How is the Firewall taking priority over other applications when the PC first boots?

I'm using Comodo Firewall and I see that the Spotify app is loading before Comodo loads; well it seems like that since the Spotify panel appears before the Comodo one.

The apps that you see loading are the GUI components of Spotify and Comodo.

These GUI components are loaded during logon. At this point the protection parts of Comodo are already loaded so the system is secure.

• The protection parts of Comodo (cmdagent.exe and the Inspect packet filter driver inspect.sys) are loaded very early in the boot process (before explorer starts).

• Inspect runs at the lowest level (kernel level).

The processes that protect are actually Comodo Internet Security Helper Service (cmdagent.exe) and the Inspect packet filter driver (which runs under Comodo Internet Security Helper Service).

They start very early in the boot process. Cis.exe is the client program; it is the program that provides the UI and instructs cmdagent.exe how to behave. Cistray.exe provides the tray icon, widget and starts cis.exe.

Protection is provided regardless whether cistray.exe and cis.exe are running.

Source Why does cis.exe get launched as a service?

CIS uses WFP in conjunction with inspect.sys packet filter driver. Inspect runs at the lowest level (kernel level) where WFP runs at higher levels.

Source Is CIS using Windows Filtering Platform (WFP) or what?

What if there is a rogue app that gets access to the internet before the firewall does? How can you prevent that?

A Firewall will not prevent the installation of rogue apps. You need another layer of security to do this, for example an AntiVirus program.

There are also progams that will monitor system changes. I use WinPatrol which has the following alerts:

• New Start-up Programs

  Spyware and Malware need to start in order to run. Protect your startup programs.

• New Browser Add-ons

  Don’t let unwanted add-ons invade your privacy, commandeer or slow down your Internet browsing.

• New Browser Toolbars

  Unwanted toolbars slow your browser down and have the potential invade your privacy.

• Newly installed Windows Services

  A Windows Service has total permission to EVERYTHING on your computer. You NEED to know when one is installed and why!

• Creation of Scheduled Tasks

  Scheduled tasks are a way spyware and malware will schedule one of their minions to run. Don’t let them use your task scheduler against you.

• Changes in File Type Associations

  Malware will typically change file type associations to get you to run their program. In addition, this helps to prevent file hi-jacking of file type associations by impolite programs.

• Newly Active-X components

  You need to know what is installed on your computer.

• Changes to your home page

  Don’t let programs get away with changing your homepage without your permission.

• Changes to your default Internet search provider

  Junkware, malware and unscrupulous entities love to change your search provider so they can control the results.

• Changes to your hosts file

  This protects you for malware redirecting to you their site rather than the real site.

• Changes to Auto Updates Settings

  Malware loves to disable auto updates, stop them in their tracks!

• Changes to UAC Settings

  Don’t let programs change your UAC Settings without your knowledge.

• Changes to Hidden Files

  Get alerted if any new hidden files are added or changed.

Source WinPatrol

Disclaimer

I am not affiliated with WinPatrol in any way, I am just an end user of the software.