I'm finding my notebook running Windows 10 with Pulse Secure Client 9.1.3 tries to access some REST APIs on my Pulse Connect Secure's internal interface but I haven't initiated any connection. The Pulse Secure client is just idle. It looks like cav.exe is responsible.
What is cav.exe trying to do?
I'm also see that behaviour last week analysing logs from an user.
Adding some more information: our external private IP is not publish no where else besides PCS configuration and in our LB. All our users only see/communicate with the public facing IP from LB for the PCS cluster.
What are CAV Policies?
Why they are fetched in an external IP which users do not have access?