So I’ve spent ages troubleshooting and debugging Symantec’s Endpoint Protection (SEP) version 11, MR4 – the first version that actually has a hope of working on a 64bit platform. After spending far too long configuring the various policies and tweaking various settings I was finally able to get the software installed via group policy on a testlab machine but the client would not checkin with the management server. The virus definitions were 4 months old BUT the client console was saying everything was ok. Lots of troubleshooting later and I stumbled across the definitions for the Management server – a setting that I had originally wanted to change anyway. In there I saw that the management server was listening on port 8014 and a quick telnet check from the client showed I was unable to connect. Disabling windows firewall (temporarily – this is on a testlab so the infection risk is minimal) allowed the client to check in with the server, change some settings in the console and update the virus definition dates. Finally I re-enabled the firewall, added an exception for TCP port 8014 and it all looks good, but I’ll wait to see what happens overnight for definition updates on the client. For future reference the list of communications ports for version 11 can be found at Symantecs website here or posted below in the extended entry.
| Solution: |
| Port Number |
Port Type |
Initiated by |
Listening Process |
Description |
| 80, 8014 |
TCP |
SEP Clients |
svchost.exe (IIS) |
Communication between the SEPM manager and SEP clients and Enforcers. (8014 in MR3 and later builds, 80 in older). |
| 443 |
TCP |
SEP Clients |
svchost.exe (IIS) |
Optional secured HTTPS communication between a SEPM manager and SEP clients and Enforcers. |
| 1433 |
TCP |
SEPM manager |
sqlservr.exe |
Communication between a SEPM manager and a Microsoft SQL Database Server if they reside on separate computers. |
| 1812 |
UDP |
Enforcer |
w3wp.exe |
RADIUS communication between a SEPM manager and Enforcers for authenticating unique ID information with the Enforcer. |
| 2638 |
TCP |
SEPM manager |
dbsrv9.exe |
Communication between the Embedded Database and the SEPM manager. |
| 8443 |
TCP |
Remote Java or web console |
SemSvc.exe |
HTTPS communication between a remote management console and the SEPM manager. All login information and administrative communication takes place using this secure port. |
| 9090 |
TCP |
Remote web console |
SemSvc.exe |
Initial HTTP communication between a remote management console and the SEPM manager (to display the login screen only). |
| 8005 |
TCP |
SEPM manager |
SemSvc.exe |
The SEPM manager listens on the Tomcat default port. |
| 39999 |
UDP |
Enforcer |
 |
Communication between the SEP Clients and the Enforcer. This is used to authenticate Clients by the Enforcer. |
| 2967 |
TCP |
SEP Clients |
Smc.exe |
The Group Update Provider (GUP) proxy functionality of SEP client listens on this port. |
|
