Just when I thought saw everything with this firewall, I check my log and see an outbound rule for rundl32.exe created! So I immediately change it to Block and it immediately blocks an outbound attempt. Unfortunately, I didn't set the Norton created rule to create a security log entry so I couldn't see who run32.dll was connecting to. My God, if you really want Trojans to run wild, give them unrestricted outbound access via run32.dll. 

Three strikes and your out Symantec and Comodo is back in for my firewall. You have one strike left.