutputBuffer);
+			}
+			else
+			{
+				ntStatus = STATUS_INVALID_PARAMETER;
+			}
 		}
 		break;
 		case SET_POLICY:

Tocsg.Module/Bs1Flt/bs1flt/bs1flt_lst.c

@@ -939,7 +939,7 @@ BOOLEAN IsDefalutLocalDiskExceptProcess(char* name)
 	"dwm.exe",
 	"audiodg.exe",
 	"SearchIndexer.exe",
-	"dllhost.exe",
+	//"dllhost.exe",
 	"dwwin.exe",
 	"vmtoolsd.exe",
 	NULL
@@ -1423,6 +1423,7 @@ static BOOLEAN NTAPI _FindUsbPort(PLIST_ENTRY node, PVOID p, ULONG d)
 		usbContext->upe.productid, cur->product,
 		usbContext->upe.serial, cur->seiral
 		);
+
 	if (usbContext->upe.vendorid == cur->vendor && usbContext->upe.productid == cur->product)
 	{
 		if (_wcsnicmp(usbContext->upe.serial, cur->seiral, wcslen(cur->seiral)) == 0)

Tocsg.Module/Bs1Flt/bs1flt/bs1flt_reg.c

@@ -142,14 +142,13 @@ Return Value:
 
 	//GetProcessName(process_name, (DWORD)PsGetCurrentProcessId());
 	
-
 	if (!g_bs1Flt.IsRegProtect)
 	{
 		return Status;
 	}
 
 	UGetProcessName(process_name);
-	///. 141014 정책이나 지정된 프로세스가 아니면 차단하지 않도록 함.
+	
 	if (!IsDefalutExceptRegProcess(process_name))
 	{
 		//KLogEx(DEBUG_TRACE_INFO, "monitor (%s)\n", process_name);
@@ -162,7 +161,7 @@ Return Value:
 
 	if (Argument2 != NULL)
 	{
-		//KLogEx(DEBUG_TRACE_INFO, "NotifyClass-%S.\n", GetNotifyClassString(NotifyClass));
+		KLogEx(DEBUG_TRACE_INFO, "NotifyClass-%S.\n", GetNotifyClassString(NotifyClass));
 		switch (NotifyClass)
 		{
 			/*
@@ -225,11 +224,12 @@ Return Value:
 			if (!PostPreOpenKeyInfoEx->CompleteName)
 				break;
 
-			//KLogEx(DEBUG_TRACE_INFO, "PostPreOpenKeyInfoEx, Length[%d] MaximumLength [%d]\n", PostPreOpenKeyInfoEx->CompleteName->Length, PostPreOpenKeyInfoEx->CompleteName->MaximumLength);
+			KLogEx(DEBUG_TRACE_INFO, "PostPreOpenKeyInfoEx, Length[%d] MaximumLength [%d]\n", PostPreOpenKeyInfoEx->CompleteName->Length, PostPreOpenKeyInfoEx->CompleteName->MaximumLength);
 			if (PostPreOpenKeyInfoEx->CompleteName->Length < sizeof(WCHAR) * MAX_PATH)
 			{
 				memcpy(wszRegName, PostPreOpenKeyInfoEx->CompleteName->Buffer, PostPreOpenKeyInfoEx->CompleteName->Length);
 
+				KLogEx(DEBUG_TRACE_INFO, "PostPreOpenKeyInfoEx, wszRegName[%S]\n", wszRegName);
 				if (IsRegKey(wszRegName))
 				{
 					if (!IsDefalutExceptRegProcess(process_name))
@@ -265,7 +265,10 @@ NTSTATUS StartRegFlt(__in PDRIVER_OBJECT DriverObject)
 	UNREFERENCED_PARAMETER(DriverObject);
 
 	if (g_RegFlter)
+	{
+		g_bs1Flt.IsRegProtect = TRUE;
 		return STATUS_SUCCESS;
+	}
 
 	SetRegKeylist(REG_BS1_REGPATH_KEY_W);
 	SetRegKeylist(REG_BS1_REGPATH_KEY_W_64);
@@ -318,4 +321,6 @@ VOID StopRegFlt()
 	}
 
 	CleanupRegKeylist();
+	g_RegFlter = FALSE;
+	g_bs1Flt.IsRegProtect = TRUE;
 }

Tocsg.Module/Bs1Flt/bs1fltctrl/bs1fltctrl.def

@@ -35,4 +35,6 @@ Bs1fltClearUsbException		@31 	NONAME
 Bs1fltSetLogType			@32		NONAME
 Bs1fltProcessCreate			@33		NONAME
 Bs1fltSetProcessCreateBlockRule	  @34		NONAME
-Bs1fltClearProcessCreateBlockRule @35		NONAME
+Bs1fltClearProcessCreateBlockRule @35		NONAME
+Bs1fltClearUsbPortException		  @36		NONAME
+Bs1fltOpen						  @37		NONAME

