# Domains for Agent Communication This document provides the list of approved domains and IP addresses which are required for seamless agent-server communication. ## Regions - US Data center (.com) - EU Data center (.eu) - AU Data center (.com.au) - IN Data center (.in) - JP Data center (.jp) - CN Data center (.cn) - CA Data center (.ca) - UK Data center (.uk) - SA Data center (.sa) - AE Data center (.ae) --- # US Data Center (.com) This document provides the list of approved domains and IP addresses which are required for seamless agent-server communication. - [Domain Whitelist](#us-domain-whitelist) - [IP Whitelist](#us-ip-whitelist) ## US Domain Whitelist Communication across remote offices is possible in the following ways: - Endpoint Central domains to be excluded in Roaming agent - Endpoint Central domains that should be whitelisted in the domain itself - Domains to be whitelisted in agents under the Distribution Server ### Endpoint Central domains to be excluded in Roaming agent Roaming users directly contact the cloud server. Therefore, the roaming agents should connect to: #### desktopcentral.manageengine.com This is the server URL used by roaming agents to update task status. [Check Domain](https://desktopcentral.manageengine.com/) #### (endpointcentral-agent)(p)?[0-9]{1,2}\.manageengine\.com If regex-based whitelisting is not supported, whitelist the following domains: - **endpointcentral-agent0.manageengine.com** [Check Domain](https://endpointcentral-agent0.manageengine.com/) - **endpointcentral-agent1.manageengine.com** [Check Domain](https://endpointcentral-agent1.manageengine.com/) - **endpointcentral-agent2.manageengine.com** [Check Domain](https://endpointcentral-agent2.manageengine.com/) - **endpointcentral-agent3.manageengine.com** [Check Domain](https://endpointcentral-agent3.manageengine.com/) - **endpointcentral-agent4.manageengine.com** [Check Domain](https://endpointcentral-agent4.manageengine.com/) - **endpointcentral-agent5.manageengine.com** [Check Domain](https://endpointcentral-agent5.manageengine.com/) - **endpointcentral-agent6.manageengine.com** [Check Domain](https://endpointcentral-agent6.manageengine.com/) - **endpointcentral-agent7.manageengine.com** [Check Domain](https://endpointcentral-agent7.manageengine.com/) - **endpointcentral-agent8.manageengine.com** [Check Domain](https://endpointcentral-agent8.manageengine.com/) - **endpointcentral-agent9.manageengine.com** [Check Domain](https://endpointcentral-agent9.manageengine.com/) - **endpointcentral-agentp1.manageengine.com** [Check Domain](https://endpointcentral-agentp1.manageengine.com/) - **endpointcentral-agentp2.manageengine.com** [Check Domain](https://endpointcentral-agentp2.manageengine.com/) - **endpointcentral-agentp3.manageengine.com** [Check Domain](https://endpointcentral-agentp3.manageengine.com/) - **endpointcentral-agentp5.manageengine.com** [Check Domain](https://endpointcentral-agentp5.manageengine.com/) - **endpointcentral-agentp18.manageengine.com** [Check Domain](https://endpointcentral-agentp18.manageengine.com/) #### patchdb.manageengine.com Used to retrieve latest patch information and download URLs. [Check Domain](https://patchdb.manageengine.com/) #### bonitas.zohocorp.com Used to upload logs for troubleshooting. [Check Domain](https://bonitas.zohocorp.com/) #### patchdatabase.manageengine.com Required to download dependent patches. [Check Domain](https://patchdatabase.manageengine.com/) #### us3-dms.zoho.com Used for on-demand operations. [Check Domain](https://us3-dms.zoho.com/) #### us4-dms.zoho.com Used for on-demand scan operations. [Check Domain](https://us4-dms.zoho.com/) #### download-accl.zoho.com Used to download manually uploaded packages. [Check Domain](https://download-accl.zoho.com/) #### downloads.zohocdn.com Used to download new agent binaries. [Check Domain](https://downloads.zohocdn.com/) #### files-me-accl.zoho.com Used to download files from server. [Check Domain](https://files-me-accl.zoho.com/) --- ## US IP Whitelist Add the following IP ranges to your whitelist: ### US Region Data Centre IPs - `204.141.42.0/23` - `136.143.190.0/23` - `136.143.186.0/23` - `136.143.189.0/24` - `204.141.32.0/23` - `136.143.182.0/23` - `136.143.180.0/23` - `136.143.185.0/24` ### Geo DNS Domains **It is strongly recommended to whitelist the domain instead of the IP address as these domains use GeoDNS.