Incompatibility Between Webroot and SonicWall CSE SPA

Symptoms

Users experience network connectivity issues, DNS resolution failures, or an inability to access internal resources when both Webroot and the SonicWall CSE Secure Private Access (SPA) client are active on the same endpoint.

Cause

This issue occurs due to a conflict in how DNS traffic is handled on the endpoint. Webroot utilizes a proprietary DNS proxy implementation for its web filtering and threat protection. This implementation intercepts DNS requests in a way that directly conflicts with the CSE SPA client's ability to accurately route and resolve private DNS requests, resulting in traffic drops or application timeouts.

Resolution

Currently, Webroot and CSE SPA cannot co-exist on the same endpoint due to these conflicting DNS proxy mechanisms.

To resolve the issue and maintain a secure endpoint posture, we recommend replacing Webroot with SonicWall Secure Internet Access (SIA). SIA provides comprehensive web security and threat protection that is natively integrated and fully compatible with CSE SPA.

Steps to Resolve:

1. Uninstall Webroot: Completely remove the Webroot agent from the affected endpoint(s) and reboot the machine to ensure all conflicting network filter drivers are cleared.

2. Deploy SIA: Install and configure SonicWall Secure Internet Access (SIA) to resume endpoint web security and DNS protection.

3. Verify Connectivity: Reconnect the CSE SPA client and verify that internal resources are now resolving and accessible.

Applies To

• SonicWall Cloud Secure Edge (CSE)

• CSE Secure Private Access (SPA) Windows / macOS clients

• Webroot Endpoint Security