It's the filter configured per user, or is it system-wide? I know you can filter per-user with IP tables and whatever the newer one is, but I haven't dug that deep into open snitch. Maybe a single trusted user account without a login that you could su into? I wonder if you could also whitelist a VM process and spin up single-use VM sandboxes to use when you want to do a bunch of work like that.

Definitely a minor hassle to set up compared to just saying yes or no to permissions, but it's not complicated, if it works.