问题描述:

I have a callout driver at FWPM_LAYER_ALE_FLOW_ESTABLISHED_V4 layer with the filter condition FWPM_CONDITION_ALE_APP_ID to filter traffic from a specific application.

However, with some applications, they also spawn some child processes and one of them may communicate with the Internet, so filtering the parent process will

give no output, with the filtering condition FWPM_CONDITION_ALE_APP_ID, WFP

filters the process created by this application only.

How can I filter the parent and all its child processes?

相关阅读:
Top