By default, the Windows Firewall seems to block incoming (locally created listen sockets) connections by default. They can then be permitted per exe file.
Is it possible to configure something similar for outgoing connections? So Windows would ask whether to allow or deny an exe's outgoing connections.
We are considering creating a custom GUI to enable or disable this functionality, if available. It is a lower-cost option compared to creating our own firewall.
I would like to know about XP and Vista/Win7.
Which version of Windows are you asking about? I'm sure that control of outgoing connections wasn't available when Windows first introduced a built-in firewall. If you need to support WinXP RTM, I think you're s-o-l.
Many third-party firewalls do provide this capability.
Are you trying to block one specific EXE (that you have control of the source for)? Or all programs on the computer from making outbound connections? Why would you want to do this? And if it's about admin policy control, why not control this on a central firewall?
In any case, take a look at the Windows Firewall APIs. It lets you create all the crazy rules you want to block/allow traffic.
http://msdn.microsoft.com/en-us/library/aa366449%28v=VS.85%29.aspx