Comodo Firewall Pro calculates the hash an executable at the point it attempts to load into memory. It then compares this hash with the list of known/recognized applications that are on the Comodo safe list. If the hash matches the one on record for the executable, then the application is safe. If no matching hash is found on the safelist, then the executable is 'unrecognized' and you will receive an alert.
1.Allow TCP IN from IP Any To IP Any Where Source Port Is Any And Destination Port is Any 2.Allow TCP OR UDP OUT From IP Any To IP Any Where Source Port Is Any And Destination Port is Any 3.Block IP In/Out From IP Any To IP Any Where Protocol Is Any