Beginning this morning, our SonicWall gateway antivirus has started blocking the endpoint upgrade to 9.0.11.70 - clearly a false positive signature in the SonicWall AV database.
What are the IP address ranges for the Business Endpoint Protection service so that I can add them to my firewall exclude list?
Page 1 / 1
Please allow Webroot’s path masks through the firewall, listed below:
*.webrootcloudav.com
Agent communication and updates
(Please note: Some firewalls do not support double dotted subdomain names with a single wildcard mask (i.e. g1.p4.webrootcloudav.com being represented by *.webrootcloudav.com) so some environments might require either *.p4.webrootcloudav.com or *.*.webrootcloudav.com)
*.webroot.com
Agent messaging
*.s3.amazonaws.com
Agent file downloading and uploading
WSAWebFilteringPortal.elasticbeanstalk.com
Required for agent Web Filtering, elasticbeanstalk is an amazon AWS domain
*.webrootanywhere.com
Management portal and support ticket logs upload
If you require further assistance or have any questions, please send us a reply.
Thank you,
Webroot SecureAnywhere Business Support
*.webrootcloudav.com
Agent communication and updates
(Please note: Some firewalls do not support double dotted subdomain names with a single wildcard mask (i.e. g1.p4.webrootcloudav.com being represented by *.webrootcloudav.com) so some environments might require either *.p4.webrootcloudav.com or *.*.webrootcloudav.com)
*.webroot.com
Agent messaging
*.s3.amazonaws.com
Agent file downloading and uploading
WSAWebFilteringPortal.elasticbeanstalk.com
Required for agent Web Filtering, elasticbeanstalk is an amazon AWS domain
*.webrootanywhere.com
Management portal and support ticket logs upload
If you require further assistance or have any questions, please send us a reply.
Thank you,
Webroot SecureAnywhere Business Support
Is the *.s3.amazonaws.com address a generic Amazon AWS address or is it specific to Webroot. I ask because if it's a generic address then Webroot telling it's customers to allow traffic thru from that address is putting them at risk. If it's generic then anyone on the AWS service could be using it including someone who is sending malicious traffic. If we put a rule in our firewalls that the address is safe and it's generic then we are opening our networks up to who knows what.
Users reading this don't freak out. If Webroot owns it then we are safe. Let them respond before freaking out. I'm asking because it looks generic and I can't tell, where as the others look like they are owned by webroot.
Users reading this don't freak out. If Webroot owns it then we are safe. Let them respond before freaking out. I'm asking because it looks generic and I can't tell, where as the others look like they are owned by webroot.
It's not specific to Webroot, but only the agent needs to talk to s3 so you could potentially only allow the Webroot client to talk to it if you're concerned.
In my experience with Sonicwall and false positives, they generally resolve the issue the same day the false positive starts appearing. If you did set firewall rules to allow this update, you can remove them now. Mine is updated to v9.0.12.52 now without making any firewall changes.
I know this is an older post, but it is still relevant to me.
I have a couple of servers that I am cutting off ALL traffic to/from, however I want to allow traffic from specific sources like Webroot so that the A/V can get updated.
Are the addresses in this post still relevant or have they changed?
thanks in advance!
Tim
I have a couple of servers that I am cutting off ALL traffic to/from, however I want to allow traffic from specific sources like Webroot so that the A/V can get updated.
Are the addresses in this post still relevant or have they changed?
thanks in advance!
Tim
For proper communication, Webroot requires the following URLs and ports be accessible through any firewall or network access layer.
NOTE: Some firewalls do not support double dotted subdomain names with a single wildcard mask (i.e. g1.p4.webrootcloudav.com being represented by *.webrootcloudav.com). In these cases, you will need to use* .p4.webrootcloudav.com or *.*.webrootcloudav.com.
Ports
-------
80 and 443 – used by the agent to communicate with the Webroot Platform and your management console. These communications are encrypted using a proprietary form of obfuscation.
URLs
------
Agent communication and updates
=============================
*.webrootcloudav.com
Agent messaging
==============
*.webroot.com
Management portal and support ticket logs upload
==========================================
*.webrootanywhere.com
Agent file downloading and uploading
===============================
wrskynet.s3.amazonaws.com/*
wrskynet-eu.s3-eu-west-1.amazonaws.com/*
wrskynet-oregon.s3-us-west-2.amazonaws.com/*
Web Filtering (elasticbeanstalk is an Amazon AWS domain)
================================================
WSAWebFilteringPortal.elasticbeanstalk.com
Should you have additional questions, please open a support ticket.
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.