We are experiencing a high volume of elevation requests related to shpafact.dll (identified as “Virtual Factory for Windows Defender Firewall CPL”), which appear to be triggered indirectly by various parent processes across different applications. 1

Currently, each of these requests must be reviewed and approved manually, resulting in a significant operational burden and increased technician workload. 1

Requested Enhancement

We would like to request more granular rule criteria options to reduce unnecessary elevation prompts while maintaining security integrity. Specifically:

Ability to create elevation rules based on parent process

Support for rule conditions such as:

Command-line arguments

Event title

File description

Context-aware elevation rules that allow controlled approvals without broadly approving a DLL globally

Business Impact

Without these capabilities:

Technicians must repeatedly investigate similar elevation events

Productivity is reduced due to manual approvals

There is increased risk of either over-approving or delaying legitimate operations

Desired Outcome

Providing more flexible and context-aware elevation rule options would:

Reduce repetitive approval workflows

Maintain strong security controls

Improve operational efficiency for managed environments