From looking at my EDR tool logs I have noticed the zscalertunnel process (on macOS) is connecting to some unusual IPs in other countries. Could anyone explain why this might be happening?
My expectation is that the zscalertunnel process should make connections to Zscaler IP ranges (e.g. those at https://ips.zscaler.net) and nothing else. Are there conditions when this is not true?