When contacting the remote server in order to receive commands, PoisonIvy starts iexplore.exe and injects into it, thus attempting to evade common firewall programs.
How PoisonIvy inject IE?
I use Zonealarm firewall and it really works to restrict many types of infiltrations.