software firewalls and malware spread prevention

Im new to security so bare with me, I just want to clear some confusions I have up about it.

Im using Comodo firewall and Ive configured it fairly strictly, I have blocked all outgoing from the ‘System’, svchost is only allowed to connect to my ISP’s dns servers. Beyond that, there are only trusted programs I have given access to.

So, for malware to operate, generally, wouldnt that require that it creates a weird unknown process and then use that to connect to the internet with?

Alternatively, if it co-opted a trusted process, wouldnt it be clear on my network monitor it was connecting to an array of strange sites?

So, generally speaking, if I configured my firewall right in theory, even if I had malware, I could successfully block it from achieving internet/network access?

PS - I pass the comodo leak tests 100%

A very tight set up.

So, for malware to operate, generally, wouldnt that require that it creates a weird unknown process and then use that to connect to the internet with?
Indeed.
Alternatively, if it co-opted a trusted process, wouldnt it be clear on my network monitor it was connecting to an array of strange sites?
If you would monitor your network you'd see that. Defense + would have warned you if it had tried to co-opt a protected file.
So, generally speaking, if I configured my firewall right in theory, even if I had malware, I could successfully block it from achieving internet/network access?

PS - I pass the comodo leak tests 100%

Indeed.

Quote So, generally speaking, if I configured my firewall right in theory, even if I had malware, I could successfully block it from achieving internet/network access?

PS - I pass the comodo leak tests 100%

Indeed.

Well, yes and no: recent malwares (like “windows shortcuts”) have highlighted the fact that they could use a system feature and windows system application supposed to be trusted.

In such a situation, cis won’t complain at all unless very agressive settings are enforced (adding dll to image execution monitoring, it is very unconvenient).