Ladies and Gents, there appears to be a new MZWriteScanner build available in Beta Camp (https://excubits.com/content/en/products_beta.html). I am assuming that this is the one which supports parent process control/checking. Florian may have done this similar to recent Bouncer beta, in which the parent rules are combined with the regular WHITELIST/BLACKLIST sections. There has not yet been a blog post to announce this build yet although there were a couple of blog posts suggesting that it was coming soon. The drivers are SHA1/SHA256 signed which is great. Although it is not Microsoft Windows cross signed at the moment. This is better than having to use Test Mode for running unsigned binaries though. Here is example MZWriteScanner.ini included in updated package: Code: [#LETHAL] [LOGGING] [#FORENSICS] [SHA256] [#READBUFFERX8] [WHITELIST] [BLACKLIST] *>* [EOF] EDIT: Yes, I can confirm now that this is definitely supporting of parent process checking. Excellent stuff here! And supposed to retain list of hashes to continue blocking newly dropped binaries after reboots as well.