Yes. In a bit more detail, there are basically three cases: If an application is recognized by TinyWall, then TinyWall will automatically unblock the inbound and unbound ports that the application needs. If an application is not recognized, but a built-in profile for that type of application exists, you can manually pair the application with the right profile. Example: You are running a WAMP server but TinyWall does not recognize it. You can still assign WAMP the "Web server" profile and WAMP will have inbound ports 80 and 443 unblocked. The application is not recognized and there is no tight profile for it. You can still assign the "Blind trust" profile which will open all inbound and outbound ports to that application. So the application will still work as expected and your other programs will still be protected. The only limitation here is that you cannot unblock applications on a port-by-port basis if there is no better profile that will do. Also note: The upcoming beta has a new meta-profile that allows outbound but blocks inbound connections. For unknown applications that do not need to accept incoming connections this is a much more secure choice than the "Blind trust" profile. It is also the new default profile for unrecognized applications in the upcoming beta.