Jump to content
Welcome to our new Citrix community!
  • 0

CtxWebBrowser.exe calling Russia


SEPA IS

Question

Citrix Cloud Service: Premium Plus

Scope: This is affecting most of our on-prem machines with Workspace / VDA installed.

 

Question: CtxWebBrowser.exe is contacting Russia. Is this normal behaviour?

 

Based on recent NCSC info we made firewall changes to block traffic from on-prem to Russia.

 

Since then our firewalls have highlighted traffic on several machines running the CtxWebBrowser.exe service trying to open connections to 79.133.176.0/24 mostly .220 to .230.

See attachment 1

WHOIS reports the subnet is registered in Moscow, our firewalls are blocking it.

 

Its also trying many connections over the IP place. See attachment 2

 

Wireshark captures SYNs and retransmissions as it works its way through 20 or so addresses in the 79.133.176.0 range. 

See attachment 3

 

I've raised a support call but no response so far. Our security folk are getting nervous.

 

Any help would be greatly appreciated.

 

Mods: Wasn't sure where to place this question. If there is a more appropriate forum please move it.

1.jpg

2.jpg

3.jpg

Link to comment

2 answers to this question

Recommended Posts

  • 0

Received this from Citrix Support:

 

The answer to your query is that, we do connect to a few hosts. One is to retrieve the public IP for our watermark feature, other is the NGS and few other for other reasons.

Also, it seems like you are using the older CEF based browser as the exe name is CtxWebBrowser.exe. This browser support is deprecated. You can upgrade the CWA and start using new Citrix Workspace Browser.

 

 

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...