Application Rules auto created as "custom" in Safe Mode

CIS version: 3.9.95478.509

It seems that when my firewall creates the rules for my applications it sets “treat as” to custom, instead of using predefined policies. Is that expected? In various guides, help files and tutorials I keep finding an example of application rules for firefox using predefined policy of “Web Browser”. Because of that I always assumed that these predefined policies were supposed to be applied automatically for COMODO certified applications. Was my assumption incorrect? Am I supposed to review the network security policy periodically and adjust it manually? That would be a tough ask for a non technical, mum and dad type user.

If left unadjusted, aren’t we opening too much? The custom rules getting created for my firefox seem to be very generous. They allow outgoing connections to any ports, while the predefined “Web Browser” policy seems to be much more picky, only allowing http/ftp/dns related ports.

I’m using firefox here only as an example application. In my network security policy all the auto created application rules are “custom” with very wide permissions.

Is my thinking or my setup flawed somehow?