Rvsmon does not close socket

I noticed that after Returnil checks for updates, rsvmon does not close the socket and is always in Close_Wait status and sometimes there is more than one entry. Why is rvsmon holding the connection(s) open?

Al

 

what are using to monitor state of sockets?

 

TCPView from Sysinternals and Current Ports from Nirsoft.

Al

 

Hi Adric,
The service is simply waiting for a command (remote management in a network), a message (Ex; updated build available for download, new license assigned, etc), or could be sending potential malware file and/or suspicious file activity reports to the AI analysis server.

Mike

 

Yes, but Returnil is always holding the connection(s) open. My understanding of CLOSE_WAIT was that the local side received a FIN from the other side and the OS is waiting for the program at the local end to actually close its connection which it is not doing. Would it not be better to close the socket rather than leaving the socket open for infrequent data?

Al

 

Good question. Let me check with the development team to get a more detailed reply on this.

Mike

 

Hi Adric,
I have a reply from the engineering team on this:

Mike