Could a malicious app add itself to the network security policy, thereby circumventing it? Just curious.
You would have to allow the malicious program to interact with CIS or its files or folders. You would have been notified before when it would try.