Why are you running software that randomly opens firewall ports?

Within my risk appetite on trusted network segments. I have bigger issues if malware is operational within the trust boundary, it can do what it needs using outbound connections just fine (recon, lateral movement, etc). Your risk appetite might differ.