So you knew about this problem (yes, this IS a problem) for several years. And after that you telling your clients - no, this is not a problem. And maybe in the future we fix this problem, that is not a problem. But no fix for several years!
FYI: the solution is simple - in firewall rule you can let user choose path to exe if it is a classical programm, or select from list of installed modern apps. There is API to tell which folder belongs to which installed app. That way user can create rule for whole app.