I've decided to give up on WDAC for now. I recently enabled DefaultWindows WDAC policy on my system in Audit mode, but it quickly rendered my system unstable. I experienced frequent crashes, hangs and other problems. I'm not sure if it's a problem with my specific system configuration. Either way, I'm not willing to put up with the instability. WDAC is like a new relationship: easy to start, but hard to maintain. I have no relationship btw. Last sentence suggested by Bard when I requested funny quote about WDAC alternative to this "Windows WDAC: The best way to keep your Windows machine safe from malware... if you're a masochist."
I have not used CFW in many years so I do not know if this one is close to it, but so far I like Portmaster Firewall. It is a free opensource firewall, but you can install in it what they call SPN.
You can watch a video about it at the bottom of the page.
But as long as you do not install SPN then the firewall is free to use, you could take a look if it is a firewall you want to try... or not.