You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.

24: Why does PolicyPak PPExtensionService.exe make a call out to DNS?


Your production system or network monitoring tools are logging a lot of DNS queries for a decommissioned host.

In System Monitor (Sysmon) logs there are frequent Event Log entries of PPExtensionService.EXE that is querying that dead host computer’ FQDN.

Like in an example screenshot below.


The cause of the problem is a PolicyPak Browser Router (PPBR) rule that has an Item-level Targeting (ILT) filter of the decommissioned host computer.


Correct the ILT condition or remove the filter that is in place for that computer.

  • 1176
  • 23-Dec-2021