Tocsg.Module/Bs1Flt/bs1fltctrl/bs1fltctrl.h

@@ -40,9 +40,11 @@ BS1FLT_API DWORD WINAPI Bs1fltSetProcessProtectName(LPCWSTR name);
 BS1FLT_API DWORD WINAPI Bs1fltDelProcessProtectName(LPCWSTR name);
 BS1FLT_API DWORD WINAPI Bs1fltSetProcessProtectId(DWORD pid);
 BS1FLT_API DWORD WINAPI Bs1fltDelProcessProtectId(DWORD pid);
+
 BS1FLT_API DWORD WINAPI Bs1fltSetRegProtect(DWORD enable);
 BS1FLT_API DWORD WINAPI Bs1fltSetRegProtectName(LPCWSTR regkey);
 BS1FLT_API DWORD WINAPI Bs1fltDelRegProtectName(LPCWSTR regkey);
+
 BS1FLT_API DWORD WINAPI Bs1fltSetUsbPortException(DWORD vid, DWORD pid, DWORD bcddevice, LPCWSTR serial);
 BS1FLT_API DWORD WINAPI Bs1fltDelUsbPortException(DWORD vid, DWORD pid, DWORD bcddevice, LPCWSTR serial);
 BS1FLT_API DWORD WINAPI Bs1fltDelUsbException(LPCWSTR vid, LPCWSTR pid, LPCWSTR productrevisionlevel, LPCWSTR vendorspecific);
@@ -50,4 +52,6 @@ BS1FLT_API DWORD WINAPI Bs1fltClearUsbException();
 BS1FLT_API DWORD WINAPI Bs1fltSetLogType(DWORD type);
 BS1FLT_API DWORD WINAPI Bs1fltProcessCreate(DWORD enable);
 BS1FLT_API DWORD WINAPI Bs1fltSetProcessCreateBlockRule(LPCWSTR name, LPCWSTR cmd, LPCWSTR parentName);
-BS1FLT_API DWORD WINAPI Bs1fltClearProcessCreateBlockRule();
+BS1FLT_API DWORD WINAPI Bs1fltClearProcessCreateBlockRule();
+BS1FLT_API DWORD WINAPI Bs1fltClearUsbPortException();
+BS1FLT_API DWORD WINAPI Bs1fltOpen();

Tocsg.Module/Bs1Flt/bs1fltctrl/dllmain.cpp

@@ -225,6 +225,63 @@ $cleanup:
 
 }
 
+BS1FLT_API DWORD WINAPI Bs1fltOpen()
+{
+	char logfile[1024] = { 0, };
+	string log_path;
+	WCHAR syspath[1024] = { 0, };
+	DWORD state = BS1FLT_STATUS_SUCCESS;
+	CLocalConf localconf;
+
+	//BSONE_DEBUGA("start!!");
+
+	wstring debug = L"[Bs1Flt] start!! path : ";
+	OutputDebugStringW(debug.c_str());
+
+	GetModuleFileNameW(NULL, s_wzDllPath, ARRAYSIZE(s_wzDllPath));
+	WCHAR* ptr = wcsrchr(s_wzDllPath, L'\\');
+	if (!ptr)
+		return 99;
+
+	*ptr = '\0';
+	
+	convert_unicode_to_ansi_string(s_current_path_, s_wzDllPath, wcslen(s_wzDllPath));
+	OutputDebugStringA(s_current_path_.c_str());
+	localconf.GetConfig(s_current_path_.c_str(), GetCurrentProcessId());
+
+	BSONE_DEBUG(L"syspath(%s)\n", syspath);
+
+	interface_ = new CInterface;
+	if (interface_ == NULL)
+	{
+		BSONE_DEBUG(_T("interface new fail\n"));
+		state = 101;
+		goto $cleanup;
+	}
+
+	service_->AcquirePrivilege(L"SeDebugPrivilege");
+	if (!interface_->Init())
+	{
+		BSONE_DEBUG(L"interface init Fail	GE(%d)\n", GetLastError());
+		state = 102;
+		goto $cleanup;
+	}
+
+	BSONE_DEBUG(L"step 1.0\n");
+	if (!interface_->Open(BS1FLT_PORTNAME))
+	{
+		state = 106;
+		BSONE_DEBUG(_T("driver open fail (%x)\n"), GetLastError());
+		goto $cleanup;
+	}
+
+	return state;
+$cleanup:
+	Bs1fltCleanup();
+	return state;
+
+}
+
 BS1FLT_API DWORD WINAPI Bs1fltBegin(DWORD bIsBegin)
 {
 	if (interface_ == NULL)
@@ -525,6 +582,14 @@ BS1FLT_API DWORD WINAPI Bs1fltSetProcessCreateBlockRule(LPCWSTR name, LPCWSTR cm
 	return interface_->SetProcessCreateBlockRule(STATE_SET, name, cmd, parentName) ? BS1FLT_STATUS_SUCCESS : BS1FLT_STATUS_UNSUCCESSFUL;
 }
 
+BS1FLT_API DWORD WINAPI Bs1fltClearUsbPortException()
+{
+	if (!interface_)
+		return BS1FLT_STATUS_UNSUCCESSFUL;
+
+	return interface_->SetUsbPortException(STATE_CLEAR, 0, 0, 0, NULL) ? BS1FLT_STATUS_SUCCESS : BS1FLT_STATUS_UNSUCCESSFUL;
+}
+
 BS1FLT_API DWORD WINAPI Bs1fltClearProcessCreateBlockRule()
 {
 	if (!interface_)

Tocsg.Module/Bs1Flt/bs1fltctrl/interface.cpp

@@ -1061,9 +1061,12 @@ BOOL CInterface::SetRegProtectName(LPCWSTR regkey)
 	BS1FLT_MESSAGE msg = { 0, };
 	HRESULT result = 0;
 	DWORD dwRet = 0;
+	wstring wregkey;
 
 	msg.id_ = (ULONGLONG)SET_REG_KEY;
-	StringCbCopyW(msg.w.regkey_.regkey, sizeof(msg.w.regkey_.regkey), regkey);
+	wregkey = ToUpper(regkey);
+	
+	StringCbCopyW(msg.w.regkey_.regkey, sizeof(msg.w.regkey_.regkey), wregkey.c_str());
 
