IFilter
Location:
HKLM\SOFTWARE\Classes
Classification:
| Criteria | Value |
|---|---|
| Permissions | Admin |
| Security context | System |
| Persistence type | COM |
| Code type | DLL |
| Launch type | Automatic1 |
| Impact | Non-destructive |
| OS Version | All OS versions |
| Dependencies | OS only |
| Toolset | Scriptable |
Description:
Windows Search may be extended to index new, previously unknown file types. It is done through IFilter DLLs.
If someone registers such DLL, it will be called every time new file with the defined extension appears in the system.
References:
https://learn.microsoft.com/en-us/windows/win32/api/filter/nn-filter-ifilter
Credits:
See also:
Remarks:
-
The file must appear in the system, however some files such as .log, .etl. or .tmp appear automatically. ↩