Antivirus Installable File System Filter Test
This automated test verifies that the behavior in the file system stack is consistent with the typical behavior of a file system and the presence of an antivirus filter. For more information about file system behavior, see File System Behavior in the Microsoft Windows Environment.
For documentation about the test variations, see IFS Test in the MSDNĀ® Library.
Test details
| Specifications |
|
| Platforms |
|
| Supported Releases |
|
| Expected run time (in minutes) | 30 |
| Category | Development |
| Timeout (in minutes) | 1800 |
| Requires reboot | false |
| Requires special configuration | false |
| Type | automatic |
Additional documentation
Tests in this feature area might have additional documentation, including prerequisites, setup, and troubleshooting information, that can be found in the following topic(s):
Running the test
For more information about requirements, see Windows HLK Prerequisites.
This test requires the following software and hardware:
The filter driver to be tested, along with any supporting application suite
Extra hard drive space for four simple 2,048-megabyte (MB) partitions and two simple 1,024-MB partitions
Before you run the test, you must add the following partitions to the Windows environment.
| Label | File system | Size | Expected drive letter |
|---|---|---|---|
NTFS |
NTFS |
2,048 MB |
g: |
CNTFS |
NTFS (compressed) |
2,048 MB |
i: |
FAT |
FAT16 |
1,024 MB |
k: |
FAT32 |
FAT32 |
1,024 MB |
l: |
ExFAT |
ExFAT |
2,048 MB |
m: |
UDF |
UDF |
2,048 MB |
n: |
REFS |
REFS |
10240mb |
o: |
The test when executed will run variations for each of the six partitions above.
All test cases return PASS or FAIL. Review the test results in the log file for specific details about failures.
Should there be a policy on the test system of locking out new accounts. The IFS test might return blocked" on the multiprocess variations if the local machine account 'ifstest' is locked out.
RunIFSTests-Virus.cmd contains references to environment variables that can be tweaked to allow for skipping of certain file systems.
Troubleshooting
For generic troubleshooting of HLK test failures, see Troubleshooting Windows HLK Test Failures.
For troubleshooting information, see Troubleshooting the Windows HLK Environment.
This test returns Pass or Fail. To review test details, review the test log from Windows Hardware Lab Kit (Windows HLK) Studio.
The test creates a temporary local computer account (Ifstest). It also expects to have additional partitioned volumes.
Use a tool such as Minispy to see which I/O request packets (IRPs) are traveling on the file system stack. Compare passing (default Windows installations) with installations, including any failing driver.
More information
| Command option | Description |
|---|---|
IfsTest.exe |
%DRIVE_ltr% /g Virus /n .\Ifstest-Local-NtfsResults.log /N 356789AB /T /p /m /E /j /r c: -d \Ntfs -a \datacoh.exe /u ifstest /U *rs53w52 |
-g <suitename> |
Do not run <suitename> |
/n <logname> |
Create a long of name <logname> |
/N |
Specify NTLOG levels. If not included, then the GUI dialog box appears. This is useful in a batch mode run of the test NTLOG Levels 1 ABORT 2 SEV1 3 SEV2 4 SEV3 5 WARN 6 PASS 7 BLOCK 8 INFO 9 SYSTEM INFO A DEBUG INFO B TEST |
/T |
Enable trace of tests being done |
/p |
Enable pagefile testing in CreatePagingFileTest. |
/m |
Enable dirty bit testing in MountedDirtyTest |
/E |
Enable AllowExtendedDASDTest |
/j |
Enable support for tests involving the change journal. |
/r <volumeletter> |
Path to second volume required in certain tests. |
-d <> |
System Path to FSD device object in FileSystemDeviceOpenTest. |
-a |
Provide path to executable |
/u |
Username for test account |
/U |
Password for test account |
/t <variation> |
Execute only one named variation |
File list
| File | Location |
|---|---|
ntlog.dll |
[WTT\TestBinRoot]\NTTest\CommonTest\Ntlog\ |
ntlogger.ini |
[WTT\TestBinRoot]\NTTest\CommonTest\Ntlog\ |
chg.exe |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
chgfile.exe |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
chgnotif.dll |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
cleanupfiles.cmd |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
closedel.dll |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
createkc.exe |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
datacoh.exe |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
decrypt.exe |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
defrag.dll |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
devctrl.dll |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
dirinfo.dll |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
dirpt.exe |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
eainfo.dll |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
