Maybe an application firewall is useful if one wants firefox but not suspicious.py to be able to upload to evil.com
But IMHO the criteria chosen by the user to decide access and then configure the firewall accordingly, is evil.com not the name of the application
That's why the example in this comment uses the name "evil"
Otherwise, the application name "suspicious" would be enough
Maybe an application firewall is useful if one wants firefox but not suspicious.py to be able to upload to evil.com
But IMHO the criteria chosen by the user to decide access and then configure the firewall accordingly, is evil.com not the name of the application
That's why the example in this comment uses the name "evil"
Otherwise, the application name "suspicious" would be enough