When user access a NAS using Windows Explorer, or use Winword.exe to open a file in NAS, from netstat, it always show the process ID of the connection between Windows and NAS is 4, which is SYSTEM.

So is there any API which we can know the original SMB request comes from Explorer or Winword?

We want to find out exact caller, and disable if the requestor is from a non-allowed process.

Btw, in SMBv1 protocol, there is a Process-Id, which can be used to know original requestor. But after SMBv2, this field is reserved.