App Control: Why Are Agents Reaching Out to Online Network Locations?
book
Article ID: 286633
calendar_today
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
Why does App Control randomly reach out to online network locations?
Environment
App Control Agent: All Supported Versions
App Control Server: All Supported Versions
Resolution
The Agent is designed to utilize the Windows Cryptographic API to validate certificates used to sign files.
Regardless of whether Agent-based certificate revocation checks are enabled, the App Control Server validates certificates in its inventory on a recurring basis to make sure they have not been revoked. This validation generally occurs on a weekly basis and involves downloading Certificate Revocation Lists (CRLs) from Registration Authorities, or making Online Certificate Status Protocol (OCSP) calls to OCSP responders.
This communication by the Agent/Server will require the endpoint communicating with theĀ Certificate Authority (CA).
The URL and Port combination required for this communication is determined by the CA and specified in theĀ CRL Distribution Point.