So I’ve spent ages troubleshooting and debugging Symantec’s Endpoint Protection (SEP) version 11, MR4 – the first version that actually has a hope of working  on a 64bit platform.  After spending far too long configuring the various policies and tweaking various settings I was finally able to get the software installed via group policy on a testlab machine but the client would not checkin with the management server. The virus definitions were 4 months old BUT the client console was saying everything was ok. Lots of troubleshooting later and I stumbled across the definitions for the Management server – a setting that I had originally wanted to change anyway.  In there I saw that the management server was listening on port 8014 and a quick telnet check from the client showed I was unable to connect.  Disabling windows firewall (temporarily – this is on a testlab so the infection risk is minimal) allowed the client to check in with the server, change some settings in the console and update the virus definition dates. Finally I re-enabled the firewall, added an exception for TCP port 8014 and it all looks good, but I’ll wait to see what happens overnight for definition updates on the client.  For future reference the list of communications ports for version 11 can be found at Symantecs website here or posted below in the extended entry.