logo

Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Agent or Sensor is Connecting to Seemingly External/Random IP Addresses

Agent or Sensor is Connecting to Seemingly External/Random IP Addresses

Issue
The Carbon Black Protection Agent (formally Bit9) or the Carbon Black Response Sensor (formally Cb) appears to be connecting to external/random IP addresses

Symptoms
You may notice, if you have a personal firewall installed, that the Parity agent appears to be connecting to external IP addresses. 

Cause
This is normal behavior related to the use of Microsoft's cryptographic API.

Solution
When the cryptographic API is used, it attempts to connect to Microsoft servers to download information on updated root certificates. Consequently, when the Cb Protection agent or Cb Response sensor use the cryptographic API, it may connect out to seemingly random addresses. These addresses are actually servers that supply certificate updates. If you use Windows Update to update the root certificates when new ones are available (via WSUS or directly), then it is less likely you will exhibit this behavior.

Internal Notes

Internal Notes [Parity agent is connecting to seemingly external/random IP addresses]

Labels (2)
Labels:
Was this article helpful? Yes No
No ratings
Article Information
Author:
jnaiga
Creation Date:
‎12-09-2015
Views:
1281
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.