delete_passthrough_rule Method
Deletes a particular passthrough rule.
Syntax
def delete_passthrough_rule(mask: str, access_flags: int, control_flags: int, notify_flags: int) -> bool: ...
Remarks
This method deletes the specified AccessFlags, ControlFlags, and/or NotifyFlags from the passthrough rule identified by Mask. If the aforementioned parameters include all flags currently present in the rule, then the entire rule is deleted; otherwise, the specified flags are simply removed from the rule.
If the flags and/or rule are deleted successfully, this method returns True; otherwise, it returns False.
The Mask parameter must be the file mask of an existing rule. If a rule with the specified mask cannot be found, this method will fail.
The AccessFlags parameter specifies which access restrictions should be removed from the rule. The value passed for this parameter should be constructed by OR'ing together zero or more of the following flags:
ACCESS_NONE | 0x00 | No access restrictions. |
ACCESS_READ_ONLY | 0x01 | Read-only access; writing and deleting is prohibited. |
ACCESS_WRITE_ONLY | 0x02 | Write-only access; reading and deleting is prohibited. |
ACCESS_DELETE_PROTECT | 0x04 | Deletion and renaming is prohibited. |
ACCESS_EXECUTE_PROTECT | 0x08 | Execution is prohibited. |
ACCESS_NO_CHANGE_DAC | 0x10 | Change of security attributes is prohibited. |
ACCESS_NO_CHANGE_OWNER | 0x20 | Change of owner is prohibited. |
ACCESS_RENAME_PROTECT | 0x40 | Renaming is prohibited. |
ACCESS_DELETE_ONLY_PROTECT | 0x80 | Deletion is prohibited (renaming is not affected). |
ACCESS_REMOTE_ACCESS_PROTECT | 0x100 | Access from other systems is prohibited. |
ACCESS_DENY_ALL | 0x200 | All access is denied. |
ACCESS_ALL_FLAGS | -1 | Used to denote all currently set access restriction flags. |
The ControlFlags parameter specifies which Control Event flags should be removed from the rule. The value passed for this parameter should be constructed by OR'ing together zero or more of the following flags:
FS_CE_NONE | 0 | Don't fire for any filesystem operations.
Control Events will not fire for any filesystem operations. |
FS_CE_BEFORE_CREATE | 0x000000000001L | Fire before file creation operations.
The on_before_create_file event will fire anytime the OS attempts to create a file or directory. In some cases, can cause the on_before_open_file event to fire; refer to the File Create/Open Events topic for more information. |
FS_CE_AFTER_CREATE | 0x000000000002L | Fire after file creation operations.
The on_after_create_file event will fire after a file or directory creation request has been processed, before the response is returned. In some cases, can cause the on_after_open_file event to fire; refer to the File Create/Open Events topic for more information. |
FS_CE_BEFORE_OPEN | 0x000000000004L | Fire before file open operations.
The on_before_open_file event will fire anytime the OS attempts to open a file or directory. In some cases, can cause the on_before_create_file event to fire; refer to the File Create/Open Events topic for more information. |
FS_CE_AFTER_OPEN | 0x000000000008L | Fire after file open operations.
The on_after_open_file event will fire after a file or directory open request has been processed, before the response is returned. In some cases, can cause the on_after_create_file event to fire; refer to the File Create/Open Events topic for more information. |
FS_CE_BEFORE_READ | 0x000000000010L | Fire before read operations.
The on_before_read_file event will fire anytime the OS attempts to read data from a file. |
FS_CE_AFTER_READ | 0x000000000020L | Fire after read operations.
The on_after_read_file event will fire after a read request has been processed, before the response is returned. |
FS_CE_BEFORE_WRITE | 0x000000000040L | Fire before write operations.
The on_before_write_file event will fire anytime the OS attempts to write data to a file. |
FS_CE_AFTER_WRITE | 0x000000000080L | Fire after write operations.
The on_after_read_file event will fire after a write request has been processed, before the response is returned. |
FS_CE_BEFORE_LOCK_CONTROL | 0x000000000100L | Fire before lock and unlock operations.
