I am using the Windows filtering platform. I want to create a traffic filter, a security manager that monitors packets and network events or blocks URLs ... I know that most WFP functions can be called from either user mode or kernel mode. I am wondering if my filter should be written using kernel mode functions or user modes? Are there any network activities that can only be captured using the kernel mode driver? Please help me in this regard.
Thanks in advance for any help on this.
source
share