So, to answer both of your questions, 10 times out of 10 when someone stops svchost.exe from accessing the Internet, it's not svchost.exe that wants the access as it is only the messenger. It's always some other program element on the machine that wants to use svchost.exe on its behalf. That would be an O/S or malware program wants usage of svchost.exe.
So, one stops Svchost.exe from accessing the Internet with App Control not knowing what really wants the access. Then one turns around and allows svchost.exe to access the Internet for some other reason. What happened to the reason that svchost.exe was stopped not knowing who, what and why one stopped svchost.exe. The other reason didn't go anywhere and is still on the machine. Many elements on the O/S that provide Internet access are treated in the same manner. One stops the access for an element but one knows not the reason why and then let's it have access for some other reason.
Malware can beat a PFW with App Control at system boot and get to the TCP/IP first and be done before any non-integrated O/S component such as a PFW solution with App Control can even get their and stop it. MS XP for SP2 is supposed to have App Control that will get to the TCP/IP first since it will be integrated with the O/S.
Secondly, most users use App Control as a crutch and if it's not sounding off, then one thinks everything is an OK when malware has circumvented and defeated the APP Control solution. Or it sounds off so much that the user just resorts to blowing it off and clicks *yes* let it go as I am tired of it asking.
I use to be a big fan of App Control in the PFW solutions. I am not anymore and I have looked at App Control in some of the other products as well. I use other tools and means to tell me what's happening. BlackIce with its App Control is active on the machines. I consider BI's App Control to be one of the best but I don't depend upon it either. I don't consider App Control to be the stop all and end all solution in any PFW solution as many others do.
IMHO, it's damn near worthless as far as I am concerned. :)