generally I tried to find firewall with ability to protect against "side effects" any application, called "phoning home" (for example to check if licence is ok or stolen - kg, crack, loader etc.) without knowledge of this fact of user of this application.

I dont mean applications with neccassary access to site of author for updates of avir bases (in this example it is maybe impossible to fight against this "attack") but generally other applications that not requires access to any websites, for their functions is sufficient ruh as standalone app or app with access anywhere but not to site of their authors without knowledge of users.

For example

http://www.tinysoftware.com/forum/showthread.php?s=&threadid=703

http://www.tinysoftware.com/forum/showthread.php?s=&threadid=540

If it is possible to be protected with LnS against this type of "attack", what rule in LnS is correct for protection ?

If the applications main functionality isn’t related to Internet access, use App-filter to deny Application connecting rights, otherwise you may need to make rule in Internet filtering to block specific connection to, or connections to IP and Ports. ;)

In case the application needs to connect to internet for its own functionality, you can specify the main ports the application is supposed to use in the Application Filtering. If the application is using another port to phone home, this kind of access will be blocked.

Frederic.