I have written small NtCreateFile intercepter (legacy driver). It will a filter with a list of denied files.
But I have a problem with paths to files.
The problem is in the next: windows has a several types for paths (DOS path, UNC, using symbolic links, etc). For example, I have seen these variants: