Communication ports used by Endpoint Protection

book

Article ID: 184204

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

This article describes the communication ports, protocols, and processes used by Symantec Endpoint Protection (SEP) clients and the Symantec Endpoint Protection Manager (SEPM).

Resolution

Communications Ports and Protocols

Port Number Port Type Initiated By Listening Process Description
8014 / 80 TCP SEP clients httpd.exe (Apache) Communication between the SEPM and SEP clients.
443 TCP SEP clients httpd.exe (Apache) Optional secured HTTPS communication between a SEPM and SEP clients.
1100 TCP AjaxSwing SemSvc.exe (Tomcat) Tells AjaxSwing on which port to run RMI Registry. (SEP 12.1)
1433 TCP SEPM sqlserver.exe Communication between a SEPM and a Microsoft SQL Database Server if they reside on separate computers.
2638 TCP SEPM dbsrv11.exe Communication between the embedded database and the SEPM.
2967 TCP SEP clients Smc.exe The Group Update Provider (GUP) proxy functionality of SEP client listens on this port.
8765 / 8005 TCP SEPM SemSvc.exe This is the Tomcat Shutdown port.
In SEP 12, port 8765 is used.
8045 TCP SEPM SemSvc.exe In SEPM, the registry is started by the Tomcat servlet container. CreamTec's AjaxSwing uses the existing registry to communicate with its client agents that run in standalone mode
8443 TCP Remote Java or
Web Console
SemSvc.exe HTTPS communication between a remote management console and the SEPM. All login information and administrative communication takes place using this secure port.
8444 TCP Symantec Protection Center (SPC) 2 SemSvc.exe This is the SEPM web services port. SPC 2 makes Data Feed and Workflow requests to SEPM over this port.
8445 TCP Reporting Console httpd.exe (Apache) Added in SEP 12.1. HTTPS reporting console.
8447 TCP Process Launcher semlaunchsrv.exe Added in SEP 12.1.5. Only at local host's request, this service virtual account launches processes that require higher privileges so that other SEPM services do not require them.
9090 TCP Remote Web Console SemSvc.exe Initial HTTP communication between a remote management console and the SEPM (to display the login screen only).

 

Client-Server Communication

SEP uses HTTP or HTTPS between the clients and the server. For the client server communication it uses port 8014 (or 80) and 443 by default.

Push Deployment

Management servers and clients use TCP 139 and 445, UDP 137 and 138, and TCP ephemeral ports for push deployment. As of SEP 12.1.5, TCP 22 is used for push deployment of Mac clients.

Remote Console

  • 9090 - used by the remote console to download .jar files and display the help pages.
  • 8443 - used by the remote console to communicate with SEPM and the replication partners to replicate data.
  • 8444 - used by the SPC 2 remote console to make Data Feed and Workflow requests.
  • 8445 - used by SEPM for reporting data, and returns report data to SPC 2 over this port.