While looking into what wermgr.exe was () and why it was trying to communicate with 65.55.53.190 I found this page with some useful information about how to generate a XML file with the reasons why a connection is blocked…
http://superuser.com/questions/451862/windows-firewall-blocks-outbound-connection-that-is-allowed-by-a-rule
After asking for help in the Windows Filtering Platform (WFP) forum on MSDN I learned that you can capture the activity of WFP (which the firewall employs) using the following commands:
netsh wfp capture start
netsh wfp capture stop
The resulting log file is XML which makes it human readable and from that file I learned that wermgr.exe is blocked by the rule WSH Default Outbound Block with the description Blocks all outbound traffic for services who have been network hardened. Apparently, this rule takes precedence over my “allow” rule.
I’m not sure exactly why wermgr.exe is affected by the Windows Service Hardening default rule but I assume that one of the hardened services execute wermgr.exe to perform a task of connecting to the server at 65.55.53.190 (a Microsoft IP address), and wermgr.exe is then blocked just as the service would be.
As yet untested, but looks interesting…