CIS does NOT block network connections prohibited by rules


I have CIS Premium version installed on a clean OS Windows 10 Pro version 2004.
Windows Firewall is disabled, CIS firewall is enabled and configured as ‘Custom Ruleset’.
The Application Rules for Google Chrome has Firewall Rule Set ‘Web Browser’.
After launching Google Chrome in the ‘View Active Internet Connections’ window, along with the allowed connections for chrome.exe, there is also a TCP OUT on the destination port 5228.
This connection is denied Firewall Rule Set ‘Web Browser’
The ‘netstat -aon’ utility also shows the connection in the ‘ESTABLISHED’ state to external port 5228 for the chrome.exe process.
Moreover, this connection is in the ‘ESTABLISHED’ state all the time while Google Chrome is running.
What does it mean? What could be the reason? Can I trust Comodo after that?

Thank you for attention.

One of the rules for the web browser rules et is Allow Outgoing FTP-PASV Requests which means it allows all outgoing requests to TCP ports above 1023. Specifically allow out TCP where destination port is NOT in [Privileged Ports] = 0-1023.

Thanks for the answer!

Yes, you are right, I was careless and did not notice that the ‘Exclude (i.e. NOT the choice below)’ checkbox was checked in the ‘Destination Port’ tab of the ‘Allow Outgoing FTP-PASV Requests’ rule.
I’m sorry, I was wrong. I’ll be more attentive next time.
I am very glad that I can continue to trust Comodo Internet Security, which I have been using for a very long time, since the days when Comodo was only a firewall.