We would like to be able to have isolation exception rules mapped to specific executables in addition to IP addresses. Currently, cloud RMMs/remote tools can't be effectively allowed, nor other tools like endpoint PAM that would be useful in isolation incidents, without having to un-isolate the host. The WFP filter engine appears to allow rules defined by executable, which seem like would give us the capabilities needed.