Brandon, I think you're getting your applications slightly mixed up, which is not surprising, as some of the ones you are looking at have some overlaps in function.
They have different ways of achieving their protection.
First, Threatfire is not a firewall. It is primarily a behaviour blocker. This will monitor your system and alert to changes something might be attempting which are deemed unusual, and therefore, suspicious.
The version I'm using does not have AV built in, I think there was an AV component with at least one of the versions. It does make reference to the AV definitions to identify/confirm a known malicious process. It is closer to a HIPS than a firewall or an AV.
PCTools firewall (any firewall, in fact) at its basic level prevents unsolicited and unknown items entering the computer via any web -facing application. It also prevents unknown processes from connecting outbound until the user allows it. (Windows firewall does not have this outbound control.) It is essential to have a firewall present in your setup, and preferably one that can control outbound. PCTools (and a few others, such as Comodo with D+ and OnlineArmour) also have a HIPS-like component, which is where some overlap may occur with programs like Threatfire.
That said, I regularly get alerts from both programs when installing or updating certain software (mainly stuff that replaces system drivers and the like), but they do not alert to the same process at the same time. One might alert to the fact that something is trying to access system32 in a suspicious manner, while the other says nothing. Then the other might say "XXX is trying to use YYY to connect to the internet in a suspicious manner..." etc. So although there is some overlap, they are guarding different things.
Programs that rely on definitions such as Avast, Panda Immunet Protect etc are more like traditional AV programs, and will scan files as they arrive from the web for malicious content. Some of these also have a HIPS-like aspect, which is another way of saying heuristics. (There are a few different ways of creating heuristics. I don't know that much about it. Some run the file in a virtual environment to ascertain what it will likely attempt, some analyse the file structure to ascertain likely behaviour, there are different methods. FP rate is likely to be higher with something detected heuristically; it's nothing more than a good guess. Sometimes very good.)
So you're trying to compare oranges with apples, or cabbages, when trying to see how TF compares with other programs as tested by Matousec. So don't worry too much about that 5% rating. I haven't read the test, haven't been to the site for a while, actually, but I believe he would have been testing it against a a set of criteria it wasn't designed for. It's good at what it does. It wasn't designed to pass leaktests, though.