I want to block internet traffic by process id.
Is there a specific filter that I can use?
FWPM_CONDITION_ALE_PACKAGE_ID looks close, but I don't want to block ALL instances of a program, just some of them.
I supposed another option is to intercept ALL traffic and somehow eat the packets that are coming from the Process I want to sandbox.
any guidance would be great.
thanks
Process ID is not a unique value. Its random value assigned to a created process by the system & may be reused. So filtering by id value may block/allow the wrong process if the process id is reused. You can filter by application path which would overcome the Id limitations & much more secure.