To ensure stable operation, it is critical that applications avoid recursive access to the system component associated with each class. Essentially, this means that event handlers must comply with the following restrictions, which vary by class:
- CBFilter and CBMonitor: Event handlers must not attempt to perform any operations that involve the file or directory for which the event was fired.
- Plus, all restrictions discussed in the Avoiding Deadlocks topic (which is specific to CBFilter and CBMonitor).
- There is one exception for CBFilter-based applications: During the AfterCreateFile and AfterOpenFile events, the CreateFileDirect method may be used to open the file that the event fired for. If the AllowFileAccessInBeforeOpen configuration setting is enabled, CreateFileDirect can also be used for the same purpose during the BeforeCreateFile and BeforeOpenFile events.
- CBProcess: Event handlers must not perform any operations that cause a process or thread to be created or terminated.
- CBRegistry: Event handlers must not perform any operations that cause registry access (either directly or indirectly). Please note that many system operations in Windows will perform registry access as part of their normal execution, and this side-effect is rarely documented (if ever).
Event handlers which violate any of the restrictions described above are likely to cause a system deadlock.