Skip to main content
Customer Support Customer Support
Answer

Webroot behing windows Firewall

  • July 24, 2020
  • 7 replies
  • 661 views
H
Fresh Face

we have very restrictive environment where we have windows firewall enabled for both inbound/outbound traffic. And as windows firewall uses IPs rather than DNS in order to allow/block traffic. so may i know the ip ranges for webroot servers so i can allow in windows firewall for inbound/outbound traffic?

Best answer by coscooper

@hassanali  - I’ll chime in and offer we do not have specific IP ranges due to the large array of servers servicing many aspects of the backend system(s) used by the agent and that they changes dynamically, so there is not static information regarding IPs, so technically, they do not exist in a way that can be used for firewall rules. They will change and are in the hundreds of thousands, so kind of pointless.

However, we do publish the URLs required to insure the agent works. Here’s that information.

 

Please allow for the following path masks outbound through the firewall:

*.webrootcloudav.com

Agent communication and updates

(Please note: Some firewalls do not support double dotted subdomain names with a single wildcard mask (i.e. g1.p4.webrootcloudav.com being represented by *.webrootcloudav.com) so some environments might require either *.p4.webrootcloudav.com or *.*.webrootcloudav.com)

 

*.webroot.com

Agent messaging

 

https://wrskynet.s3.amazonaws.com/*

https://wrskynet-eu.s3-eu-west-1.amazonaws.com/*

https://wrskynet-oregon.s3-us-west-2.amazonaws.com/*

Agent file downloading and uploading

 

*.webrootanywhere.com

Management portal and support ticket logs upload

 

 

WSAWebFilteringPortal.elasticbeanstalk.com

Web Threat Shield

 

 

7 replies

TripleHelix
Moderator
Forum|alt.badge.img+63
  • TripleHelix
  • Moderator
  • July 24, 2020

Hello @hassanali 

 

I will ping our Business experts and they will help you @coscooper and @JGiffard 

 

As you know WSA’s firewall works with Windows Firewall please see here: https://docs.webroot.com/us/en/home/wsa_pc_userguide/wsa_pc_userguide.htm#UsingFirewallWebShieldProtection/ManagingFirewalls.htm%3FTocPath%3DUsing%2520Firewall%2520%252F%2520Web%2520Shield%2520Protection%7C_____1

 

Managing Firewalls

The SecureAnywhere firewall monitors data traffic traveling out of your computer ports. It looks for untrusted processes that try to connect to the Internet and steal your personal information. It works with the Windows firewall, which monitors data traffic coming into your computer. With both the SecureAnywhere and Windows firewall turned on, your data has complete inbound and outbound protection.

You should not turn off either the Windows firewall or the SecureAnywhere firewall. If they are disabled, your system is open to many types of threats whenever you connect to the Internet or to a network. These firewalls can block malware, hacking attempts, and other online threats before they can cause damage to your system or compromise your security.

The SecureAnywhere firewall is preconfigured to filter traffic on your computer. It works in the background without disrupting your normal activities. If the firewall detects any unrecognized traffic, it opens an alert where you can block the traffic or allow it to proceed.

 

Also you may want to Submit a Support Ticket and ask them as well!

 

Thanks,

 

Daniel - Microsoft MVP Consumer Security (2012-2016) Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Windows 11 Pro x64 for Workstations on my Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Samsung Galaxy A16 5G OS 16.
ProTruckDriver
Ssherjj
TripleHelix
H
Fresh Face
  • hassanali
  • Author
  • Fresh Face
  • July 24, 2020

thanks. my question was not regarding WSA firewall, i specifically want to know the complete ip subnet ranges of wwwroot servers that are required to be allowed in windows firewall for inbound or outbound traffic. thanks

TripleHelix
Moderator
Forum|alt.badge.img+63
  • TripleHelix
  • Moderator
  • July 24, 2020

I don’t know if they will post that information on a Public forum so try the Ticket system and ask them: Webroot Customer Service

 

Or you can call the location closes to you: https://www.webroot.com/us/en/support/contact and https://www.webroot.com/us/en/about/contact-us

 

Thanks,

Daniel - Microsoft MVP Consumer Security (2012-2016) Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Windows 11 Pro x64 for Workstations on my Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Samsung Galaxy A16 5G OS 16.
ProTruckDriver
Ssherjj
TripleHelix
coscooper
Forum|alt.badge.img+26
  • coscooper
  • Manager, Channel Sales
  • Answer
  • July 24, 2020

@hassanali  - I’ll chime in and offer we do not have specific IP ranges due to the large array of servers servicing many aspects of the backend system(s) used by the agent and that they changes dynamically, so there is not static information regarding IPs, so technically, they do not exist in a way that can be used for firewall rules. They will change and are in the hundreds of thousands, so kind of pointless.

However, we do publish the URLs required to insure the agent works. Here’s that information.

 

Please allow for the following path masks outbound through the firewall:

*.webrootcloudav.com

Agent communication and updates

(Please note: Some firewalls do not support double dotted subdomain names with a single wildcard mask (i.e. g1.p4.webrootcloudav.com being represented by *.webrootcloudav.com) so some environments might require either *.p4.webrootcloudav.com or *.*.webrootcloudav.com)

 

*.webroot.com

Agent messaging

 

https://wrskynet.s3.amazonaws.com/*

https://wrskynet-eu.s3-eu-west-1.amazonaws.com/*

https://wrskynet-oregon.s3-us-west-2.amazonaws.com/*

Agent file downloading and uploading

 

*.webrootanywhere.com

Management portal and support ticket logs upload

 

 

WSAWebFilteringPortal.elasticbeanstalk.com

Web Threat Shield

 

 

Shane Cooper | Manager, Channels Sales (RMM & Strategic Partners)
ProTruckDriver
Ssherjj
TripleHelix
H
Fresh Face
  • hassanali
  • Author
  • Fresh Face
  • July 24, 2020

@coscooper thanks, but the issue is windows firewall only accept IP addresses / ranges.

Ssherjj
TripleHelix
coscooper
Forum|alt.badge.img+26
  • coscooper
  • Manager, Channel Sales
  • July 24, 2020

I’m not familiar enough with the nuances of Windows firewalls to provide direction as we typically work with customers using an edge firewall as local firewalls have limited central management capabilities.

That said, are you having issues with the Webroot agent? If so, the only suggestion I’ve heard is to add the Webroot application as allowed through private/public firewall settings. Our internal tests systems have Windows Firewalls enabled and the agent works fine without adding the application.

Windows 10 Pro:

 

As @TripleHelix stated, if there’s an actual problem, contact our business support team to get more in depth responses to specific issues.

Shane Cooper | Manager, Channels Sales (RMM & Strategic Partners)
Ssherjj
TripleHelix
H
Fresh Face
  • hassanali
  • Author
  • Fresh Face
  • July 25, 2020

there is no issue with agent. windows firewall has both inbound/outbound rule where we can allow/deny traffic on the basis of IP addresses.

 

 

Terms & ConditionsAccessibility statement