Unfortunately for every computer its a different situation. Basically software firewalls work in two ways.
Packet Level (Hardware firewalls typically only use packet level filtering)
In packet level, a firewall is supposed to deny all
inbound access to your computer from a remote computer. This effectively protects you from all vulnerabilities in Windows that can be exploited by a remote user. If on the other hand, you need to provide access to certain servers on your computer (web server, ftp server, etc) then you can specifically tell the firewall to allow these ports to be opened.
When I say ports, I mean either TCP or UDP ports. When a program that allows remote connections, which makes it a server, starts it connects to a TCP or UDP port on your computer and listens on that port for connections. By default a packet level firewall should block inbound access to all ports on your computer. If you need remote users to be able to connect to these ports remotely, then you would need to open these ports on the firewall. More info on tcp/udp ports can be found here:http://www.bleepingcomputer.com/tutorials/tcp-and-udp-ports-explained/
For the majority of home users you will never need to adjust the packet level filters of a firewall. Just let it deny everything inbound.
Now when you see event alerts, that typically just means that the firewall blocked access to your computers as it is supposed to be doing. The Internet is a big place and there are constantly programs, worms, malware, hackers, and scripts attempting to exploit vulnerabilities in your Operating system or other programs running on your computer. So these attempts are being blocked by your firewall and letting you know.
Now application level works a bit differently. With application level firewalling when a program attempts to access the Internet, your computer will ask you if it should be allowed. For the most part you should be able to tell what program should be allowed. For example:
- Internet Explorer needs to connect to remote web sites so it should be allowed to connect.
- Windows Update (C:\Windows\System32\wuauclt.exe) should be allowed to connect
- Antivirus programs that need to update definitions should be allowed to connect
- Itunes should be allowed to connect
Etc, etc,etc... If a program utilizes the Internet in some manner, then it needs to be allowed through the firewall in order to function correctly. Now the application level firewalling also helps identify malware. For example, if one day you are using your computer and a strange program is trying to access the Internet, then you can deny that access and scan that file at a site like www.virustotal.com to see if its malware.
Also remember, any blocking or allow decision you make when it asks are not permanent. If you block an application from using the Internet, and decide in the future that you need to allow it, you can always go into the Mcafee firewall console and change the permissions on the app. i am not sure exactly where you do that, but all software firewalls support this.
So, use your judgement when allowing programs access. If you are confused you can always ask us here.
Hope this helps.