That doesn't sound good, Does it send lot of data when you disable check for updates?While I really like the firewall, I found that it sends an alarming amount of data to a certain Server starting with 40.x.x.x
Now that I was looking at it with Microsoft Message Analyzer for a while it stopped doing that. Right now it only connects to anything if I request updates.(This time it's only "henrypp.org")
I only have records of it with process monitor. But there's not much information. Not even the IP. (Oops)
It does that many times per second with a payload of about 11300 bits over UDP
Can someone please look at it (Newest version) closer in a VM, with MMA running outside? I suspect it detects package analyzers.