I have NOD32 v 3.0 which uses an http proxy to connect applications to the internet. If I understand this correctly, it creates something akin to a “tunnel”, hiding (including possibly malicious) applications from the view of a Firewall.
One of the ways to deal with this, and still maintain the valuable scanning of traffic, is to set up a global rule to ask for permission for any program to access localhost. That way, when any program is rerouted through NOD32’s ekrn process, the firewall picks it up. Of course, I would want the firewall to remember my decision.