App Control: Why Are Agents Reaching Out to Online Network Locations?
App Control Agent: All Supported Versions
App Control Server: All Supported Versions
Why does App Control randomly reach out to online network locations?
The Agent is designed to utilize the Windows Cryptographic API to validate certificates used to sign files.
Regardless of whether Agent-based certificate revocation checks are enabled, the App Control Server validates certificates in its inventory on a recurring basis to make sure they have not been revoked. This validation generally occurs on a weekly basis and involves downloading Certificate Revocation Lists (CRLs) from Registration Authorities, or making Online Certificate Status Protocol (OCSP) calls to OCSP responders.
This communication by the Agent/Server will require the endpoint communicating with the Certificate Authority (CA).
The URL and Port combination required for this communication is determined by the CA and specified in the CRL Distribution Point.