When the VigilEntAgent.exe service executable starts (AegisIQConnectAgentService and NetIQResourceManagementNamespaceProvider services), it binds to all IP interfaces on the machine (0.0.0.0). This can expose the WFA server host to unwanted remote connections. (For example, it is possible to connect to https://wfahostname:2219 from a remote system because of this automatic binding to all IP interfaces.) For many (most?) customers using WFA, there's no point in these services listening on any IP interface other than localhost.
There should be a configuration setting in the registry for VigilEntAgent.exe that lets the customer configure which IP interfaces it listens on; for example: HKLM\SOFTWARE\NetIQ\WFA\IQConnect90\IPInterfaceListen (REG_SZ) = localhost and HKLM\SOFTWARE\NetIQ\WFA\ResourceManagementService\IPInterfaceListen (REG_SZ) = localhost (or something similar).