From a Ben Andrew white paper.... Basically this blocking was meant for process outside of browser that are using port 80 to download or upload content.
“Prevent HTTP communication”
Many spyware, adware, and Trojan programs use port 80 for software downloads, bundled components,
or updates. This rule will prevent any service (using svchost.exe) from communicating over port 80. This
would stop common spyware and adware delivery mechanisms. Some server software uses port 80,
although this isn’t common in desktops.
This rule will block all HTTP communication for processes not in the exclusions list. Like FTP traffic, HTTP
traffic is used by many applications to retrieve or transmit data. Spyware, adware, and Trojans also
commonly use HTTP communication for software downloads of third-party components or updates.
There are also many legitimate reasons for processes to communicate via HTTP. Many applications use
a registration or self-update procedure that communicates over HTTP. Without the process being listed
in the exclusions list, the traffic would be blocked; therefore, McAfee strongly recommends a thorough
test and review cycle before enabling this rule.
Intention: Many Trojans download scripts or other Trojans from websites controlled by the Trojan’s
author. For example, http://vil.nai.com/vil/content/v_100487.htm. By blocking this communication,
even if a system becomes infected with a new unknown Trojan it will be unable to download further
Risks: HTTP is a very widely used protocol. While we have included popular web browsers in the
exclusion list, there may be many programs you may need to add based on your particular environment.
ID and name in Host IPS:
There is no corresponding signature in Host IPS.