I have a couple of questions about cmdagent service. This service uses wininet.dll to connect to the internet. The two ip addresses are 220.127.116.11 and 18.104.22.168. My OS is XP Pro SP3. The current version of CIS is 5.3176757.1236.
What is the reason that this service opens a couple of ports and then closes them and waits?
The second question is about global network rules and blocked networks. Both have a box to check for exclude. It seems to mean exclude the rule or blocked network, but does not do it. In fact using it to block the above addresses yesterday under blocked networks, it seemed to block all network communication. If I recall it did not seem to block all traffic when implemented under a global network rule. But continued to block the two ip addresses above.
No more questions. Everything has been made clear by the two responses. I have no issues with CIS. The original question was just to clarify how the “exclude” box works and the purpose of two ip addresses. Both were answered.