# Exceptions List of Proxy Server
## Exclusions to be done in Endpoint Central Server
This document provides details on the domains accessed for downloading latest patch information, patches and software.
### Endpoint Central Domains
These websites will have the latest patch information along with the download URLs. During Patch DB sync, the Endpoint Central server accesses the following domains to download the necessary files for updating the customer database with the latest patch information.
| Domain URL | File Extensions |
|---|---|
| patchdb.manageengine.com
updates.manageengine.com
updates-us.manageengine.com | .sql, .xml, .xml.gz, .7z, .gz, .dll.gz, .json.gz, .zip, .json, .exe |
For log upload and troubleshooting, ensure that the following domains are reachable from the server:
- https://creator.zoho.com
- https://bonitas.zohocorp.com
- bonitas.zohocorp.eu (for EU region users)
- zstaticcontents.com (for Japan region users)
**Note:**
- If you are from the EU region, ensure that all three domains are configured.
- If you are not from the EU region, only the first two domains need to be configured.
### Patch and Software Domain Exclusions
For Red Hat Linux machines, the below given website must be given appropriate permissions for it to be accessible from the product server.
- https://access.redhat.com/ (below 11.3.2440 build)
- https://cdn.redhat.com/ (above 11.3.2440 build)
Similarly, for SUSE Linux machines, ensure that the following domains are reachable from the server.
- https://scc.suse.com/subscriptions
- https://updates.suse.com
For downloading WinPE tools and drivers, ensure that these domains are reachable from the server:
1. https://learn.microsoft.com/ - To download WinPE ADK tool
2. https://www.dell.com/ - To download WinPE drivers
3. https://ftp.hp.com/ - To download WinPE drivers
4. https://support.lenovo.com/ - To download WinPE drivers
Last updated on **May 07, 2026**
## Windows OS
| Sl. No. | Domain URL | Application Name | File Type |
|---|---|---|---|
| 1 | aka.ms | Microsoft Visual Studio Professional 2026, Microsoft Visual Studio Enterprise 2026, Microsoft Visual Studio Community 2026, Microsoft Visual Studio 2026 Professional | .exe |
| 2 | builds.dotnet.microsoft.com | Dot NET SDK (9.0), Dot NET SDK (8.0), Dot NET Hosting (8.0), ASP.NET Core Runtime (8.0), Dot NET Desktop Runtime (8.0), Dot NET Runtime (8.0), Dot NET Hosting (9.0), ASP.NET Core Runtime (9.0), Dot NET Desktop Runtime (9.0), Dot NET Runtime (9.0), Dot NET Hosting (10.0), ASP.NET Core Runtime (10.0), Dot NET Desktop Runtime (10.0), Dot NET Runtime (10.0), Dot NET SDK (10.0) | .exe |
| 3 | c2rsetup.officeapps.live.com | Microsoft Visual Studio Professional 2022, Microsoft Visual Studio Community 2022, Microsoft Visual Studio Enterprise 2022 | .aspx |
| 4 | catalog.s.download.windowsupdate.com | Windows OS and Drivers | .msu, .exe, .cab |
| 5 | catalog.sf.dl.delivery.mp.microsoft.com | Windows 11 Version 22H2 (arm64), Windows 11 Enterprise LTSC N, Windows 11 Version 26H1 (arm64), Windows Server 2025 Datacenter Azure Edition, Windows 11 Version 26H1, Windows 11 Enterprise Edition (arm64), Windows 11 Enterprise N, Windows 11 Version 23H2 (arm64), Windows 11 Enterprise LTSC, Windows Server 2025 Standard Edition (arm64), Windows 11 Professional Edition (arm64), Windows 11 Version 23H2, Windows 11 Version 25H2 (arm64), Windows 11 Version 24H2 (arm64), Windows 11 Version 22H2 | .msu |
| 6 | cdn.powershellgallery.com | Malicious Software Removal Tool | .nupkg |
| 7 | dl.dell.com | Dell Applications | .EXE |
| 8 | download.microsoft.com | .NET Framework, Microsoft 365, Microsoft Office, Microsoft SQL Server, Microsoft SharePoint, Microsoft Exchange Server, Microsoft Visual Studio, Microsoft Power BI, Microsoft Azure Tools, Microsoft Windows (XP-11), Microsoft Server, Internet Explorer (6-11), Microsoft ODBC & OLE DB Drivers, Remote Desktop Connection, Windows Admin Center, IIS, DirectX, Skype, OneNote, Outlook, PowerPoint, Visio, Word, Publisher, Active Directory, FSLogix, Windows Media Player | .EXE, .exe, .msu, .msp, .msi, .cab, .zip |
