For example I allow IE to communicate over internet using TCP/UDP port 80 and 443 (for general browsing of the internet) At the same time for an undesirable item (let's say "undesirable.exe") I block access to the internet. However, "undesirable.exe" as a parent application will launch "IE" as a child application and will get out on the internet , even though my intention was to prevent this. For known "parent" / "child" applications I can create HIPS rules, but they can be in any