Unknown access from ZSATunnel.exe


I checked EDR(Endpoint Detection and Response) logs and there were many connection logs that zsatunnel.exe access to many global IP address without zscaler IP range(https://ips.zscaler.net/sites/default/files/geoips/geoip.csv) .

Do you know the reason?
Because zsatunnel.exe access to internet instead of other process ??

ZSATunnel.exe is the process that creates all the tunnels. The list you have is the ZIA ranges, but thereโ€™s different ranges for ZPA, which may be what you are seeing.