Which is the network monitoring application that you are using ? I did the same on my side and I do not see any allowed connection for MSERT.EXE. I didn't create any kind of rule for it. Default inbound block, default outbound block. There is no trick, elevated privileges will allow unrestricted access to Windows Firewall. If a malware gains elevated privileges, this is usually possible because of the user launching and allowing it through the UAC prompt.