encrypt.dll |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
encryptvirus.exe |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
enum.exe |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
esecurit.dll |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
estream.dll |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
fileinfo.dll |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
filelock.dll |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
forcedis.dll |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
fsctlgen.dll |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
fsctlvol.dll |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
IFSCFG.exe |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
ifsmsg.dll |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
ifstest-av.cmd |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
ifstest-av_wdk.cmd |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
ifstest.cmd |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
ifstest.exe |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
ifstestcleanup.cmd |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
ifstest_storagelogo.cmd |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
ifstest_wdk.cmd |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
ishell.exe |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
linkpt.exe |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
linktrak.dll |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
mfile.exe |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
mountpt.dll |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
objectid.dll |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
opcreatg.dll |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
opcreatp.dll |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
oplocks.dll |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
quotas.dll |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
readwr.dll |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
reparspt.dll |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
ResetAutoLogon.vbs |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
restoresystem.cmd |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
seccache.dll |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
securit.dll |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
setupsystem.cmd |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
skel.dll |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
sparse.dll |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
virus.dll |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
volinfo.dll |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
writevirus.exe |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
xchg.exe |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
guidefile.dat |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
virusfile1.evf |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\virusfiles\ |
virusfile2.evf |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\virusfiles\ |
virusfile3.evf |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\virusfiles\ |
virusfile4.evf |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\virusfiles\ |
createwttlog.vbs |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\virusfiles\ |
chgjourn.dll |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\IFS_TEST_KIT\ |
fbslog.dll |
[WTT\TestBinRoot]\NTTest\basetest\core_file_services\shared_libs\fbslog\ |
RunIFSTests-Virus.cmd |
[WTT\TestBinRoot]\NTTest\basetest\Core_File_Services\FilterManager\TestSuite\Scripts\FileSystems\ |
WrapIFSTests-Virus.cmd |
[WTT\TestBinRoot]\NTTest\BASETEST\Core_File_Services\FilterManager\TestSuite\Scripts\FileSystems\ |
attachfilter.cmd |
[WTT\TestBinRoot]\NTTest\BASETEST\Core_File_Services\FilterManager\TestSuite\Scripts\FileSystems\ |
Parameters
| Parameter name | Parameter description |
|---|---|
| NTFS_DRIVE_LETTER | The drive letter for the NTFS volume that the IFS Test Kit will run on. |
| CNTFS_DRIVE_LETTER | The drive letter for the compressed NTFS volume that the IFS Test Kit will run on. |
| FAT_DRIVE_LETTER | The drive letter for the FAT16 volume that the IFS Test Kit will run on. This volume must be greated than 1 Gb. and less than 2 Gb. |
| FAT32_DRIVE_LETTER | The drive letter for the FAT32 volume that the IFS Test Kit will run on. |
| WDKDeviceID | This will receive the filter name. |
| WDKLogo | This will receive the /Logo flag |
| LLU_LclAdminUser | LLU for execute |
| LLU_NetAccessOnly | LLU for copy |
| EXFAT_DRIVE_LETTER | The drive letter for the ExFat volume that the IFS Test Kit will run on. |
| UDF_DRIVE_LETTER | The drive letter for the UDF volume that the IFS Test Kit will run on. |
| REFS_DRIVE_LETTER | The drive letter for the ReFS volume that the test will run on. Enter NONE if not >= Win8 Server. |