I have a callout driver at FWPM_LAYER_ALE_FLOW_ESTABLISHED_V4 layer with the filter condition FWPM_CONDITION_ALE_APP_ID to filter traffic from a specific application.
However, with some applications, they also spawn some child processes and one of them may communicate with the Internet, so filtering the parent process will
give no output, with the filtering condition FWPM_CONDITION_ALE_APP_ID, WFP
filters the process created by this application only.
How can I filter the parent and all its child processes?