No matter what program expert rule you make there are a few things that need to be done and known.

First in program rules ALL rules will apply, whereas in a Firewall expert rule, only the first applicable rule applies. Second when you create an program Expert rule, there is one thing that needs to be added and another added depending on how you set up your zones.

The rule that should always come in last (the rules are applied in order from 1 to whatever) is a blocking rule. Create a new rule and name it blocking (or whatever) then select block for an action. You can leave everything else the alone. This blocks everything except what you have allowed in rules prior to this one.

Another rule that you may need is a rule for DNS lookup. If you add this rule to each program then you can control it to a single port and not put the DNS servers in the trusted zone, but in the internet zone. And for that, create a new rule, name it DNS (or whatever)as a destination add both (or all) of your DNS servers, then in the protocol section, open only the DNS port. This allows only DNS to go between your computer and your ISP's DNS servers.

The big thing to remember is that in the program expert rules, they are ALL looked at for permission from 1 to the last, and you have to add the blocking rule or all ports are open. This is real handy in email clients. No more junk coming thru (pictures and remote pages and objects).