The on_before_lock, on_before_unlock_all, on_before_unlock_all_by_key, and on_before_unlock_single events will fire, as applicable, before the OS attempts to lock or unlock a range of bytes in a file. |
FS_CE_AFTER_LOCK_CONTROL | 0x000000000200L | Fire before and after lock and unlock operations.
The on_after_lock, on_after_unlock_all, on_after_unlock_all_by_key, and on_after_unlock_single, events will fire, as applicable, after a lock or unlock request has been processed, before the response is returned. |
FS_CE_BEFORE_CLEANUP | 0x000000000400L | Fire before file handle cleanup operations.
The on_before_cleanup_file event will fire anytime a process closes a file or directory handle. |
FS_CE_AFTER_CLEANUP | 0x000000000800L | Fire after file handle cleanup operations.
The on_after_cleanup_file event will fire after a file handle cleanup request has been processed, before the response is returned. |
FS_CE_BEFORE_CLOSE | 0x000000001000L | Fire before file close operations.
The on_before_close_file event will fire anytime the OS closes a file or directory. Also, the on_after_close_enumeration event will fire anytime the OS closes a directory enumeration (which typically occurs immediately before the directory is closed). |
FS_CE_AFTER_CLOSE | 0x000000002000L | Fire after file close operations.
The on_after_close_file event will fire after a file/directory close request has been processed, before the response is returned. |
FS_CE_BEFORE_CAN_DELETE | 0x000000004000L | Fire before 'can be deleted' operations.
The on_before_can_file_be_deleted event will fire anytime the OS checks whether a file or directory can be deleted. |
FS_CE_AFTER_CAN_DELETE | 0x000000008000L | Fire after 'can be deleted' operations.
The on_after_can_file_be_deleted event will fire after a 'can be deleted' request has been processed, before the response is returned. |
FS_CE_BEFORE_DELETE | 0x000000010000L | Fire before delete operations
The on_before_delete_file event will fire anytime the OS attempts to delete a file or directory. |
FS_CE_AFTER_DELETE | 0x000000020000L | Fire after delete operations.
The on_after_delete_file event will fire after a delete request has been processed, before the response is returned. |
FS_CE_BEFORE_RENAME | 0x000000040000L | Fire before rename/move operations.
The on_before_rename_or_move_file event will fire anytime the OS attempts to rename or move a file or directory. |
FS_CE_AFTER_RENAME | 0x000000080000L | Fire after rename/move operations.
The on_after_rename_or_move_file event will fire after a rename or move request has been processed, before the response is returned. |
FS_CE_BEFORE_GET_SECURITY | 0x000000100000L | Fire before get security operations.
The on_before_get_file_security event will fire before the OS queries the security attributes of a file or directory. |
FS_CE_AFTER_GET_SECURITY | 0x000000200000L | Fire after get security operations.
The on_after_get_file_security events will fire after a get security operation has been processed, before the response is returned. |
FS_CE_AFTER_ENUMERATE_DIRECTORY | 0x000000800000L | Fire for directory enumeration operations.
The on_after_enumerate_directory event will fire after information about a directory entry has been retrieved during directory enumeration, before the response is returned. |
FS_CE_BEFORE_QUERY_FILE_INFO | 0x000001000000L | Fire before 'query file information' operations.
The on_before_query_file_info event will fire anytime the OS needs to retrieve information about a file or directory. |
FS_CE_AFTER_QUERY_FILE_INFO | 0x000002000000L | Fire after 'query file information' operations.
The on_after_query_file_info event will fire after a file or directory information query request has been processed, before the response is returned. |
FS_CE_AFTER_GET_SIZES | 0x000008000000L | Fire after get size operations.
The on_after_get_file_sizes event will fire after a file's size information is retrieved, before the response is returned. |
FS_CE_BEFORE_SET_SECURITY | 0x000010000000L | Fire before set security operations.
The on_before_set_file_security event will fire anytime the OS needs to change the security attributes of a file or directory. |
FS_CE_AFTER_SET_SECURITY | 0x000020000000L | Fire after set security operations.
The on_after_set_file_security event will fire after a security attributes change request has been processed, before the response is returned. |
FS_CE_BEFORE_SET_ATTRIBUTES | 0x000040000000L | Fire before file attribute update operations.
