The invention discloses a file access filtering method which belongs to the technical field of network safety. The file access filtering method comprises the following steps: S1)
processing an IRP (input / output request
package) request category and a request of withdrawing from drive, and mounting a corresponding dispatch function; S2)
processing calling of a user layer, and emitting a calling command to an
inner nuclear layer; S3) getting an
afferent Handle through a parameter when calling a Windows inner nuclear function in user-defined functions, and inquiring whether a path corresponding to the
Handle is a file folder path or not by calling the inner nuclear function of a
system, if the path is the file holder path and does not contain a magnetic disk drive, not performing contrast, if the path is a file path, comparing in a white
list; and S4) notifying an application program of the user layer of retrieving illegal access file information recorded in a BackList through a shared event created between the user layer and the
inner nuclear layer, and using the application program of the user layer to write the illegal access file information into a log file. By adopting the file access filtering method, a user can conveniently further adopt measures for protecting personal files.