Block all except for one port

I want to block all connections in / out for the process svchost.exe, except for the connection made through port 53, cause I figured it needs this connection for DNS.

Screenshot →

As you can see, I added the rule to block all connections by svchost.exe except for port 53.

My question is: why do I still get this popup as shown on the screenshot which asks me if I want to allow the connection or not after I made a rule to allow this particular connection?

Hi valentino, welcome to the forums.

Because SVCHOST is classified as a Component because it has no direct interaction with the user.

In CFP, the Application Monitor is for programs that interact with the user directly & the Component Monitor is for those components (EXEs, DLLs, OCX, etc…) that have no direct interaction with the user.