IP Address for Firewall

  • 25 August 2016
  • 6 replies

Userlevel 2
Badge +9
Beginning this morning, our SonicWall gateway antivirus has started blocking the endpoint upgrade to - clearly a false positive signature in the SonicWall AV database.
What are the IP address ranges for the Business Endpoint Protection service so that I can add them to my firewall exclude list?

6 replies

Userlevel 4
Please allow Webroot’s path masks through the firewall, listed below:
Agent communication and updates
(Please note: Some firewalls do not support double dotted subdomain names with a single wildcard mask (i.e. g1.p4.webrootcloudav.com being represented by *.webrootcloudav.com) so some environments might require either *.p4.webrootcloudav.com or *.*.webrootcloudav.com)
Agent messaging
Agent file downloading and uploading
Required for agent Web Filtering, elasticbeanstalk is an amazon AWS domain
Management portal and support ticket logs upload
If you require further assistance or have any questions, please send us a reply.
Thank you,
Webroot SecureAnywhere Business Support
Userlevel 7
Badge +28
Is the *.s3.amazonaws.com address a generic Amazon AWS address or is it specific to Webroot. I ask because if it's a generic address then Webroot telling it's customers to allow traffic thru from that address is putting them at risk. If it's generic then anyone on the AWS service could be using it including someone who is sending malicious traffic. If we put a rule in our firewalls that the address is safe and it's generic then we are opening our networks up to who knows what.
Users reading this don't freak out. If Webroot owns it then we are safe. Let them respond before freaking out. I'm asking because it looks generic and I can't tell, where as the others look like they are owned by webroot.
Userlevel 7
Badge +56
It's not specific to Webroot, but only the agent needs to talk to s3 so you could potentially only allow the Webroot client to talk to it if you're concerned.
In my experience with Sonicwall and false positives, they generally resolve the issue the same day the false positive starts appearing. If you did set firewall rules to allow this update, you can remove them now. Mine is updated to v9.0.12.52 now without making any firewall changes.
I know this is an older post, but it is still relevant to me.
I have a couple of servers that I am cutting off ALL traffic to/from, however I want to allow traffic from specific sources like Webroot so that the A/V can get updated.
Are the addresses in this post still relevant or have they changed? 
thanks in advance!
Userlevel 7
Badge +35
For proper communication, Webroot requires the following URLs and ports be accessible through any firewall or network access layer.
NOTE: Some firewalls do not support double dotted subdomain names with a single wildcard mask (i.e. g1.p4.webrootcloudav.com being represented by *.webrootcloudav.com). In these cases, you will need to use* .p4.webrootcloudav.com or *.*.webrootcloudav.com.
80 and 443 – used by the agent to communicate with the Webroot®️ Platform and your management console. These communications are encrypted using a proprietary form of obfuscation.
Agent communication and updates
Agent messaging
Management portal and support ticket logs upload
Agent file downloading and uploading
Web Filtering (elasticbeanstalk is an Amazon AWS domain)

Should you have additional questions, please open a support ticket.