Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: Why are Agents Reaching out to Online Network Locations?

App Control: Why are Agents Reaching out to Online Network Locations?

Environment

  • App Control Agent: All Versions (formerly CB Protection)

Question

Why are agents randomly reaching out to online network locations?

Answer

The agent is verifying certificates. As part of that verification it needs to check the revocation with the certificate provider.

Additional Notes

In order to confirm this is the root cause, enable CryptoAPI debugging.
To enable CryptoAPI 2.0 Diagnostics:
  1. Click Start, point to Administrative Tools, and then click Event Viewer.
  2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  3. In the console tree, expand Event Viewer, expand Applications and Services Logs, expand Microsoft, expand Windows, and then expand CAPI2.
  4. Right-click Operational, and then click Enable Log.
  5. To disable CryptoAPI 2.0 Diagnostics, right-click Operational, and then click Disable Log.

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎09-09-2020
Views:
257
Contributors