 	BSONE_DEBUG(L"regkey(%s)", regkey);
 	result = pFilterSendMessage(m_hPort, &msg, sizeof(msg), NULL, 0, &dwRet);
@@ -1082,13 +1085,16 @@ BOOL CInterface::DelRegProtectName(LPCWSTR regkey)
 	BS1FLT_MESSAGE msg = { 0, };
 	HRESULT	result = 0;
 	DWORD dwRet = 0;
+	wstring wregkey;
 
 	if (regkey != NULL)
 	{
+
 		msg.w.regkey_.size = (DWORD)wcslen(regkey) * (DWORD)sizeof(WCHAR);
 		msg.id_ = (ULONGLONG)DEL_REG_KEY;
 		
-		StringCbCopyW(msg.w.regkey_.regkey, sizeof(msg.w.regkey_.regkey), regkey);
+		wregkey = ToUpper(regkey);
+		StringCbCopyW(msg.w.regkey_.regkey, sizeof(msg.w.regkey_.regkey), wregkey.c_str());
 		BSONE_DEBUG(_T("regkey(%s)\n"), regkey);
 	}
 	else
@@ -1121,11 +1127,15 @@ BOOL CInterface::SetUsbPortException(DWORD state, DWORD vid, DWORD pid, DWORD bc
 
 	msg.id_ = (ULONGLONG)SET_USB_PORT_EXCEPT;
 	msg.state_ = state;
-	msg.w.usb_except_.device_type = BDC_USB;	
-	msg.w.usb_port_except_.vendorid = vid;
-	msg.w.usb_port_except_.productid = pid;
-	msg.w.usb_port_except_.bcddevice = bcddevice;
-	StringCbCopyW(msg.w.usb_port_except_.serial, sizeof(msg.w.usb_port_except_.serial), serial);
+
+	if (msg.state_ != STATE_CLEAR)
+	{
+		msg.w.usb_except_.device_type = BDC_USB;
+		msg.w.usb_port_except_.vendorid = vid;
+		msg.w.usb_port_except_.productid = pid;
+		msg.w.usb_port_except_.bcddevice = bcddevice;
+		StringCbCopyW(msg.w.usb_port_except_.serial, sizeof(msg.w.usb_port_except_.serial), serial);
+	}
 
 	BSONE_DEBUG(L"vid(%x), pid(%x), (%s)\n", vid, pid, serial);
 

Tocsg.Module/Bs1Flt/tool/bs1fltctrl_helper.cpp

@@ -27,7 +27,7 @@ DWORD Bs1fltControl::Init(LPCTSTR path, fpCallBack logcb)
 		return 1;
 	}
 
-	PVOID fuc[35] = { NULL, };
+	PVOID fuc[37] = { NULL, };
 
 	fuc[0] = Bs1FltCleanup = (fpCleanup)GetProcAddress(h_, (LPCSTR)MAKELONG(1, 0));
 	fuc[1] = Bs1FltInit = (fpInit)GetProcAddress(h_, (LPCSTR)MAKELONG(2, 0));
@@ -70,6 +70,8 @@ DWORD Bs1fltControl::Init(LPCTSTR path, fpCallBack logcb)
 	fuc[32] = Bs1fltProcessCreate = (fpBs1fltProcessCreate)GetProcAddress(h_, (LPCSTR)MAKELONG(33, 0));
 	fuc[33] = Bs1fltSetProcessCreateBlockRule = (fpBs1fltSetProcessCreateBlockRule)GetProcAddress(h_, (LPCSTR)MAKELONG(34, 0));
 	fuc[34] = Bs1fltClearProcessCreateBlockRule = (fpBs1fltClearProcessCreateBlockRule)GetProcAddress(h_, (LPCSTR)MAKELONG(35, 0));
+	fuc[35] = Bs1fltClearUsbPortException = (fpBs1fltClearUsbPortException)GetProcAddress(h_, (LPCSTR)MAKELONG(36, 0));
+	fuc[36] = Bs1fltOpen = (fpBs1fltOpen)GetProcAddress(h_, (LPCSTR)MAKELONG(37, 0));
 
 	for (DWORD i = 0; i < ARRAYSIZE(fuc); ++i)
 	{
@@ -82,8 +84,6 @@ DWORD Bs1fltControl::Init(LPCTSTR path, fpCallBack logcb)
 	//GetSystemDirectoryW(syspath, ARRAYSIZE(syspath));
 	//StringCbCatW(syspath, sizeof(syspath), L"\\Drivers");
 
-	state = Bs1FltInit(path, logcb, NULL);
-	state = Bs1FltSetPid(PG_PID_ALLOW, GetCurrentProcessId());
 	
 	return state;
 }

Tocsg.Module/Bs1Flt/tool/bs1fltctrl_helper.h

@@ -48,7 +48,8 @@ typedef DWORD(WINAPI* fpBs1fltSetLogType)(DWORD type);
 typedef DWORD(WINAPI* fpBs1fltProcessCreate)(DWORD enable);
 typedef DWORD(WINAPI* fpBs1fltSetProcessCreateBlockRule)(LPCWSTR name, LPCWSTR cmd);
 typedef DWORD(WINAPI* fpBs1fltClearProcessCreateBlockRule)();
-
+typedef DWORD(WINAPI* fpBs1fltClearUsbPortException)();
+typedef DWORD(WINAPI* fpBs1fltOpen)();
 class Bs1fltControl {
 
 public:
@@ -99,5 +100,7 @@ public:
     fpBs1fltSetProcessCreateBlockRule Bs1fltSetProcessCreateBlockRule;
     fpBs1fltClearProcessCreateBlockRule Bs1fltClearProcessCreateBlockRule;
 
