i actually had to reverse it to allow it in my house.
I have a list or port numbers for you to block, try that and see if that helps.
Also, one way of blocking to to set your policies to only allow http/s out.
For example, i typically havd a dns out policy that allows all internal to access 220.127.116.11/18.104.22.168
next i do a NTP one just for times sake
then a policy for http/s traffic.
after that is anything that is custom, smtp, cloud, what have you. that way only allowed traffic is going out, everything else stays inside and cant do anything.