Its rule based. Its not a HIPs, it has no signatures. It doesnt need updates like most traditional AV's with HIPs and FW's built in.
As a dogged, stubborn, persistent user of Win7, I am presently using PCTools FW PLUS. However, I just gave Evorim a brief test run and was very impressed. I have it in my scope as a possibility because it includes Win7 & subsequent Win versions, PLUS it is CURRENTLY being vigorously maintained & updated.
Dunno which one is a best but for casual home user enought can be NetLimiter Not only can block allow connections but you can also priority and limit bandwich conection With this feature you can download and play game with out get lags (ofc if your provident dont faill with quality conection)