Is there any integrity check to validate which process is using CBFS Filter?

By default, the CBFS Filter system drivers will accept any valid request from any process. For the CBFilter driver in version 2024, it is possible to specify the list of processes that may command the driver. This is done during the installation of the driver (please refer to the documentation for the Install() method of the CBFilter component). The corresponding functionality for CBProcess and CBRegistry drivers is planned for the next release.

When the driver receives a command, it checks only the path to its executable module. The driver does not include functionality for custom authenticity or integrity checks for that process - this beyond the capabilities of a kernel-mode driver. Windows does have private code that verifies signature and the integrity of the loaded drivers, but there is no way for the drivers to use these verification mechanisms.