Unknown access from ZSATunnel.exe

Hi

I checked EDR(Endpoint Detection and Response) logs and there were many connection logs that zsatunnel.exe access to many global IP address without zscaler IP range(https://ips.zscaler.net/sites/default/files/geoips/geoip.csv) .

Do you know the reason?
Because zsatunnel.exe access to internet instead of other process ??

ZSATunnel.exe is the process that creates all the tunnels. The list you have is the ZIA ranges, but there’s different ranges for ZPA, which may be what you are seeing.