| 9 | download.sysinternals.com | Windows Sysinternals Sysmon | .zip |
| 10 | download.visualstudio.microsoft.com | .NET Framework, .NET Core, ASP.NET Core, .NET Runtime, .NET SDK, .NET Hosting, Visual Studio, Azure DevOps, Microsoft Build for OpenJDK, Visual C++ Redistributables, Team Foundation Server, Windows 7 Ultimate | .exe, .msi |
| 11 | download.windowsupdate.com | .NET Framework, Microsoft Office Proofing Tools, Microsoft Visual Studio, Windows Updates, Windows 10 (Enterprise, Professional, LTSB), Windows 8/8.1 (Enterprise), Windows 7 Ultimate, Windows XP (Professional, Embedded), Windows Vista Business, Windows Server (2003, 2008, 2012, 2016, 2019 - Various Editions), Microsoft Word | .msu, .exe, .cab |
| 12 | gbl.his.arc.azure.com | Azure Connected Machine Agent | .msi |
| 13 | github.com/microsoft/PowerToys/releases/download/* | PowerToys | .exe |
| 14 | intstreamreleases.z22.web.core.windows.net | Remote Desktop WebRTC Redirector Service | .msi |
| 15 | msedge.sf.dl.delivery.mp.microsoft.com | Microsoft Edge for Business, Windows Server 2012 R2 Server Standard (evaluation installation) Edition, Microsoft Edge for Business (ARM64), Microsoft WebView2 Runtime | .msi, .exe |
| 16 | software-download.microsoft.com | Windows 10 Version 21H1, Windows 11 Enterprise N, Windows 10 Enterprise N, Windows 10 Version 21H2, Windows 11 Enterprise LTSC N, Windows 10 Version 22H2, Windows 11 Enterprise LTSC | .iso |
| 17 | statics.teams.cdn.office.net | Microsoft Teams (Machine Wide Installer) | .msi |
| 18 | www.download.windowsupdate.com/msdownload/update/* | Windows Server 2003, Web Edition | .exe |
| 19 | www.download.windowsupdate.com/msdownload/update/software/svpk/* | Windows Vista Enterprise Edition | .exe |
> **Note:** The Windows Third-Party, Mac OS, Mac Third-party, Linux, Windows Server, Windows Driver & BIOS, and Software Templates tables contain extensive domain listings. Due to their size, ensure all corresponding domains and file types from the original source are included in your proxy exceptions configuration as applicable to your environment.
## Exclusions to be made in Endpoint Central Agents and Distribution Server
The below file extensions must be excluded in the Endpoint Central Agent/Distribution Server for patch detection, deployment and other agent functionalities.
| Windows | Mac | Linux |
|---|---|---|
| .xml, .xml.gz, .gz, .7z, .Json, .zip, .Json.gz, .dll.gz, .exe, .exe.gz, .crt, .pem, .json, .properties, .xz, .tar, .tar.gz, .svg, .gif, .bin, .txt, .list, .ISO, .yaml.gz, .yml.gz, .repo, .bz2, .config, .conf, .manifest, .BAT, .VBS, .PY | .json, .plist, .properties, .xml, .py, .sh, .scpt, .pl, .command, .7z, .bz, .bz2, .gz, .pkg, .mpkg, .tar, .tar.gz, .xml.gz, .zip, .jpg, .gif, .png, .mobileconfig, .otf, .ttf | .json, .xml, .zip, .xz, .tar, .tar.gz, .gz, .bin, .py, .bz, .properties, .xml.gz, .repo, .sh, .bash, .ksh, .csh, .tcsh |
## Remote Control
### Domains
Exclude these Domains in the firewall and proxy settings:
- *.zoho.com
- *.zoho.eu
- *.zoho.in
- *.zoho.com.au
- *.zoho.com.cn
- *.zoho.jp
- *.zoho.uk
- *.zoho.sa
- *.zohocloud.ca
- *.zohomeeting.com
- *.zohomeeting.com.cn
- downloads.zohocdn.com.cn
- *.zohocdn.com.cn
- *.zohoassist.com.cn
- downloads.zohocdn.com
- *.zohocdn.com
- *.zohoassist.com
- gateway.zohoassist.com
### Ports
Allow the following ports in your firewall settings:
- TCP and WebSocket ports 443.
### Directories
Exclude the following directories from your firewall and anti-virus settings:
- 32 bit OS - %programfiles%/ZohoMeeting
- 64 bit OS - %programfiles(x86)%/ZohoMeeting
### Files to Whitelist in Antivirus (AV)
- agent.exe
- agent_ui.exe
- ZAFileTransfer.exe
- Connect.exe
- ZAService.exe
- Connect_V2.exe
- ZAAudioClient.exe
## Mobile Device Management
To manage all mobile devices from a centralized location, the following domains must be open. This will ensure that the product server will be able to reach the APN, FCM and WNS server.
