The question says it all, I think. I vaguely remember there was an easy way to do this, but don't remember what it was.
Asked
Active
Viewed 2.2k times
2 Answers
24
It doesn't provide much, but here it is:
C:\Windows\system32>fltmc filters
Filter Name Num Instances Altitude Frame
------------------------------ ------------- ------------ -----
MpFilter 12 328000 0
luafv 1 135000 0
FileInfo 12 45000 0
C:\Windows\system32>fltmc volumes
Dos Name Volume Name FileSystem Status
------------------------------ --------------------------------------- ---------- --------
\Device\Mup Remote
C: \Device\HarddiskVolume2 NTFS
D: \Device\HarddiskVolume3 NTFS
\Device\HarddiskVolume1 NTFS
\Device\HarddiskVolumeShadowCopy12 NTFS
E: \Device\HarddiskVolume14 NTFS
\Device\HarddiskVolumeShadowCopy15 NTFS
\Device\HarddiskVolumeShadowCopy17 NTFS
\Device\HarddiskVolumeShadowCopy19 NTFS
\Device\HarddiskVolumeShadowCopy21 NTFS
\Device\HarddiskVolumeShadowCopy23 NTFS
F: \Device\CdRom11 CDFS
Greg Askew
- 34,339
- 3
- 52
- 81
1
Find the driver's Altitude by typing
fltmc instances -f <driver name>
and then look for it in Microsoft list of assigned Altitudes: https://docs.microsoft.com/en-us/windows-hardware/drivers/ifs/allocated-altitudes
Michael Haephrati
- 113
- 3