…with any browser, all HTTP (80) connections are allowed by default and there’s no way to block that if needed >>> when starting a browser for the first time with no rule yet, and firewall settings set to ask, you’re only prompted for https connections or else, nothing about “normal” traffic on port 80. So, if there’s no way to block a browser from connecting, there’s also no way from preventing a trojan simulating a browser to connect in the same way right… I understand this behavior is wanted (for browsers) as a browser that can’t connect on port 80 is useless ;D …and this avoids some extra pop ups if firewall is set to “ask”… nevertheless, I’d rather have a rule, even for port 80 ;D
Just noticed, if you tweak a browser’s rule, like you allow all traffic out on 80 only and for the rest: “ask me”, allowing https with “remember my answer” checked, is not remembered, you get prompted again on the next https connection attempt (same site).
May be adding a network policy interface would help, with sets of rules, custom sets etc… 
Also, a GUI glitch in the application rule window: once expanded, you can’t collapse anymore a “sub” entry (ie a program listed under a publisher’s name), unless you expand another sub entry. Main publishers entry collapse well when wanted.