Hi AdobeJesus,

You need to turn off Automatic Program Control before you can enable Advanced Events Monitoring.  However, the recommended configuration is to leave APC on.  In this mode, whenever a request for network access is made, the firewall verifies that the program making the request is known and trusted and that the traffic is legitimate with no suspicious characteristics.  The firewall can actually query other Norton components for additional information, if necessary.  The firewall actually has more information about the program requesting access and the specifics of the traffic than most users would know on their own.  So, in addition to being more convenient, APC is also arguably the most secure way to operate the Firewall.

Leak tests always give misleading results when Norton is in Automatic Program Control mode.  Your leak test failed, not because Norton does not block that type of traffic, but because the leak test is a known safe program that is not actually engaging in anything malicious, and so is allowed to connect out (your leak test is probably listed in Program Control).  When a malicious or suspicious program attempts to use the same tricks, the traffic will be blocked.  When using leak tests, you do have to turn on Advanced Events Monitoring so that all programs generate prompts.  Norton will then alert you to how each program is attempting to access the network, and the leak test techniques will be apparent.  The important point is that in either Automatic Program Control mode, or Advanced Events Monitoring mode, actual malicious or suspicious traffic using methods that are demonstrated in leak tests will be blocked.  But leak tests themselves, being recognized, trusted, and having no malicious payload, will be permitted by APC, because there is no actual threat involved.