Is there a way to detect (and block) a folder creation?

[Elieder]

I'm new here... first some biography to make my intentions clear... in the last weeks I found autoit like a very powerful language to make my job easy (system cleaning, "no-formating" troubleshooting), so I decided it give a try, and convert all my batch files to au3 files. Scripts like stopping service from bloatware programs, unused or useless Windows services, resolve Windows/network errors with registry modifications, removing virus, pups and adware-like programs (a long list of other Windows problems here), etc.

In the virus and PUPs prevention, I started to create a folder on %ProgramFiles (x86)% (or just %ProgramFiles% on 32 bits machines), with write protection... so:

 

REM COPIED FROM MY BATCH SCRIPT!
md "%folder%"
icacls "%folder%" /deny *S-1-1-0:(OI)(CI)W

Prevents all adware with %folder% name from being installed on that folder. And works fine! BUT, there are some that has different names, like first character capitalized, or just a duplicated char, or "_01, _02" in the end of name.. just to avoid this way of protection commonly used by security programs (that searches files and folders by its "fixed" names). And, it's very incovenient to have thousand of folders in %ProgramFIles%, so, I had another idea. And we finally reach the first (and only kkk) question... Is there a way that I can create a program that can block a folder creation? Because if yes, I will try to create a "ProgramFiles Firewall" that with some regex and a database of adware names, block unwanted folder from being created... I'm already warned that maybe it's a kernel level task... (and sorry for my possible english errors, I'm just learning)

Edited June 1, 2014 by Elieder

[JLogan3o13]

Not only are you looking at a kernel level task, but malware in general is constantly evolving. You would have to constantly be updating your database with new definitions. What you're talking about writing is anti-malware software.

I'm not sure AutoIt (much as I love it) is the language you should even attempt this in, and really not sure - with the questions you are asking already, if it is a project you should be undertaking. Sounds like you're in for a lot of headache and frustration.