I confirm, creating an outbound rule on the firewall to block everything and enabling it before playing the game works well.
Not only the game executable access the web (GearGame.exe) but also Xbox app and such, so many exe/services, its simplier to block everything the time to launch the game and disabling it just after (i also have a rule which block GearGame.exe and which it is always on)
Sorry for my english, not my native language
Edit : Apparently creating rules to block GearGame.exe and InstallApp.exe (in both inbound and outbound) is enough.