** To retrieve IP: ```bash nslookup ``` #### downloads.zohocdn.com ![US1](https://www.manageengine.com/products/desktop-central/help/images/US1.png) #### download-accl.zoho.com ![US1](https://www.manageengine.com/products/desktop-central/help/images/US2.png) #### files-me-accl.zoho.com ![US1](https://www.manageengine.com/products/desktop-central/help/images/US3.png) #### patchdb.manageengine.com ![US1](https://www.manageengine.com/products/desktop-central/help/images/US4.png) #### patchdatabase.manageengine.com ![US1](https://www.manageengine.com/products/desktop-central/help/images/US5.png) --- # Ports These ports must be enabled for communication between the agent and the server. | Port | Purpose | Type | Connection | |---|---|---|---| | 443 | For communication between the agent or distribution server and the Endpoint Central server. Source: Agent/Distribution Server Destination: Endpoint Central Server | HTTPS | Outbound from Agent/DS | | 443 | Notification server port for communicating on-demand operations. Source: Agent/Distribution Server Destination: Notification Server | WSS | Outbound from Agent/DS | | 8384 | Communication between remote agent and distribution server. Source: Agent Destination: Distribution Server | HTTPS | Inbound to Distribution Server; Outbound from Agent/DS | --- # Module Wise Configurations ## Patch Management Refer to [this page](https://www.manageengine.com/products/desktop-central/help/configuring_desktop_central/domains-required-for-patching.html) to know about domains required for patching. **Note:** If agents are managed through a Distribution Server, whitelist domains on the Distribution Server. If no Distribution Server is configured, apply exclusions directly on the agent. ### Exclusions (File Extensions) | Windows | Mac | Linux | |---|---|---| | .xml, .xml.gz, .gz, .7z, .Json, .zip, .Json.gz, .dll.gz, .exe, .exe.gz, .crt, .pem, .json, .properties, .xz, .tar, .tar.gz, .svg, .gif, .bin, .txt, .list, .ISO, .yaml.gz, .yml.gz, .repo, .bz2, .config, .conf, .manifest, .BAT, .VBS, .PY | .json, .plist, .properties, .xml, .py, .sh, .scpt, .pl, .command, .7z, .bz, .bz2, .gz, .pkg, .mpkg, .tar, .tar.gz, .xml.gz, .zip, .jpg, .gif, .png, .mobileconfig, .otf, .ttf | .json, .xml, .zip, .xz, .tar, .tar.gz, .gz, .bin, .py, .bz, .properties, .xml.gz, .repo, .sh, .bash, .ksh, .csh, .tcsh | --- ## Remote Control **Note:** Remote Control requires direct cloud communication. Domains must be whitelisted on the agent even if managed under a Distribution Server. ### Domains | Region | Domains to whitelist | |---|---| | Common (all regions) | *.zoho.com, *.zohomeeting.com, downloads.zohocdn.com, *.zohocdn.com, *.zohoassist.com, gateway.zohoassist.com | | Europe (EU) | *.zoho.eu | | India | *.zoho.in | | Australia (AU) | *.zoho.com.au | | Japan (JP) | *.zoho.jp | | United Kingdom (UK) | *.zoho.uk | | Saudi Arabia (SA) | *.zoho.sa | | Canada (CA) | *.zohocloud.ca | | China (CN) | *.zoho.com.cn, *.zohomeeting.com.cn, downloads.zohocdn.com.cn, *.zohocdn.com.cn, *.zohoassist.com.cn | ### Ports Allow TCP and WebSocket port: - 443 ### Directories Exclude from firewall and antivirus: - 32-bit OS: `%programfiles%/ZohoMeeting` - 64-bit OS: `%programfiles(x86)%/ZohoMeeting` ### Files to Whitelist in Antivirus | Executable to be whitelisted | Purpose | |---|---| | agent.exe | Manages session validation, communication, control, and screen sharing | | agent_ui.exe | Renders UI elements during remote sessions | | ZAFileTransfer.exe | Facilitates secure file transfer | | Connect.exe | Downloads/updates remote control components | | ZAService.exe | Configures services and elevates agent | | ZAAudioClient.exe | Streams remote audio | ---