Use windows build in firewall, or if you are intimidated by its bad UI install Windows Firewall Control https://www.binisoft.org/wfc.php and set Outbound connections to blocked. Then you can punch holes on a program by program basis starting with DNS/DHCP.
I seriously doubt one computer firewall can give complete protection to that same computer os.
And black lists are uncomplete lists not to mention changes in dns and not to mention possible hardcoded unknown addresses. And white listing game or two and yt and netflix etc
is a lot of work, probably with temporal success...
Windows just is not open source... Without NDA. And even with it - is it possible to compile your own Windows binaries and install it ?
1 if windows firewall had hardcoded gaps it would fail DOD and government requiems
2 no lists. You set it to DENY ALL and then punch holes just for your own programs. One caveat is disabling DNS Cache service so that you can granularly control which apps can have dns access.
