In a case like you’ve so very well outlined above, once in either Monitor or Protect mode, NeuVector will log those connections that don’t have an explicit allow with a “Implicit deny rule was violated” alert. One then gets the option to react to any of those deemed “false positives” by using the

Review Rule

button to add the connection parameters to the list of explicit allow rules.