+    fpBs1fltClearUsbPortException Bs1fltClearUsbPortException;
+    fpBs1fltOpen Bs1fltOpen;
     HMODULE h_;
 };

Tocsg.Module/Bs1Flt/tool/pch.h

@@ -16,6 +16,8 @@
 #include "CDialogUsbException.h"
 #include "CDialogProtectProcess.h"
 #include "CDlgProcessCreateRule.h"
+#include "CFolderProtectDlg.h"
+#include "CDialogRegProtect.h"
 #include "toolDlg.h"
 extern Bs1fltControl bs1flt_;
 #endif //PCH_H

Tocsg.Module/Bs1Flt/tool/resource.h

@@ -11,6 +11,7 @@
 #define IDD_DIALOG_REG_PROTECT          132
 #define IDD_DIALOG_USB_EXCEPTION        134
 #define IDD_DIALOG_PROCESS_CREATE_BLOCK 136
+#define IDD_DIALOG_FOLDER_SETTING       138
 #define IDC_BUTTON_START                1000
 #define IDC_BUTTON_STOP                 1001
 #define IDC_RADIO_USB_REMOVAL_DISABLE   1002
@@ -79,10 +80,13 @@
 #define IDC_BUTTON_DEVICE_PROTECT       1044
 #define IDC_EDIT_VID2                   1044
 #define IDC_BUTTON_PROCESS_CREATE_BLOCK_ADD 1044
+#define IDC_BUTTON_FOLDER_PROTECT_PATH_ADD 1044
 #define IDC_STATIC_USB_EXCEPTION_COMMENT 1045
 #define IDC_RADIO_MTPPORT_LOG_ENABLE    1045
+#define IDC_BUTTON_FOLDER_PROTECT_FILENAME_ADD 1045
 #define IDC_BUTTON2                     1046
 #define IDC_STATIC_USB_EXCEPTION_COMMENT2 1046
+#define IDC_BUTTON_FOLDER_PROTECT_PROCESSNAME_ADD 1046
 #define IDC_EDIT_DEBUG                  1047
 #define IDC_BUTTON_SET_USB_EXCEPTION2   1047
 #define IDC_BUTTON_SET_USB_HOOK         1048
@@ -102,14 +106,22 @@
 #define IDC_BUTTON_PROCESS_CREATE_BLOCK_CLEAR 1062
 #define IDC_EDIT_PROCESS_CREATE_BLOCK_PARAMETER 1063
 #define IDC_BUTTON_PROCESS_CREATE_BLOCK_START 1064
+#define IDC_BUTTON_INIT                 1065
+#define IDC_BUTTON_OPEN                 1066
+#define IDC_BUTTON_FOLDER_SETTING       1067
+#define IDC_BUTTON_FOLDER_SETTING2      1068
+#define IDC_BUTTON_REGDIT_SETTING       1068
+#define IDC_EDIT_FOLDER_PROTECT_PATH    1069
+#define IDC_EDIT_FOLDER_PROTECT_FILENAME 1070
+#define IDC_EDIT_FOLDER_PROTECT_PROCESSNAME 1071
 
 // Next default values for new objects
 // 
 #ifdef APSTUDIO_INVOKED
 #ifndef APSTUDIO_READONLY_SYMBOLS
-#define _APS_NEXT_RESOURCE_VALUE        138
+#define _APS_NEXT_RESOURCE_VALUE        140
 #define _APS_NEXT_COMMAND_VALUE         32771
-#define _APS_NEXT_CONTROL_VALUE         1065
+#define _APS_NEXT_CONTROL_VALUE         1072
 #define _APS_NEXT_SYMED_VALUE           101
 #endif
 #endif

Tocsg.Module/Bs1Flt/tool/tool.vcxproj

@@ -204,6 +204,7 @@
     <ClInclude Include="CDialogRegProtect.h" />
     <ClInclude Include="CDialogUsbException.h" />
     <ClInclude Include="CDlgProcessCreateRule.h" />
+    <ClInclude Include="CFolderProtectDlg.h" />
     <ClInclude Include="framework.h" />
     <ClInclude Include="pch.h" />
     <ClInclude Include="Resource.h" />
@@ -217,6 +218,7 @@
     <ClCompile Include="CDialogRegProtect.cpp" />
     <ClCompile Include="CDialogUsbException.cpp" />
     <ClCompile Include="CDlgProcessCreateRule.cpp" />
+    <ClCompile Include="CFolderProtectDlg.cpp" />
     <ClCompile Include="pch.cpp">
       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>

Tocsg.Module/Bs1Flt/tool/tool.vcxproj.filters

@@ -51,6 +51,9 @@
     <ClInclude Include="CDlgProcessCreateRule.h">
       <Filter>헤더 파일</Filter>
     </ClInclude>
+    <ClInclude Include="CFolderProtectDlg.h">
+      <Filter>헤더 파일</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <ClCompile Include="tool.cpp">
@@ -77,6 +80,9 @@
     <ClCompile Include="CDlgProcessCreateRule.cpp">
       <Filter>소스 파일</Filter>
     </ClCompile>
+    <ClCompile Include="CFolderProtectDlg.cpp">
+      <Filter>소스 파일</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ResourceCompile Include="tool.rc">

