As I have described to Matousec several times, Mamutu is made to block real malware samples, not to pass leak and performance tests.
The product purpose is different to firewalls and HIPS.
Firewalls and HIPS are made to alert every single suspicious action without combining them to alert a bad behavior.
Behavior Blockers like Mamutu are made to show the least possible number of alerts. Mamutu alerts programs that are most likely real malware. We're working hard to NOT alert good programs. E.g. if a program runs visibly (like a test tool) the malware scoring is much lower than if it runs hidden (like real malware). Mamutu does not block shutting down the program by the user (a test tool is more or less the same, manual action), but Mamutu blocks shutting down by real malware.
That's why I told matousec to test with real malware. Mamutu is proven to be one of the best behavior blockers beside Threatfire, Antibot and others (which are both missing in the 'firewall' test btw.) to block real in the wild malware.
While all security programs can be improved when it comes to self protection e.g., most real malware samples are cought long before they can even try to kill Mamutu.
Matousec's test does not help us a lot. It does not help us when they tell us that Mamutu does not block TCP, UDP and ICMP traffic. We already know.
And we don't have plans to add such features as the program is NOT a firewall.