Correct answer? I had to check personally and spend precious time. I must say that I’m a terrible supporter of Windows 7, I’m used to it, but all that stops me is surveillance and security, I don’t really care about the rest: it’s a little difficult to rebuild, but XP was also everything.
A gamer by nature, so DirectX 12 support and Microsoft's update policy for the old system and new processors is not to my liking. In turn, installing dubious modifications in Windows 7 is completely not the style, I even better accept the new design in Windows 10 than this move. As a result, I finally installed Windows 10 on a computer with COMODO Internet Security, connected an Asus router in front of it, showing all established connections: trust, but verify, as they say.
As a result, the result of the firewall's work is satisfactory, with a total blocking nothing is sent, with a radical unlocking, an outrage is created, the golden mean shows itself best of all. What else is needed for happiness? People download some kind of activators, all sorts of "surveillance protection" from I don't understand who, and in this option only a protection tool from a well-known company that earns mainly by selling security certificates to sites and the basic system itself participates. It is convenient to live legally, a minimum of risk, I bought the key in advance.
The result obtained is objective, you can repeat it: install Windows 10 version 1607, then install COMODO Internet Security version 10.0.0.6086. SHA-1 checksums: CDAE99FC30ABEAF92CB1418F200EF883343C1552, 328A368C7FD8356782202B41C0DA6576E2A48402.

To what extent does COMODO Firewall and other similar programs configured in manual mode help against sending telemetry to Microsoft?

I wouldn't trust an external firewall either. Temporarily this may help until the streams fail telemetry streams to anger the MS. The system can store and process telemetry locally. And as soon as the opportunity arises, he will send it in an alternative way. What's stopping me from sending data via dropbox?
Therefore: If you don't want telemetry, don't install a system with telemetry.

It is advisable to use a hardware firewall, and you can get a list of unwanted domains from DWS windows 10! At work on zyxel keenetic, I added all advertising domains like google ad, r.mail.ru, yandex ads + microsoft servers from the DWS utility for the rule!