This article describes the communication ports, protocols, and processes used by Symantec Endpoint Protection (SEP) clients and the Symantec Endpoint Protection Manager (SEPM).
|Port Number||Port Type||Initiated By||Listening Process||Description|
|8014 / 80||TCP||SEP clients||httpd.exe (Apache)||Communication between the SEPM and SEP clients.|
|443||TCP||SEP clients||httpd.exe (Apache)||Optional secured HTTPS communication between a SEPM and SEP clients.|
|1100||TCP||AjaxSwing||SemSvc.exe (Tomcat)||Tells AjaxSwing on which port to run RMI Registry. (SEP 12.1)|
|1433||TCP||SEPM||sqlserver.exe||Communication between a SEPM and a Microsoft SQL Database Server if they reside on separate computers.|
|2638||TCP||SEPM||dbsrv11.exe||Communication between the embedded database and the SEPM.|
|2967||TCP||SEP clients||Smc.exe||The Group Update Provider (GUP) proxy functionality of SEP client listens on this port.|
|8765 / 8005||TCP||SEPM||SemSvc.exe||This is the Tomcat Shutdown port.
In SEP 12, port 8765 is used.
|8045||TCP||SEPM||SemSvc.exe||In SEPM, the registry is started by the Tomcat servlet container. CreamTec's AjaxSwing uses the existing registry to communicate with its client agents that run in standalone mode|
|8443||TCP||Remote Java or
|SemSvc.exe||HTTPS communication between a remote management console and the SEPM. All login information and administrative communication takes place using this secure port.|
|8444||TCP||Symantec Protection Center (SPC) 2||SemSvc.exe||This is the SEPM web services port. SPC 2 makes Data Feed and Workflow requests to SEPM over this port.|
|8445||TCP||Reporting Console||httpd.exe (Apache)||Added in SEP 12.1. HTTPS reporting console.|
|8447||TCP||Process Launcher||semlaunchsrv.exe||Added in SEP 12.1.5. Only at local host's request, this service virtual account launches processes that require higher privileges so that other SEPM services do not require them.|
|9090||TCP||Remote Web Console||SemSvc.exe||Initial HTTP communication between a remote management console and the SEPM (to display the login screen only).|
SEP uses HTTP or HTTPS between the clients and the server. For the client server communication it uses port 8014 (or 80) and 443 by default.
Management servers and clients use TCP 139 and 445, UDP 137 and 138, and TCP ephemeral ports for push deployment. As of SEP 12.1.5, TCP 22 is used for push deployment of Mac clients.