I need a solution
If we add %windir%\system32\cmd.exe to the interactive safe applications list, anything run in the cmd prompt context is also allowed as presumably it's inheriting from the safe ps. How can CSP be configured to allow cmd but stop anything running under cmd unless in the white list?