Tocsg.Module/Bs1Flt/tool/toolDlg.cpp

@@ -83,6 +83,10 @@ BEGIN_MESSAGE_MAP(CtoolDlg, CDialogEx)
 	ON_BN_CLICKED(IDC_BUTTON_SET_BLUETOOTH_HOOK, &CtoolDlg::OnBnClickedButtonSetBluetoothHook)
 	ON_BN_CLICKED(IDC_BUTTON_SET_MTP_HOOK, &CtoolDlg::OnBnClickedButtonSetMtpHook)
 	ON_BN_CLICKED(IDC_BUTTON3, &CtoolDlg::OnBnClickedButton3)
+	ON_BN_CLICKED(IDC_BUTTON_INIT, &CtoolDlg::OnBnClickedButtonInit)
+	ON_BN_CLICKED(IDC_BUTTON_OPEN, &CtoolDlg::OnBnClickedButtonOpen)
+	ON_BN_CLICKED(IDC_BUTTON_FOLDER_SETTING, &CtoolDlg::OnBnClickedButtonFolderSetting)
+	ON_BN_CLICKED(IDC_BUTTON_REGDIT_SETTING, &CtoolDlg::OnBnClickedButtonRegditSetting)
 END_MESSAGE_MAP()
 
 
@@ -207,29 +211,21 @@ BOOL CtoolDlg::OnInitDialog()
 
 	WCHAR dllpath[MAX_PATH] = { 0, };
 	WCHAR buffer[MAX_PATH] = { 0, };
-	wstring s_wcurrent_path_;
 	DWORD state = 0;
 
 	GetModuleFileNameW(NULL, dllpath, ARRAYSIZE(dllpath));
 	WCHAR* ptr = wcsrchr(dllpath, L'\\');
 	if (!ptr)
-		return 0;
+		return TRUE;
+
 	*ptr = '\0';
 	s_wcurrent_path_ = dllpath;
 
 	state = bs1flt_.Init(s_wcurrent_path_.c_str(), Report);
-
-	CString debug;
-	debug.Format(L"CDS Filter Driver Init State %s : %d", s_wcurrent_path_.c_str(), state);
-	listLog_.AddString(debug);
-
-	if (state)
-		return 0;
-
-	bs1flt_.Bs1FltSetPath(PG_PATH_BLACK, s_wcurrent_path_.c_str());
-	//bs1flt_.Bs1FltFolderProtectControl(TRUE);
-	//SetProtectedFilePath(dir);
-	bs1flt_.Bs1FltBegin(TRUE);
+	if(state != ERROR_SUCCESS)
+	{
+		MessageBoxW(L"Bs1fltControl 초기화 실패", L"Error", MB_ICONERROR);
+	}
 
 	return TRUE;  // 포커스를 컨트롤에 설정하지 않으면 TRUE를 반환합니다.
 }
@@ -753,3 +749,72 @@ void CtoolDlg::OnBnClickedButton3()
 
 	dlg.DoModal();
 }
+
+void CtoolDlg::OnBnClickedButtonInit()
+{
+	// TODO: 여기에 컨트롤 알림 처리기 코드를 추가합니다.
+	DWORD state;
+
+	state = bs1flt_.Bs1FltInit(s_wcurrent_path_.c_str(), Report, NULL);
+	if (state)
+	{
+		MessageBoxW(L"Bs1fltControl 초기화 실패", L"Error", MB_ICONERROR);
+		return;
+	}
+
+	CString debug;
+	debug.Format(L"CDS Filter Driver Init State %s : %d", s_wcurrent_path_.c_str(), state);
+	listLog_.AddString(debug);
+
+	state = bs1flt_.Bs1FltSetPid(PG_PID_ALLOW, GetCurrentProcessId());
+	if (state)
+	{
+		MessageBoxW(L"Bs1FltSetPid 실패", L"Error", MB_ICONERROR);
+		return;
+	}
+
+	bs1flt_.Bs1FltSetPath(PG_PATH_BLACK, s_wcurrent_path_.c_str());
+	if (state)
+	{
+		MessageBoxW(L"Bs1FltSetPath 실패", L"Error", MB_ICONERROR);
+		return;
+	}
+	//bs1flt_.Bs1FltFolderProtectControl(TRUE);
+	//SetProtectedFilePath(dir);
+	bs1flt_.Bs1FltBegin(TRUE);
+	if (state)
+	{
+		MessageBoxW(L"Bs1FltBegin 실패", L"Error", MB_ICONERROR);
+		return;
+	}
+}
+
+void CtoolDlg::OnBnClickedButtonOpen()
+{
+	// TODO: 여기에 컨트롤 알림 처리기 코드를 추가합니다.
+	DWORD state = bs1flt_.Bs1fltOpen();
+	if (state != ERROR_SUCCESS)
+	{
+		CString debug;
+		debug.Format(L"Bs1fltControl 열기 실패 : %d,  %p", state, bs1flt_.Bs1fltOpen);
+		MessageBoxW(debug.GetBuffer(0), L"Error", MB_ICONERROR);
+		return;
+	}
+	
+	MessageBoxW(L"Bs1fltControl 열기 성공", L"Success", MB_ICONINFORMATION);
+}
+
+void CtoolDlg::OnBnClickedButtonFolderSetting()
+{
+	// TODO: 여기에 컨트롤 알림 처리기 코드를 추가합니다.
+	CFolderProtectDlg dlg;
+
+	dlg.DoModal();
+}
+
+void CtoolDlg::OnBnClickedButtonRegditSetting()
+{
+	// TODO: 여기에 컨트롤 알림 처리기 코드를 추가합니다.
+	CDialogRegProtect dlg;
+	dlg.DoModal();
+}

