You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close

24: Why does PolicyPak PPExtensionService.exe make a call out to DNS?

Problem:

Your production system or network monitoring tools are logging a lot of DNS queries for a decommissioned host.

In System Monitor (Sysmon) logs there are frequent Event Log entries of PPExtensionService.EXE that is querying that dead host computer’ FQDN.

Like in an example screenshot below.

Cause:

The cause of the problem is a PolicyPak Browser Router (PPBR) rule that has an Item-level Targeting (ILT) filter of the decommissioned host computer.

Resolution:

Correct the ILT condition or remove the filter that is in place for that computer.

  • 1176
  • 23-Dec-2021
  • 349 Views