Communication ports used by Endpoint Protection

Issue/Introduction:

 

This article describes the communication ports, protocols, and processes used by Symantec Endpoint Protection (SEP) clients and the Symantec Endpoint Protection Manager (SEPM).

 

Resolution:

 

Communications Ports and Protocols

Port NumberPort TypeInitiated ByListening ProcessDescription
8014 / 80TCPSEP clientshttpd.exe (Apache)
svchost.exe (IIS)
Communication between the SEPM and SEP clients and Enforcers.
(8014 in MR3 and later builds, 80 in older).
SEP 12 uses Apache. SEP 11 uses IIS.
443TCPSEP clientssvchost.exe (IIS)
httpd.exe (Apache)
Optional secured HTTPS communication between a SEPM and SEP clients and Enforcers.
1100TCPAjaxSwingSemSvc.exe (Tomcat)Tells AjaxSwing on which port to run RMI Registry. (SEP 12.1)
1433TCPSEPMsqlserver.exeCommunication between a SEPM and a Microsoft SQL Database Server if they reside on separate computers.
1812UDPEnforcer12: httpd.exe (Apache)
11: w3wp.exe
RADIUS communication between a SEPM and Enforcers for authenticating unique ID information with the Enforcer.
2638TCPSEPM12.1: dbsrv11.exe
11: dbsrv9.exe
Communication between the embedded database and the SEPM.
2967TCPSEP clientsSmc.exeThe Group Update Provider (GUP) proxy functionality of SEP client listens on this port.
8765 / 8005TCPSEPMSemSvc.exeThis is the Tomcat Shutdown port.
In SEP 12, port 8765 is used.
In SEP 11, the SEPM listens on the Tomcat default port of 8005, except for RU7, which uses 8765.
8045TCPSEPMSemSvc.exeIn SEP 11 RU6, SEPM, the registry is started by the Tomcat servlet container. CreamTec's AjaxSwing uses the existing registry to communicate with its client agents that run in standalone mode
8443TCPRemote Java or
Web Console
SemSvc.exeHTTPS communication between a remote management console and the SEPM. All login information and administrative communication takes place using this secure port.
8444TCPSymantec Protection Center (SPC) 2SemSvc.exeThis is the SEPM web services port. SPC 2 makes Data Feed and Workflow requests to SEPM over this port.
8445TCPReporting Consolehttpd.exe (Apache)Added in SEP 12.1. HTTPS reporting console.
8447TCPProcess Launchersemlaunchsrv.exeAdded in SEP 12.1.5. Only at local host's request, this service virtual account launches processes that require higher privileges so that other SEPM services do not require them.
9090TCPRemote Web ConsoleSemSvc.exeInitial HTTP communication between a remote management console and the SEPM (to display the login screen only).
39999UDPEnforcerSNAC.exe (Windows SNAC)
CClientCtl.exe (Windows ODC)
SNAC (Mac SNAC/ODC)
Communication between the SEP clients and the Enforcer. This port is used for authentication of clients by the Enforcer.
  • SEP 12.1 - The SEPM uses the Apache web server on the ports seen in the table above.
  • SEP 11 - The SEPM uses two web servers: Internet Information Services (IIS) and Tomcat (Apache Tomcat). IIS uses port 80 (or 8014) and 443; Tomcat uses port 9090 and 8443. The communication between IIS and Tomcat use the HTTP protocol. IIS uses port 9090 to talk to Tomcat, and Tomcat uses port 80 to talk to IIS.

Client-Server Communication

For IIS, SEP uses HTTP or HTTPS between the clients or Enforcers and the server. For the client server communication it uses port 8014 (or 80) and 443 by default. In addition, the Enforcers use RADIUS to communicate in real time with the SEPM for client authentication. This communication is done on UDP port 1812.

Push Deployment

Management servers and clients use TCP 139 and 445, UDP 137 and 138, and TCP ephemeral ports for push deployment. As of SEP 12.1.5, TCP 22 is used for push deployment of Mac clients.

Remote Console

  • 9090 - used by the remote console to download .jar files and display the help pages.
  • 8443 - used by the remote console to communicate with SEPM and the replication partners to replicate data.
  • 8444 - used by the SPC 2 remote console to make Data Feed and Workflow requests.
  • 8445 - used by SEPM for reporting data, and returns report data to SPC 2 over this port.

Client-Enforcer Authentication

The clients communicate with the Enforcer using a proprietary communication protocol. This communication uses a challenge-response to authenticate the clients. The default port for this is UDP 39,999.

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值