In this module, students will deepen their understanding of file system mini-filters by focusing on advanced behavior, real-world usage patterns, and practical considerations relevant to EDR development and research. Students will learn how mini-filters observe and interact with file system operations at different stages, how filter ordering and altitude affect visibility and enforcement, and how common file system techniques are abused by attackers. The module emphasizes how EDR solutions leverage mini-filters to detect malicious activity, handle complex file access scenarios, and balance visibility with performance and stability in production environments.