Tocsg.Module/Bs1Flt/tool/toolDlg.h

@@ -35,6 +35,7 @@ protected:
 	DECLARE_MESSAGE_MAP()
 public:
 	BOOL device_protect_;
+	wstring s_wcurrent_path_;
 	afx_msg void OnBnClickedButtonStart();
 
 	afx_msg void OnBnClickedButtonStop();
@@ -50,4 +51,8 @@ public:
 	afx_msg void OnBnClickedButtonSetBluetoothHook();
 	afx_msg void OnBnClickedButtonSetMtpHook();
 	afx_msg void OnBnClickedButton3();
+	afx_msg void OnBnClickedButtonInit();
+	afx_msg void OnBnClickedButtonOpen();
+	afx_msg void OnBnClickedButtonFolderSetting();
+	afx_msg void OnBnClickedButtonRegditSetting();
 };

Tocsg.Module/Bs1Flt/tool/x64/Release/tool.log

@@ -1,7 +1,22 @@
 C:\Program Files\Microsoft Visual Studio\2022\Professional\MSBuild\Microsoft\VC\v170\Microsoft.CppBuild.targets(524,5): warning MSB8004: Output 디렉터리가 슬래시로 끝나지 않습니다. Output 디렉터리의 적절한 평가를 허용하는 데 필요하므로 이 빌드 인스턴스에서 슬래시를 추가합니다.
+  pch.cpp
+  CDialogProtectProcess.cpp
+  CDialogRegProtect.cpp
+  CDialogUsbException.cpp
+C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\tool\CDialogUsbException.cpp(80,3): warning C4129: 'D': 인식할 수 없는 문자 이스케이프 시퀀스입니다.
+  (소스 파일 '/CDialogUsbException.cpp'을(를) 컴파일하는 중)
+  
+C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\tool\CDialogUsbException.cpp(80,3): warning C4129: '8': 인식할 수 없는 문자 이스케이프 시퀀스입니다.
+  (소스 파일 '/CDialogUsbException.cpp'을(를) 컴파일하는 중)
+  
+  CDlgProcessCreateRule.cpp
+  CFolderProtectDlg.cpp
+  bs1fltctrl_helper.cpp
+  tool.cpp
+  toolDlg.cpp
   코드를 생성하고 있습니다.
-  0 of 437 functions ( 0.0%) were compiled, the rest were copied from previous compilation.
-    0 functions were new in current compilation
-    0 functions had inline decision re-evaluated but remain unchanged
+  5 of 454 functions ( 1.1%) were compiled, the rest were copied from previous compilation.
+    2 functions were new in current compilation
+    1 functions had inline decision re-evaluated but remain unchanged
   코드를 생성했습니다.
   tool.vcxproj -> C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\bin\bs1fltputool.exe

Tocsg.Module/Bs1Flt/tool/x64/Release/tool.tlog/Cl.items.tlog

@@ -3,6 +3,7 @@ C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\tool\CDialogProtectProcess.cpp;C:
 C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\tool\CDialogRegProtect.cpp;C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\tool\x64\Release\CDialogRegProtect.obj
 C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\tool\CDialogUsbException.cpp;C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\tool\x64\Release\CDialogUsbException.obj
 C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\tool\CDlgProcessCreateRule.cpp;C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\tool\x64\Release\CDlgProcessCreateRule.obj
+C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\tool\CFolderProtectDlg.cpp;C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\tool\x64\Release\CFolderProtectDlg.obj
 C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\tool\pch.cpp;C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\tool\x64\Release\pch.obj
 C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\tool\tool.cpp;C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\tool\x64\Release\tool.obj
 C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\tool\toolDlg.cpp;C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\tool\x64\Release\toolDlg.obj

Tocsg.Module/Bs1Flt/tool/x64/Release/tool.tlog/link.secondary.1.tlog

@@ -1,3 +1,3 @@
-^C:\MGKIM\8.BSONE\BSONE.SFC\TOCSG.MODULE\BS1FLT\TOOL\X64\RELEASE\BS1FLTCTRL_HELPER.OBJ|C:\MGKIM\8.BSONE\BSONE.SFC\TOCSG.MODULE\BS1FLT\TOOL\X64\RELEASE\CDIALOGPROTECTPROCESS.OBJ|C:\MGKIM\8.BSONE\BSONE.SFC\TOCSG.MODULE\BS1FLT\TOOL\X64\RELEASE\CDIALOGREGPROTECT.OBJ|C:\MGKIM\8.BSONE\BSONE.SFC\TOCSG.MODULE\BS1FLT\TOOL\X64\RELEASE\CDIALOGUSBEXCEPTION.OBJ|C:\MGKIM\8.BSONE\BSONE.SFC\TOCSG.MODULE\BS1FLT\TOOL\X64\RELEASE\CDLGPROCESSCREATERULE.OBJ|C:\MGKIM\8.BSONE\BSONE.SFC\TOCSG.MODULE\BS1FLT\TOOL\X64\RELEASE\PCH.OBJ|C:\MGKIM\8.BSONE\BSONE.SFC\TOCSG.MODULE\BS1FLT\TOOL\X64\RELEASE\TOOL.OBJ|C:\MGKIM\8.BSONE\BSONE.SFC\TOCSG.MODULE\BS1FLT\TOOL\X64\RELEASE\TOOL.RES|C:\MGKIM\8.BSONE\BSONE.SFC\TOCSG.MODULE\BS1FLT\TOOL\X64\RELEASE\TOOLDLG.OBJ
+^C:\MGKIM\8.BSONE\BSONE.SFC\TOCSG.MODULE\BS1FLT\TOOL\X64\RELEASE\BS1FLTCTRL_HELPER.OBJ|C:\MGKIM\8.BSONE\BSONE.SFC\TOCSG.MODULE\BS1FLT\TOOL\X64\RELEASE\CDIALOGPROTECTPROCESS.OBJ|C:\MGKIM\8.BSONE\BSONE.SFC\TOCSG.MODULE\BS1FLT\TOOL\X64\RELEASE\CDIALOGREGPROTECT.OBJ|C:\MGKIM\8.BSONE\BSONE.SFC\TOCSG.MODULE\BS1FLT\TOOL\X64\RELEASE\CDIALOGUSBEXCEPTION.OBJ|C:\MGKIM\8.BSONE\BSONE.SFC\TOCSG.MODULE\BS1FLT\TOOL\X64\RELEASE\CDLGPROCESSCREATERULE.OBJ|C:\MGKIM\8.BSONE\BSONE.SFC\TOCSG.MODULE\BS1FLT\TOOL\X64\RELEASE\CFOLDERPROTECTDLG.OBJ|C:\MGKIM\8.BSONE\BSONE.SFC\TOCSG.MODULE\BS1FLT\TOOL\X64\RELEASE\PCH.OBJ|C:\MGKIM\8.BSONE\BSONE.SFC\TOCSG.MODULE\BS1FLT\TOOL\X64\RELEASE\TOOL.OBJ|C:\MGKIM\8.BSONE\BSONE.SFC\TOCSG.MODULE\BS1FLT\TOOL\X64\RELEASE\TOOL.RES|C:\MGKIM\8.BSONE\BSONE.SFC\TOCSG.MODULE\BS1FLT\TOOL\X64\RELEASE\TOOLDLG.OBJ
 C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\tool\x64\Release\bs1fltputool.IPDB
 C:\mgkim\8.bsone\BSOne.SFC\Tocsg.Module\Bs1Flt\tool\x64\Release\bs1fltputool.iobj

