If not already present, add the file group All Files to your Network Security Policy. The rule for this entry should be Block IP In/Out Any Any Any. Make sure to place this entry in the Network Security Policy list below the programs that you want to access the Internet.
By the sound of it(i may be wrong) “Custom Policy” is the mode you should be in.This allows only applications which allready have a rule in place the ability to access the net.All other applications that try to connect to the net will create a Firewall alert.
I myself have only a handful of rules set up, and then if say Nero on opening tries to call home as there is no rule for it in “Application Rules” it generates an alert which i can Block without remember ticked.