Finally, please describe for each executable (standalone & services) it's necessity to access the Internet
This is a security issue.
It's really strange that we use operating systems which do not describe its executables and their eligibility to access the internet.
If we monitor which programms access the internet on a Windows Machine, then we really often have to google for its executable name and just get informations like "we do'nt know what it does, but it is probably safe to allow internet access".
1) Finally, create a professional application & service architecture. No, to route everything over svchost.exe is not a secure design. Not at all.
2) Finally, create a datasheet for each executable and answer those questions:
a) For what is it responsible?
b) Is it a helper for a superior Function? (e.g. Hyper-V probably has different executables and services)
c) Does it need access to the LAN? Why?
d) Does it need access to the Internet? Why?
e) What kind of Data is transmitted?
We expect to get all knowledge, so that we are sure what we are doing when we create outgoing firewall rules.
Everything else is reckless.