I think this has been raised before but never satisfactorily answered. If I set the firewall to "Warn if any process connects to the internet unless explicitly allowed" so that I can explicitly control what is allowed to connect out I get a warning as per my second screenshot. The first highlighted line states "is not trusted" yet the second highlighted line states that the "not trusted" subject will be allowed to connect to the internet in 'X' seconds unless I block it. Surely it should be the other way round and will be blocked by default unless allowed. What happens if I am away from the screen for a couple of minutes and some unknown program tries to call home?
We've had massive support headaches from automatically blocking programs through the firewall in the past so by default, we will allow it if not acknowledged after one minute. At that point, the unknown program will have already been running on your system anyway - we're definitely more keen to just keep it off to begin with if malicious.
Thanks for the usual prompt reply Joe. I suppose this could only be addressed if there was an 'expert' setting for us Wilders types
Why not a box offering the decision be made in advance? "If you want an untrusted program to automatically be allowed to access the internet in 1 minute place a check mark in the box. Otherwise WSA will block it from accessing the internet." I'm no expert but I could figure that one out. Hugger