[v3.2.28.1] [Question] Installer attempts to establish TCP connection with foreign address...

[an-eternity]

Issue: v3.2.28.1 installer attempts to establish TCP connection with 93.184.220.29:80 (crl4.digicert.com) and to send/receive some data to/from it. Questions:

1. What is this necessary for?
2. Is there any urgent need/reason to do this?
3. Is it possible to make further versions free of this behavior?

Our development team has concerns about this installer, for this reason we can not yet update our projects from v3.2.24.2 to v3.2.28.1 unless the latter is proven to be safe. Version v3.2.24.2 didn't have this problem.

[wiresock]

Hmm, interesting... Installer has not changed for a long time, so definitely this is not something added for the purpose. However, the installer is signed with DigiCert certificate, so I suspect that this could be newly added Windows feature to verify the validity of signature within the certificate vendor (e.g. if certificate was not recalled).

P.S. If you are using the driver for the commercial purposes it is recommended to obtain the custom driver build. Please check the post below:

https://www.ntkernel.com/failed-to-install-winpkfilter-ndis-lwf-driver-with-error-0x800700b7-or-critical-value-of-proper-driver-customization/

Besides the driver build we also provide the WiX Toolset project so that you could build your own MSI installer.

[an-eternity]

It seems, this explanation about certificate validity verification is correct.

According to the logs, it sends 2 "GET" requests to the host "ocsp.digicert.com", and receives 2 packets with encrypted data of 471 bytes length. Once this is done, then on the further runs it doesn't attempt to establish connection anymore. And until connection is allowed and the data received, it attempts to connect on every run.

Search about "ocsp.digicert.com" points out to "Online Certificate Status Protocol": https://www.digicert.com/kb/enabling-ocsp-stapling.htm

So, i think, this question now is answered.

===

We use the driver for both commercial and non-commercial purposes.

Custom driver build is used for the business project where it is installed on the servers (routing and firewall) and intended for use inside of the company only, security engineers keep everything under control there, so that no any issues may occur.

For freeware projects (home router/firewall, LAN over internet for gamers) we currently use publicly available driver. Since these projects are intended for users which therefore have to install the driver on their PC's, it is important to make sure the installer is safe to use, for this reason we check everything carefully on every update.