自己解答一下,for other's reference.
在Change settings下的Configure Settings里第一个Firewall面板,有Unmatched IP Traffic Settings,选择Allow only application traffic,同时勾选Prompt before allowing application traffic,done!enjoy!
若要更改设置,可以点击Status下Network Threat Protection的Options,再打开View Application Settings,里面的内容就不细提了。