Configure endpoint protection software to allow EAA Client traffic

The EAA Client software installed on the user's machine needs to communicate with the Enterprise Application Access (EAA) Management Portal. Endpoint protection software can block this communication. If you have any endpoint protection software installed on your machine, like Symantec Cloud Endpoint Protection you will need to:
  • Whitelist EAA Client executables.
  • Create bypasses for the firewall
  • Configure your endpoint protection software
  • Allow certain IPs to ensure connectivity to EAA connectors.

Whitelist EAA Client executables

If your machine has any endpoint protection software installed, you will need to allow these EAA Client executables based on your operating system.

For a Windows 7 or Windows 10 OS machine, if EAA Client software is installed under C:\Program Files\EAAClient\ directory, then allow:
  • C:\Program Files\EAAClient\EAAClient.exe
  • C:\Program Files\EAAClient\resources\elevate.exe
  • ‪C:\Program Files\EAAClient\wapptunneld.exe
  • C:\Program Files\EAAClient\winhttp.exe
  • C:\Program Files\EAAClient\autoupdate-windows.exe
  • C:\Program Files\EAAClient\uninstall.exe
  • ‪C:\Program Files\EAAClient\wapprun.exe
  • ‪C:\Program Files\EAAClient\wapprestart.bat
  • C:\Program Files\EAAClient\wappdelclientexe.bat
  • C:\Program Files\EAAClient\wapphide.vbs
  • ‪C:\Program Files\EAAClient\wapprun.bat
  • ‪C:\Program Files\EAAClient\wappstart.bat

Otherwise, the path for these executables will change based on your installation directory.

For a macOS machine, allow:
  • /opt/wapp/bin/eaacUininstall
  • /opt/wapp/bin/wapptunneld
  • /Applications/EAAClient.app/Contents/MacOS/EAAClient

Create bypass rules for firewall

A firewall can block traffic to and from your machine. You can configure bypass rules to allow communication between the EAA Client and the EAA Management Portal. Set up these rules in your firewall:
Inbound or Outbound Source or Destination Protocol/Port
Outbound * TCP/443
Outbound * UDP/53
Inbound 127.50.100.1 TCP/9078
Inbound 100.64.0.1 UDP/53

Configure Symantec EndPoint Protection

Here is an example of the rules setting for Symantec Cloud Endpoint Protection software to let the EAA Client communicate with the EAA Management Portal.

Symantec Cloud EndPoint screen


Allow certain service IPs to ensure connectivity to EAA connectors

To have proper connectivity from EAA Cloud to the connector, the EAA IT administrator should allow certain IPs please contact support for further assistance.