An external hardware firewall may be able to block ports, either incoming or outgoing, but it has no knowledge of which program on the ‘protected’ computer generated the packet. A good software firewall, properly configured, on the ‘protected’ computer may have access to that information, but the firewall only has the info in the packet header (which is only as accurate as the program generating the packet chooses to make it, and usually contains no information about the program that generated it anyway)
Spyware is (in the opinion of the computer) a program that the user installed. This makes it different from many external attacks. Usually such spyware uses ports, like HTTP (port 80) that most firewalled users have open, and routinely use for essential activities. The firewall can’t know what you intend to do, of if you intended to do it.
Never ask a firewall -a hunk of plastic and cheap electronics- to be smarter than you - if only because it’s so depressing if it succeeds.