Misleading Firewall Event

I just sent 2 hours trying to fix a problem with my Firewall configuration (in CIS 4.1) however it turned out that it wasn’t a problem in my firewall configuration the problem was that there was nothing listening for the incoming connection.
As nothing was listening CIS was adding an entry to the log saying the connection was blocked, and thus I was led to believe that the problem was in the firewall configuration rather than elsewhere.

I suspect what happens is that CIS sees an incoming connection, it finds no application listening, looks through the list of applications and doesn’t find an entry for this app so uses the implicit rule which logs and blocks the connection.
It would be much more helpful if instead when it didn’t find an application listening it added an event that identifies this as the problem - such as by listing “no listener” as the action - or “No listening application” or “Not found” as the application.