Parent process information is missing for Firefox IPS events in Symantec Endpoint Detetction and Response
Article ID: 189587
Endpoint Detection and Response
When reviewing an Incident for a detection related to Firefox activity, it does not show Process Lineage information for the Parent's PID (Process ID).
This is due to how Firefox is launched. Firefox launches as a root process, so it has no parent process. Chrome and IE/Edge by default launch from the explorer.exe process.
This is by design. The SEP client can only provide SEDR with event information for the actor when the event involves Firefox activity.