I think this has been raised before but never satisfactorily answered. If I set the firewall to "Warn if any process connects to the internet unless explicitly allowed" so that I can explicitly control what is allowed to connect out I get a warning as per my second screenshot. The first highlighted line states "is not trusted" yet the second highlighted line states that the "not trusted" subject will be allowed to connect to the internet in 'X' seconds unless I block it. Surely it should be the other way round and will be blocked by default unless allowed. What happens if I am away from the screen for a couple of minutes and some unknown program tries to call home?