насчет WinRoute + firewall for application (из KWF help):
Conflicting Software The
WinRoute host can be used as a workstation, however it is not recommended as user activity can affect the functionality of the operating system and
WinRoute in a negative way.
WinRoute can be run with most of common applications. However, there are certain applications that should not be run at the same host as
WinRoute for this could result in collisions.
Collision of low-level drivers WinRoute Firewall may collide with applications that use low-level drivers with either identical or similar technology. The following applications are typical:
Application for Internet connection sharing — e.g.
Microsoft Internet Connection Sharing, Microsoft Proxy Server, Microsoft Proxy Client, etc.
Network firewalls — i.e.
Microsoft ISA Server, CheckPoint Firewall-1, WinProxy (by Ositis), Sygate Office Network and Sygate Home Network, etc.
Personal firewalls — i.e.
Kerio Personal Firewall, Internet Connection Firewall (included in Windows XP), Zone Alarm, Sygate Personal Firewall, Norton Personal Firewall, etc.
Software designed to create virtual private networks (VPN) — i.e. software applications developed by the following companies: CheckPoint, Cisco Systems, Nortel, etc. There are many such applications and their features vary from vendor to vendor. We recommend to test each VPN server or client that you intend to use with the trial version of
WinRoute or to contact Kerio technical support (see
http://www.kerio.com/. Note: VPN implementation included in Windows operating system (based on Microsoft's PPTP protocol) is supported by WinRoute.
Port collision Applications that use the same ports as the firewall cannot be run at the
WinRoute host (or the configuration of the ports must be modified). If all services are running,
WinRoute uses the following ports:
53/UDP — DNS Forwarder
67/UDP — DHCP server
1900/UDP — SSDP Discovery service
2869/TCP — UPnP Host service
The two recently mentioned services belong to the UPnP support (see chapter “Universal Plug-and-Play (UPnP)”).
4080/TCP — WWW administration interface (see chapter Chapter )
4081/TCP — secure (SSL) version of the WWW administration interface (see chapter Chapter )
3128/TCP — HTTP proxy server (see chapter “Proxy server”)
44333/TCP+UDP — traffic between Kerio Administration Console and WinRoute Firewall Engine. This service cannot be stopped and its port number cannot be modified.
Antivirus applications If an antivirus application that scans files on the disc is run on the WinRoute host, the HTTP cache file (see chapter “HTTP cache”, usually the cache subdirectory under the directory where WinRoute is installed) and the tmp subdirectory (used to scan HTTP and FTP objects) must be excluded from inspection. If the antivirus is run manually, there is no need to exclude these files, however, WinRoute Firewall Engine must be stopped before running the antivirus (this is not always desirable).
Note: If WinRoute uses an antivirus to check objects downloaded via HTTP or FTP protocols (see chapter “HTTP and FTP Antivirus Control”), the cache directory can be excluded with no risk — files in this directory have already been checked by the antivirus.
так что я пока не вижу решения для контроля за сетевой активностью приложений на машине с установленным KWF
написал в support, посмотрим что ответят...
) Когда ставишь сей продукт он те предложит галки поставить нужные... 
), и способа защиты не изменили, так что крякается легко.