The process responsible is "cefsimple.exe". I would say block it in the firewall, but that is not possible. This is a little concerning, since malware could use it against ZA, by using some vulnerability and faking a process under its name, which would allow it to run and access internet. It is a slim chance, but still possible.
Anyway, you could try removing the whole cef folder, but ZA would probably just restore it. You should try it as the first safe option.
Denying exe to run should work as well. It is not an essential process, so there should be no issues. Note, that if ZA will be updating, an update might fail, because it will not be able to access it, in that case reset the permissions, update and block it again. There might be other long term issues, if ZA keeps trying to run it.
I know it's an old post, but would it be possible to block "cefsimple.exe" outbound connections on Windows Firewall?
On Windows 10 Microsoft suggests to keep Windows Firewall enable even if you use a 3rd party firewall, considering that:
to block a connection you just need a blocking rule in either WF or the 3rd party FW
to allow a connection you need an allow rule on both WF and the 3rd party FW