Normaly most products (VSE 8.7 and then 8.8) used the same firewall ports. Also applications adding themself to the Windowsfirewall are normaly bound to the executable of that program. So if that program isn't running, the firewall port isn't open. In other words, the application is free to open all needed desired ports in the system.
In my case where VSE 8.8 is installed with Agent, I only have 6 firewall rules, all named "McAfee Framework Service", one for each network profile (domain, private, public) and UDP or TCP. We have one additional rule to remotely install Mcafee Agent, which we added ourselfs.
I don't think that's a lot of rules to be honest.
I don't know if the uninstall process of VSE 8.7 would remove those rules though, but I'm pretty sure that they get newly created if you update to VSE 8.8. Also, did maybe your installation directory change between the versions?
Install location does not change it just keeps on creating the rules which are not required as we have our own locked down rules distributed by group policy and locked down to certain ips, and not 'any' thing.
It just seems like a nightmare and if there was a way to disable this auto creation of the firewall rule all my issues would be solved.
if it was to check to see if a 'default' rule was created it would not go and create more!
I have raised a PER for this back in nov 2013
I forgot to mention there are no standard options in MID to prevent the firewall rules from being created.