Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: Why Are Agents Reaching Out to Online Network Locations?

App Control: Why Are Agents Reaching Out to Online Network Locations?

Environment

  • App Control Agent: All Supported Versions
  • App Control Server: All Supported Versions

Question

Why does App Control randomly reach out to online network locations?

Answer

  • The Agent is designed to utilize the Windows Cryptographic API to validate certificates used to sign files.
  • Regardless of whether Agent-based certificate revocation checks are enabled, the App Control Server validates certificates in its inventory on a recurring basis to make sure they have not been revoked. This validation generally occurs on a weekly basis and involves downloading Certificate Revocation Lists (CRLs) from Registration Authorities, or making Online Certificate Status Protocol (OCSP) calls to OCSP responders.
  • This communication by the Agent/Server will require the endpoint communicating with the Certificate Authority (CA).
  • The URL and Port combination required for this communication is determined by the CA and specified in the CRL Distribution Point.

Additional Notes


Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎09-09-2020
Views:
293
Contributors