How Windows Firewall knows whether it has prompted the user to allow a program

When a program tries to start listening in a manner that doesn't match an existing firewall rule, Windows Firewall pops up a dialog asking whether to allow the program through the firewall. No matter whether you choose "Cancel" or the choice that lets it through, a new rule is created, to block or allow traffic from that EXE, respectively. The interesting part is that rules created in this way are marked specially in the Registry. All the rules are kept here:

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules

Each program-related prompt creates two rules, one for TCP and one for UDP. The Registry value names start with TCP Query User and UDP Query User, respectively. To bring the prompt back, remove those rules either by deleting them in the Windows Firewall MMC snap-in, or by deleting the corresponding Registry values then restarting the Windows Firewall service.

Based on my Super User answer.