Agent or Sensor is Connecting to Seemingly External/Random IP Addresses
Issue The Carbon Black Protection Agent (formally Bit9) or the Carbon Black Response Sensor (formally Cb) appears to be connecting to external/random IP addresses
Symptoms You may notice, if you have a personal firewall installed, that the Parity agent appears to be connecting to external IP addresses.
Cause This is normal behavior related to the use of Microsoft's cryptographic API.
Solution When the cryptographic API is used, it attempts to connect to Microsoft servers to download information on updated root certificates. Consequently, when the Cb Protection agent or Cb Response sensor use the cryptographic API, it may connect out to seemingly random addresses. These addresses are actually servers that supply certificate updates. If you use Windows Update to update the root certificates when new ones are available (via WSUS or directly), then it is less likely you will exhibit this behavior.