The on_before_set_file_attributes event will fire anytime the OS attempts to change the attributes of a file or directory. |
FS_CE_AFTER_SET_ATTRIBUTES | 0x000080000000L | Fire after file attribute update operations.
The on_after_set_file_attributes event will fire after a file attributes change request has been processed, before the response is returned. |
FS_CE_BEFORE_SET_SIZES | 0x000100000000L | Fire before file resize operations.
The on_before_set_file_size event will fire anytime the OS attempts to resize a file, and the on_before_set_allocation_size event will fire anytime the OS attempts to change a file's allocation size. |
FS_CE_AFTER_SET_SIZES | 0x000200000000L | Fire after file resize operations.
The on_after_set_file_size event will fire after a file resize request has been processed, and the on_after_set_allocation_size event will fire after a file allocation size change request has been processed, before the response is returned. |
FS_CE_BEFORE_CREATE_HARD_LINK | 0x000400000000L | Fire before hard link creation operations.
The on_before_create_hard_link event will fire anytime the OS attempts to create a hard link. |
FS_CE_AFTER_CREATE_HARD_LINK | 0x000800000000L | Fire after hard link creation operations.
The on_after_create_hard_link events will fire after a hard link creation request has been processed, before the response is returned. |
FS_CE_BEFORE_FSCTL | 0x001000000000L | Fire before FSCTL operations.
The on_before_fsctl event will fire anytime an IRP_MJ_FILE_SYSTEM_CONTROL request occurs. |
FS_CE_AFTER_FSCTL | 0x002000000000L | Fire after FSCTL operations.
The on_after_fsctl event will fire after an IRP_MJ_FILE_SYSTEM_CONTROL request has been processed, before the response is returned. |
FS_CE_BEFORE_IOCTL | 0x004000000000L | Fire before IOCTL operations.
The on_before_ioctl event will fire anytime an IRP_MJ_DEVICE_CONTROL request occurs. |
FS_CE_AFTER_IOCTL | 0x008000000000L | Fire after IOCTL operations.
The on_after_ioctl event will fire after an IRP_MJ_DEVICE_CONTROL request has been processed, before the response is returned. |
FS_CE_BEFORE_SET_FILE_INFO | 0x010000000000L | Fire before 'set file information' operations.
The on_before_set_file_info event will fire anytime the OS needs to change information about a file or directory. |
FS_CE_AFTER_SET_FILE_INFO | 0x020000000000L | Fire after 'set file information' operations.
The on_after_set_file_info event will fire after a file or directory information change request has been processed, before the response is returned. |
FS_CE_REPARSE_FILENAME | 0x100000000000L | Fire before various operations for the purpose of file redirection.
The on_reparse_file_name event will fire before any operation that includes a file or directory name, giving the application a chance to redirect it. This is event is typically used when an application requires more advanced redirection logic than Reparse Rules can provide; please refer to that topic for more information. |
FS_CE_REPARSE_TAG | 0x200000000000L | Fire for reparse operations.
The on_reparse_with_tag event will fire anytime a file/directory open operation returns a STATUS_REPARSE result, allowing the application to handle the reparse point. Please refer to Microsoft's Reparse Points article for more information. |
FS_CE_ALL | -1 | Fire for all filesystem operations.
Control Events will fire for all filesystem operations. |
The NotifyFlags parameter specifies which Notification Event flags should be removed from the rule. The value passed for this parameter should be constructed by OR'ing together zero or more of the following flags:
FS_NE_NONE | 0 | Don't fire for any filesystem operations.
Notification Events will not fire for any filesystem operations. |
FS_NE_CREATE | 0x00000001L | Fire for file creation operations.
The on_notify_create_file event will fire anytime the OS creates a file or directory. In some cases, can cause the on_notify_open_file event to fire; refer to the File Create/Open Events topic for more information. |
FS_NE_OPEN | 0x00000002L | Fire for file open operations.
The on_notify_open_file event will fire anytime the OS opens a file or directory. In some cases, can cause the on_notify_create_file event to fire; refer to the File Create/Open Events topic for more information. |
FS_NE_READ | 0x00000004L | Fire for read operations.
