... child process being launched by parent process.
While the firewall will correctly indicate the child process , however you do not know which process is behind as "parent".
This practically bypass the firewall making it useless.
Am I wrong?
For example I allow IE to communicate over internet using TCP/UDP port 80 and 443 (for general browsing of the internet)
At the same time for an undesirable item (let's say "undesirable.exe") I block access to the internet.
However, "undesirable.exe" as a parent application will launch "IE" as a child application and will get out on the internet , even though my intention was to prevent this.
For known "parent" / "child" applications I can create HIPS rules, but they can be in any