Airlock v4.5 introduces parent process whitelisting and blacklisting support.
Administrators can now define trusted applications which can be used to execute code on a system. This is particularly useful for developers that may require the ability to compile and execute unsigned code from a particular application without restriction.
It also allows administrators to define in what context a particular application can be used, making system hardening significantly easier. For example, administrators can now lock down an executable such as ‘wmic.exe’ from being used by the system, except for applications that require it for operation. This makes achieving a high security application whitelisting ruleset, significantly easier.