I have WFP driver where I am filtering network events, added filer using FwpmFilterAdd, but someone/an application may delete my filter using FwpmFilterDeleteByKey0. I want to get notification on my filter deletion. Can it be done?
I can see there is API for user mode tracking FwpmFilterSubscribeChanges0 but did not find for kernel mode
After too much msdn research, I found FWPS_CALLOUT0_ member NotifyFN helps us to get filter add/delete notifications.