Endpoint firewall and networking requirements for the Endpoint Security agent

SECURITY   Service account or administrator-level rights on the target endpoint

This article describes the networking infrastructure required to enable successful communication between your monitored endpoints and the EDR cloud.

To learn about the files you'll need to allowlist in your infrastructure security policies, refer to Endpoint allowlisting and antivirus considerations for the Endpoint Security agent.

Index

General

  • For each agent deployed in your environment, bidirectional communication from TCP port 443 to the URL for your instance must be permitted.

Datto EDR and Datto AV allowlisting

Datto EDR and Datto AV subscribers will need to allowlist the following URLs in their security infrastructure:

URL Description
*.infocyte.com

Secured with TLS 1.2/1.3 (HTTPS); if you are on a network with SSL inspection or decryption, you might need to bypass decryption for the infocyte.com CNAME of your instance, along with dl.infocyte.com

dl.infocyte.com Amazon CloudFront; IP range can vary based on location; recommended for optimal performance
wss://servalot-prod.es.datto.net

Brokers communication with EDR cloud infrastructure; can alternatively allowlist *.es.datto.net

wss://servalot-prod.es.datto.net:3030

Required ports for communication with EDR cloud infrastructure

wss://servalot-prod.es.datto.net:3031
https://mcb1jewkpb.execute-api.us-east-2.amazonaws.com/

Amazon S3 webhosts for Datto EDR cloud infrastructure

 

 

 

 

 

 

https://rollbackinstallers.s3.us-east-2.amazonaws.com/
https://staging.rollbackcommands.s3.us-east-2.amazonaws.com/
https://s3.us-east-2.amazonaws.com
https://staging.rollback.log.s3.us-east-2.amazonaws.com/
https://rwdlogs.s3.us-east-2.amazonaws.com/
https://7j3e2hyns2.execute-api.us-east-2.amazonaws.com/
https://rbinstallers.s3.us-east-2.amazonaws.com
https://prod-rollbacklogs.s3.us-east-2.amazonaws.com/
https://s3.us-east-2.amazonaws.com/
https://prod-rollbackmetrics.s3.us-east-2.amazonaws.com/
https://rwdlogs.s3.us-west-2.amazonaws.com/

Datto AV allowlisting

Datto EDR + Datto AV and standalone Datto AV subscribers who are deploying the Endpoint Security agent will need to allowlist the following URLs in their local network. If URL or domain allowlisting is not possible, consider a proxy solution or integrate the device into a DMZ.

Datto AV running on macOS and Linux

URL Description
prod-auth.eu1.apc.avira.com

Required URLs for communication with Datto AV cloud infrastructure

prod-query.eu1.apc.avira.com
prod-upload.eu1.apc.avira.com
prod.tl.avira.com

Datto AV running on Windows

URL Description
query-api.eu1.apc.avira.com

Required URLs for communication with Datto AV cloud infrastructure

fpc-rest.tl.avira.com
v2.web-rep.auc.avira.com
download.avira.com
api.mixpanel.com

Geo-blocked regions

To protect the safety of all customers, we restrict inbound internet traffic from certain countries and regions where cyberattacks are known to originate. As a result, any user attempting to log in to Datto AV or Datto EDR from these locations, whether directly or through proxy servers or VPNs, will be denied access. This filtering applies globally to all Kaseya data centers and public cloud environments.

Currently, the following countries are geo-blocked:

  • Russia

  • China

  • Cuba

  • Iran

  • North Korea

  • Syria

We will continue to curate this list as the cybersecurity landscape evolves.