Apply HIPS restrictions to children of a restricted process?

Asking because of some odd behavior I've seen with Outpost FW...

What HIPS software is known to apply restrictions specified for a program to processes spawned by that program?

Furthermore, what HIPS software is known not to apply such restrictions to child processes?

 

Is this what you mean?
Screenshot of Malware Defender alert..............


Or here............

 

Nope... I mean silently applying the same set of restrictions to child processes, unless another set of restrictions is specified and the child application is specifically disallowed from inheriting restrictions. Something like this:

- A, B, C, and D are applications.
- A has a ruleset that denies sound card access. B has no rules. C has rules denying keyboard access, plus whatever is denied by the parent process's rules; D has rules that deny keyboard access but supersede the parent process's rules.

So:

- If A launches B, B inherits A's rules.
A+NoSound -> B+NoSound

- If A launches C, C inherits A's rules and has its own applied.
A+NoSound -> C+NoSound+NoKeyboard

- If A launches D, A's rules are not inherited, and only D's are applied.
A+NoSound -> D+NoKeyboard

Umm, I hope this makes sense?

 

Most classical HIPS having a rule set on program level (Malware Defender, Comodo) apply the default rule when the launched program does not have his own rule, Most policy based HIPS apply the same restrictions to programs launched by a guarded program (DefenseWall, GeSWall), when this program is not in exclusion list.

Basic difference is that a clasical HIPS provides system wide protection while it guards all threat vectors and a policy based HIPS guards named threatgates programs (keeps them in a sandbox or policy container) while protecting against all threat vectors (including process creation and spawning other programs).

 

PrivateFirewall HIPS has this capabilty. You can get pretty granular with access permissions with it.