Registry monitor and protector is a tool which was developed with Registry Filter Driver SDK. A registry filtering driver is any kernel-mode driver that filters registry calls, such as the driver component of an antivirus software package. The configuration manager, which implements the registry, allows registry filtering drivers to filter any thread's calls to registry functions. By registering a RegistryCallback routine in the registry filter driver, it can receive notifications of each registry operation before the configuration manager processes the operation. A set of REG_XXX_KEY_INFORMATION data structures contain information about each registry operation. The RegistryCallback routine can block a registry operation. The callback routine also receives notifications when the configuration manager has finished creating or opening a registry key.