The Windows 7 firewall seems to just give permission or not give persmission to apps.
Is there a way to have it ask for permission for each program (ideally with an option for allow [don't ask again]).
This has been a standard feature of 3rd party firewalls like Zone Alarm for 10 years now.
AFAIK, this can only be set when a program would otherwise be denied access according to the current rule set (not if it would be allowed), so it should fire for new programs requesting Inbound, but not Outbound connections.
Control Panel > Windows Firewall > Change Notification Settings (left panel). You'll see "Notify me when Windows Firewall blocks a new program" option.
<del>I haven't tested this, but, by default Windows Firewall allows Outbound connections if none of the rules match (so for a new program). Perhaps, if you change the default behavior to Block, it would always ask you for both inbound and outbound connections. You can change that under Control Panel > Windows Firewall > Advanced Settings (left panel) > Windows Firewall with Advanced Security on Local Computer (this might vary, but it's the top item in the tree) > in the Overview section click Windows Firewall Properties link. You'll be able to set default behavior for various network profiles (public, private, etc.)</del>
Based on discussion here and personal experimentation, that notification is only shown for blocked inbound connections. It is not shown for outbound connections even if these are blocked by the default setting.
There's also some discussion here: https://superuser.com/questions/217551/how-can-i-configure-the-windows-7-firewall-to-prompt-me-on-outbound-traffic
Start> Windows Firewall
Choose Advanced Settings from the list at the left (under the heading Control Panel Home) That'll launch the Windows Firewall and Advanced Security
Choose (from the list to the left) either Inbound Rules or OutBound Rules. (In my case, it was Outbound rules).
Choose from the list of Actions in the right most column "New Rule.." (or open one of the existing rules by double clicking it.
yes, it allows you to do that. You can set windows firewall to prompt you once whenever a program needs access for its first time.
(source: arstechnica.com)
Install GlassWire. It asks you and automatically creates Windows Firewall rules. But this option is not free
https://www.glasswire.com