I am new to CSA and have been trying to figure out how to block the Windows cmd.exe process outright? Is anyoneableto assist or point me in the right direction
No, you should never change the built-in ruleset unless needed, in this case, you need to create a Policy, a rule module, and add an application control rule with the info i gave you. You attach the policy to the group that your hosts are in, the rule module to the policy, and generate. Just be carefull, CSA is a very powerful tool, and rules can have massive impact in your setup if you are not careful. Try it out on one machine first, this can be done be creating a group and assigning the new policy you just created to that, and then add that group to the host.