Many Windows processes/services, along with various applications use IGMP to communicate. By default, CPF's rules do not explicitly allow it.
Here's my take on that, as with any type of traffic (IP Protocol). If you don't need it, why allow it? We are all aware that Windows has plenty of security holes/issues, and since these things happen in the background (without the user's specific knowledge or consent), this could be a security issue.
That does not mean that it is a security issue; just that it could be, as you don't specifically know what the communication entails. If your applications are working without problem, then what's the point in allowing it. If you have a problem with connecting, or with an application connecting, and the logs (and research into that application) seem to indicate that the Protocol is needed, then you can create a specific network rule to allow that, so that the application can communicate.
Hope that helps,