I'm trying to make an AppLocker-like service that should intercept creation of processes based on certain restrictions set by an administrator.
(For those who are wondering why I can't simply use Microsoft's AppLocker, the answer is that it is available only on the Server, Enterprise and Ultimate versions of Windows 7 and up.)
So I did some research and found the CreateProcessNotifyEx routine that can be called before each process is started/ended.
I don't have a big experience writing Windows Kernel drivers. And thus I'm curious if this is the correct approach to do what I described above? Or maybe there's just a user-mode WinAPI that I'm not aware of?