Couple of years ago I tried to think about how to bypass that, and after a while I came up with this simple trick that works regardless of the firewall software, i.e. it does not alter the firewall.
ObjectFromLresult. It might be funny to see a trojan horse written entirely using GET requests, but on the other hand it scares me a little bit because for example ZoneAlarm and AVG couldn't detect it.
I wrote a small C# application to prove my point. You can download it from here:
It has 2 buttons: the first button attempts to make a normal HttpWebRequest, and tells you whether it succeeded or failed. If it failed, then probably your firewall is blocking the application. In that case you may want to try the second button.
This is the code that creates a new Internet Explorer instance and gets the DOM object from it:
(I found it on the internet)
The user can see the Internet Explorer at the taskbar, and the Thread.Sleep is weird, but both can be fixed sometime.