Question about http filtering

[kapela86 10]

I have a question about http(s) filtering. I have ESET File Security 7.1.12006.0 installed on RDS server.  I set it up so it blocks all http(s) connections "List of blocked addresses: *" and only allow specific hosts, for example "*.eset.com/*", "*.microsoft.com/*" etc.

I Noticed that ERAAgent.exe makes requests to different addresses in these ranges: 91.228.166.* and 91.228.167.*

Is this the desired behavior? If yes, can I somehow allow them safely? What I mean by that is, if I allow "91.228.166.*/*" then one could open "hxxp://91.228.166.somedomain.com" which is not good.

[Marcos 5,070]

A list of addresses that should be allowed on a firewall is available at

https://support.eset.com/kb332/#downloadupdates

Agent must be able to connect to update servers and ESMC repository. EFSW and other security products also to the other servers listed in KB.

[kapela86 10]

I saw this page and I have already allowed

*.e5.sk/*
*.eset.com/*
*.eset.eu/*

What is weird is that ERAAgent connects using IP address instead of DNS name. That's why I'm asking, is this the desired behavior? To me it looks like a "bug", because everywhere ESET uses DNS names to connect and only this one thing in ERAAgent uses IP address.