Why are Ivanti Workspace Control components connecting to internet?

Version 8


    Ivanti Workspace Control components are trying to connect to internet services at akamaitechnologies.com. When the Workspace Control processes are stopped the traffic to these services also stops.

    The traffic looks similar as the example below;


    res.exe:6776TCPagent.domain.com:56239 a23-209-183-17.deploy.static.akamaitechnologies.com:httpSYN_SENT
    res.exe:6776TCPagent.domain.com:56241 a23-209-183-19.deploy.static.akamaitechnologies.com:httpSYN_SENT
    res.exe:10728TCPagent.domain.com:56249 ocsp.comodoca.com:httpSYN_SENT   
    res.exe:10728TCPagent.domain.com:56251 crl.comodoca.com:htpSYN_SENT



    Ivanti Workspace Control uses Windows components from the system folder in multiple executables. For certificate implementation/validation it relies on crypto libraries from the Microsoft operating system. Certificate Chain Validation and the Certificate Revocation List (RCL) queries performed by these libraries are validated against internet services. Microsoft hosts these services at Akamai Technologies.


    This behavior is NOT unique to Ivanti Workspace Control. Multiple vendors/products use these libraries and can display the same traffic. More information is available on the internet.



    This traffic should be allowed as this is crucial for Certificate Chain Validation and the Certificate Revocation List queries. Failing to do so can result in errors as reported in the knowledge-base articles below;


    Driver-related errors may occur after uninstalling older versions of RES ONE Workspace followed by a fresh installation of RES ONE Workspace 10.1 or higher

    Error: Failed to verify signature of file 'C:\Program Files (x86)\RES Software\Workspace Manager\pwrgrid.exe' (reported by res.exe) - Windows Event ID 0

    Error: Failed to verify signature of file 'c:\PROGRA~2\RESSOF~1\WORKSP~1\pfwsmgr.exe' (reported by res.exe) - Windows Event ID 109