### Allowed Only in the Server and Device
#### For iOS:
- https://gateway.push.apple.com
- https://api.push.apple.com
- https://itunes.apple.com:443
- http://itunes.apple.com:80
- https://deploy.apple.com
- https://vpp.itunes.apple.com
- albert.apple.com
- iprofiles.apple.com
- crl3.digicert.com
- crl4.digicert.com
- ocsp.digicert.com
- setup.icloud.com
- gateway.icloud.com
### Allowed in the Corporate Network Firewall
#### For Non-Samsung Devices:
- *.googleapis.com
- play.google.com
- android.com
- google-analytics.com
- googleusercontent.com
- gstatic.com
- *.gvt1.com
- *.gvt2.com
- *.gvt3.com
- *.ggpht.com
- dl.google.com
- dl-ssl.google.com
- androidclients.google.com
- gcm-http.googleapis.com
- gcm-xmpp.googleapis.com
- android.googleapis.com
- fcm.googleapis.com
- fcm-xmpp.googleapis.com
- pki.google.com
- clients1.google.com
- clients[2...6].google.com
- *.zoho.com:443
- *.zohoassist.com:443
- googleapis.com:443
- accounts.google.com:443
- notifications.google.com:443
- https://mdmdatabase.manageengine.com
#### For Samsung Knox Enrollment:
- *.samsungknox.com:443
- *.samsungknox.com:80
- *.secb2b.com:443
- *.secb2b.com:80
- https://eula.secb2b.com:80
- https://eula.secb2b.com:443
- https://umc-cdn.secb2b.com:80
- https://umc-cdn.secb2b.com:443
- https://dir-apis.samsungdm.com:443
- https://account.samsung.com:443
- https://us-kme.samsungknox.com
- https://us-kme.api.samsungknox.com
- https://us-kme.api.mssl.samsungknox.com
- https://us-kme-reseller.samsungknox.com
- https://mdmdatabase.manageengine.com
### Allowed Only in the Server
#### For All Platforms:
- https://patchdb.manageengine.com
- https://creator.zoho.com
- https://mdm.manageengine.com:443
#### For iOS:
- https://uclient-api.itunes.apple.com
- *.zohoassist.com:443
#### For Windows:
- https://login.live.com
- https://*.notify.windows.com
- https://*.wns.windows.com
- https://*notify.live.net
#### For Non-Samsung Devices:
- *.googleapis.com
- *.zoho.com:443
- *.zohoassist.com:443
- googleapis.com:443
- accounts.google.com:443
### Allowed Only in the Device
#### For iOS:
- https://ax.init.itunes.apple.com
- https://ppq.apple.com
- http://is2.mzstatic.com
- ocsp.apple.com
- https://buy.itunes.apple.com/
#### For Non-Samsung Devices:
- https://www.google.com
- mtalk.google.com:5228
- mtalk.google.com:5229
- mtalk.google.com:5230
- android.clients.google.com:443
#### For Samsung Devices:
**China-only:**
- https://china-gslb.secb2b.com.cn:443
- https://china-elm.secb2b.com.cn:443
- https://china-knox.secb2b.com.cn:443
- https://china-b2c-klm.secb2b.com.cn:443
- https://china-prod-klm.secb2b.com.cn:443
**United States of America-only:**
- https://gslb.secb2b.com:443
- https://gsl.samsunggsl.com:443
- https://us-prod-klm-b2c.secb2b.com:443
- https://us-prod-klm.secb2b.com:443
- https://usprod-knoxlog.secb2b.com
- https://us-elm.secb2b.com:443
- https://us-knox.secb2b.com:443
- https://us-b2c-klm.secb2b.com:443
**All Other Countries:**
- https://gslb.secb2b.com:443
- https://gsl.samsunggsl.com:443
- https://eu-elm.secb2b.com:443
- https://eu-knox.secb2b.com:443
- https://eu-prod-klm-b2c.secb2b.com:443
- https://eu-prod-klm.secb2b.com:443
## Browser Security
### List of domains to be added in the exceptions list for the browser security module
1. **For downloading Firefox extensions:**
- https://addons.mozilla.org/firefox/downloads/*
2. **For downloading Edge extensions:**
- https://microsoftedge.microsoft.com/addons/getproductdetailsbycrxid/*
- https://microsoftedge.microsoft.com/insider-addons/getproductdetails/*
- http://store-images.s-microsoft.com/
3. **For downloading Chrome extensions:**
- https://clients2.google.com/*
- https://clients2.googleusercontent.com/*
4. **If the Browser Security Plus extension is enabled in the agent settings, include the domain mentioned below:**
- https://downloads.zohocdn.com/bsp-desktop/*
For log upload and troubleshooting, ensure that the following domains are reachable from the server:
1. https://creator.zoho.com
2. https://bonitas.zohocorp.com
3. bonitas.zohocorp.eu (for EU region users)