I can't think of any reason why a process would need to act as a server to retrieve information from a database on a McAfee server. The possible excpetion would be if the process was attempting to use the FTP protocol in active mode to transfer data from the server which would require the process to accept an incoming connection for the data channel. This requirement can easily be removed by using FTP in passive mode.
The fact that the process is attempting to accept incoming connections implies that it is "listening" for requests from the network (hopefully from a McAfee server) but this typically introduces an avenue that malware writers can use to infiltrate a user's system (assuming they can find a weakness in the code the server process is running).
Could someone from McAfee support or engineering please explain why the SAservice process needs to accept incoming connections and the effect it would have on the functionality of the product if a user blocks incoming connections to this process?
Not a developer of the program.. but just a thought...
It's easy to resolve one way or another... Access the ZA settings and "block" it in the "Server/Internet" column.. If the program doesn't work, then you'll know your answer.. If the programs still works as designed, then leave it that way. You also won't continue to get the pop "allow/deny" request.
A number of programs, including ISP's with Internet Explorer and such, attempt to ping their program so they can stay connected or update, or confirm it's presence, etc.. SiteAdvisor DOES update.. Most don't require the "Server" setting to be "allowed".. Some do.. Changing the settings to "block" the server option generally won't cause an issue.. If it does, you have a decision to make.