eCrmHE/EXE_eCrmHomeEdition/DeCrmHeMain.pas

@@ -6837,11 +6837,29 @@ begin
   miPrintSavingBlock.Checked := MgSvc_.PrintSavingBlock;
 end;
 
+var miProcessTerminatePrevateState: Boolean = False;
 procedure TDlgeCrmHeMain.miProcessTerminatePrevateClick(Sender: TObject);
 begin
   TTgTrace.T('miProcessTerminatePrevateClick!!');
   if gBs1FltControl <> nil then
-    gBs1FltControl.ProcessProtect(0);
+  begin
+    if not miProcessTerminatePrevateState then
+    begin
+      gBs1FltControl.ProcessProtect(0);
+      gBs1FltControl.FolderProtectControl(0);
+      gBs1FltControl.SetRegProtect(0);
+      miProcessTerminatePrevate.Caption:= '프로세스 종료 방지 시작';
+      miProcessTerminatePrevateState:= True;
+    end
+    else
+    begin
+      gBs1FltControl.ProcessProtect(1);
+      gBs1FltControl.FolderProtectControl(1);
+      gBs1FltControl.SetRegProtect(1);
+      miProcessTerminatePrevate.Caption:= '프로세스 종료 방지 해제';
+      miProcessTerminatePrevateState:= False;
+    end;
+  end;
 
 end;
 

eCrmHE/EXE_eCrmHomeEdition/Manager/ManagerService.pas

@@ -1390,20 +1390,66 @@ begin
 
   if UseFltCtrl then
   begin
-    if FltCtrl_.InitDriver(GetRunExePathDir, FltCtrlCallback) = 0 then
+    var state : DWORD;
+    state := FltCtrl_.InitDriver(GetRunExePathDir, FltCtrlCallback);
+    if state = 0 then
     begin
+      var PPid: DWORD;
+      var parentDir: string;
+      var programdataDir: string;
+
       _Trace('장치 접근 제어 준비 .. OK', 1);
       FltCtrl_.BeginControl(1);
+      //폴더 보호 적용
+      PPid:= GetProcessPPidByPid(GetCurrentProcessId());
+      parentDir:= ExtractFileDir(ExcludeTrailingPathDelimiter(GetRunExePathDir));
+      programdataDir := parentDir[1] + ':\ProgramData\Tocsg';
+
+      _Trace('장치 접근 제어 준비 .. 폴더 보호 시작 : %s, PPid : %d',[parentDir, PPid], 1);
+      FltCtrl_.SetPid(PG_PID_ALLOW, PPid);
+
+      FltCtrl_.SetPath(PG_PATH_BLACK, Pchar(programdataDir));
+      FltCtrl_.SetPath(PG_PATH_BLACK, Pchar(parentDir));
+      FltCtrl_.SetProcessPath(PG_PID_ALLOW, Pchar('eCrmHeHelper.exe'));
+      FltCtrl_.SetProcessPath(PG_PID_ALLOW, Pchar('KvCttSch.exe'));
+      FltCtrl_.SetProcessPath(PG_PID_ALLOW, Pchar('KvCttSchW.exe'));
+      FltCtrl_.SetProcessPath(PG_PID_ALLOW, Pchar('BSWmcr.exe'));
+      FltCtrl_.SetProcessPath(PG_PID_ALLOW, Pchar('BSOne-AIP-Decrypt14.exe'));
+      FltCtrl_.SetProcessPath(PG_PID_ALLOW, Pchar('BSOne-AIP-Decrypt.exe'));
+      FltCtrl_.SetProcessPath(PG_PID_ALLOW, Pchar('Bs1tri.exe'));
+      FltCtrl_.SetProcessPath(PG_PID_ALLOW, Pchar('eCrmInterCaller.exe'));
+      FltCtrl_.SetProcessPath(PG_PID_ALLOW, Pchar('filter.exe'));
+      FltCtrl_.SetProcessPath(PG_PID_ALLOW, Pchar('kvoop.exe'));
+      FltCtrl_.SetProcessPath(PG_PID_ALLOW, Pchar('tstxtract.exe'));
+      FltCtrl_.SetProcessPath(PG_PID_ALLOW, Pchar('FilterTestDotNet.exe'));
+
+      FltCtrl_.SetFileName(PG_FILE_ALLOW, Pchar('Bs1ovi.dll'));
+      FltCtrl_.SetFileName(PG_FILE_ALLOW, Pchar('Bs1ovm.dll'));
+      FltCtrl_.SetFileName(PG_FILE_ALLOW, Pchar('eCrmHeHelper.dll'));
+      FltCtrl_.SetFileName(PG_FILE_ALLOW, Pchar('eCrmHeHelper32.dll'));
+      FltCtrl_.SetFileName(PG_FILE_ALLOW, Pchar('Bs1shl.dll'));
+      FltCtrl_.SetFileName(PG_FILE_ALLOW, Pchar('Bs1ovi.dll'));
+      FltCtrl_.SetFileName(PG_FILE_ALLOW, Pchar('libeay32.dll'));
+      FltCtrl_.SetFileName(PG_FILE_ALLOW, Pchar('ssleay32.dll'));
+      FltCtrl_.SetFileName(PG_FILE_ALLOW, Pchar('bsonex64.sys'));
+
+      _Trace('장치 접근 제어 준비 .. 폴더 보호 끝', 1);
+      FltCtrl_.FolderProtectControl(1);
+
+      //장치 차단
       FltCtrl_.SetDeviceProtect(1);
+      FltCtrl_.SetHook(DWORD(BDC_USB), 1);
+      FltCtrl_.SetHook(DWORD(BDC_BLUETOOTH), 1);
+      //프로세스 보호
       FltCtrl_.ProcessProtect(1);
       FltCtrl_.ProcessCreate(1);
       FltCtrl_.SetProcessProtectId(GetCurrentProcessId);
-      FltCtrl_.SetHook(DWORD(BDC_USB), 1);
-      FltCtrl_.SetHook(DWORD(BDC_BLUETOOTH), 1);
+      //레지스트리 보호
+      FltCtrl_.SetRegProtect(1);
       bFltCtrlInit_ := true;
 