The on_notify_read_file event will fire anytime the OS reads data from a file. |
FS_NE_WRITE | 0x00000008L | Fire for write operations.
The on_notify_write_file event will fire anytime the OS write data to a file. |
FS_NE_LOCK_CONTROL | 0x00000010L | Fire for lock and unlock operations.
The on_notify_lock, on_notify_unlock_all, on_notify_unlock_all_by_key, and on_notify_unlock_single events will fire, as applicable, anytime the OS locks or unlocks a range of bytes in a file. |
FS_NE_CLEANUP | 0x00000020L | Fire for file handle cleanup operations.
The on_notify_cleanup_file event will fire anytime a process closes a file or directory handle. |
FS_NE_CLOSE | 0x00000040L | Fire for file close operations.
The on_notify_close_file event will fire anytime the OS closes a file or directory. |
FS_NE_CAN_DELETE | 0x00000080L | Fire for 'can be deleted' operations.
The on_notify_can_file_be_deleted event will fire anytime the OS checks whether a file or directory can be deleted. |
FS_NE_DELETE | 0x00000100L | Fire for delete operations.
The on_notify_delete_file event will fire anytime the OS deletes a file or directory. |
FS_NE_RENAME | 0x00000200L | Fire for rename/move operations.
The on_notify_rename_or_move_file event will fire anytime the OS renames or moves a file or directory. |
FS_NE_GET_SECURITY | 0x00000400L | Fire for get security operations.
The on_notify_get_file_security event will fire anytime the OS queries the security attributes of a file or directory. |
FS_NE_ENUMERATE_DIRECTORY | 0x00000800L | Fire for directory enumeration operations.
The on_notify_enumerate_directory event will fire anytime the OS retrieves a directory entry during directory enumeration. |
FS_NE_QUERY_FILE_INFO | 0x00001000L | Fire for QueryFileInformation operations.
The on_notify_query_file_info event will fire anytime the OS retrieves information about a file or directory. |
FS_NE_GET_SIZES | 0x00002000L | Fire for get size operations.
The on_notify_get_file_sizes event will fire anytime the OS retrieves a file's size information. |
FS_NE_SET_SECURITY | 0x00004000L | Fire for set security operations.
The on_notify_set_file_security event will fire anytime the OS changes the security attributes of a file or directory. |
FS_NE_SET_ATTRIBUTES | 0x00008000L | Fire for file attribute update operations.
The on_notify_set_file_attributes event will fire anytime the OS changes the attributes of a file or directory. |
FS_NE_SET_SIZES | 0x00010000L | Fire for file resize operations.
The on_notify_set_file_size event will fire anytime the OS resizes a file, and the on_notify_set_allocation_size event will fire anytime the OS changes a file's allocation size. |
FS_NE_CREATE_HARD_LINK | 0x00020000L | Fire for hard link creation operations.
The on_notify_create_hard_link event will fire anytime the OS creates a hard link. |
FS_NE_FSCTL | 0x00040000L | Fire for FSCTL operations.
The on_notify_fsctl event will fire anytime an IRP_MJ_FILE_SYSTEM_CONTROL operation occurs. |
FS_NE_IOCTL | 0x00080000L | Fire for IOCTL operations.
The on_notify_ioctl event will fire anytime an IRP_MJ_DEVICE_CONTROL operation occurs. |
FS_NE_SET_FILE_INFO | 0x00100000L | Fire for SetFileInformation operations.
The on_notify_set_file_info event will fire anytime the OS changed information about a file or directory. |
FS_NE_ALL | -1 | Fire for all filesystem operations.
Notification Events will fire for all filesystem operations. |
To delete all passthrough rules, use the delete_all_passthrough_rules method instead.
Note: The methods and properties related to rule management are not intended to be used from multiple threads at once. Applications that wish to use said methods and properties from multiple threads (such as, e.g., during the on_after_filter_attach_to_volume and on_after_filter_detach_from_volume events) are responsible for employing proper thread synchronization techniques to ensure that manipulation and enumeration of the rule lists occurs in a thread-safe manner.