The best way is to uninstall Webroot. If you read the various forums, this software is junk and is actually considered to be a form of spyware by some. No way would I allow that on any of my or my client workstations or servers. John T From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Rob Moore Sent: Friday, August 10, 2007 12:01 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Best way to publish Webroot Spysweeper server Hello all- Using ISA 2006 Standard Edition. I have a question about getting updates to my Webroot Spysweeper server. It may help if you've actually done this yourself, as the instructions are confusing. Apparently when my Spysweeper server looks for updates it goes out to the Webroot server (enterprise.webroot.com) over port 443 to check for updates. If there are updates available, they are delivered over random high-numbered ports. Here's what one bit of Webroot documentation says: "To allow the Webroot Admin Console to download updates through an ISA server, the ISA server must be set to allow INBOUND HTTPS traffic over ANY port from the Webroot update servers. While the Admin Console makes a connection outbound over port 443, the return reply and subsequent data is downloaded over a random high-numbered port. The Webroot update servers can be specified in the ISA/proxy server rules by server name which is enterprise.webroot.com, or by IP address. Be aware that the IP address for the Webroot Update servers may change periodically and can be obtained by using a dns lookup command or by pinging enterprise.webroot.com." In another bit of documentation it says they are delivered over port 50003. In either case, I'm not sure how to handle this. I'm not exactly publishing a server. How do I set this up to allow outbound traffic on one port (actually, all my computers are allowed outbound traffic on port 443) and return traffic over either "random high-numbered ports" or port 50003 (depending on which is correct)? Sorry if this is a basic question, but it's not something I've done before. Any help would be appreciated. Thanks, Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Rob Moore Network Manager 215-241-7870 Help Desk: 800-500-AFSC