     end else
-      _Trace('장치 접근 제어 준비 .. Fail', 1);
+      _Trace('장치 접근 제어 준비 .. Fail : %d',[state],1);
   end;
 
   DeviceGuard_:= TDeviceGuardEngine.Create;
@@ -7289,7 +7335,7 @@ var
   i: Integer;
   DevInfo: TDevInfo;
 begin
-  _Trace('[MGKIM] UpdateIgrUsbSerial4FltCtr .. begin bFltCtrlInit(%d)(%d)',[DWORD(bFltCtrlInit_), FltCtrlPolicy]);
+//  _Trace('[MGKIM] UpdateIgrUsbSerial4FltCtr .. begin bFltCtrlInit(%d)(%d)',[DWORD(bFltCtrlInit_), FltCtrlPolicy]);
   if not bFltCtrlInit_ or (FltCtrlPolicy = 0) then
     exit;
 
@@ -7300,28 +7346,33 @@ begin
     SplitString(sData, '|', ExpList, false, true);
     Guard(InfoList, TStringList.Create);
 
-    _Trace('[MGKIM] UpdateIgrUsbSerial4FltCtr .. (%s), ExpList.Count(%d)',[sData, ExpList.Count]);
+//    _Trace('[MGKIM] UpdateIgrUsbSerial4FltCtr .. (%s), ExpList.Count(%d)',[sData, ExpList.Count]);
     for i := 0 to ExpList.Count - 1 do
     begin
       SplitString(ExpList[i], '&', InfoList);
-      _Trace('[MGKIM] UpdateIgrUsbSerial4FltCtr .. InfoList.Count(%d)',[InfoList.Count]);
+//      _Trace('[MGKIM] UpdateIgrUsbSerial4FltCtr .. InfoList.Count(%d)',[InfoList.Count]);
       if InfoList.Count = 3 then
       begin
         var vid: DWORD;
         var pid: DWORD;
 
-        _Trace('[MGKIM] UpdateIgrUsbSerial4FltCtr.. PID: %s, VID: %s, Serial: %s',[InfoList[0], InfoList[1],InfoList[2]]);
+//      _Trace('[MGKIM] UpdateIgrUsbSerial4FltCtr.. PID: %s, VID: %s, Serial: %s',[InfoList[0], InfoList[1],InfoList[2]]);
 
         vid:= StrToIntDef('$' + InfoList[0], 0);
         pid:= StrToIntDef('$' + InfoList[1], 0);
 
-        _Trace('[MGKIM] UpdateIgrUsbSerial4FltCtr.. PID: %x, VID: %x, Serial: %s',[vid, pid,InfoList[2]]);
+
 
         DeviceGuard_.AddUsbPortExcept(InfoList[0], InfoList[1],InfoList[2]);
-        FltCtrl_.SetUsbPortException(vid, pid, 0, PChar(InfoList[2]));
+        if (vid <> 0) and (pid <> 0) then
+        begin
+//          _Trace('[MGKIM] UpdateIgrUsbSerial4FltCtr.. Port PID: %x, VID: %x, Serial: %s',[vid, pid,InfoList[2]]);
+          FltCtrl_.SetUsbPortException(vid, pid, 0, PChar(InfoList[2]));
+        end;
+
         FltCtrl_.SetUsbException(PChar(InfoList[0]), PChar(InfoList[1]), 0, PChar(InfoList[2]));
 
-        _Trace('[MGKIM] UpdateIgrUsbSerial4FltCtr.. end');
+//        _Trace('[MGKIM] UpdateIgrUsbSerial4FltCtr.. end');
       end;
     end;
   except