Communication ports for Symantec Endpoint Protection

HOWTO81103

Last Updated April 24, 2019

If the computers that run Symantec Endpoint Protection Manager and the Symantec Endpoint Protection client also run third-party firewall software or hardware, you must open certain ports. These ports are for remote deployment and for communication between the management server and clients. See your firewall product documentation for instructions to open ports or allow applications to use ports.

By default, the firewall component of Symantec Endpoint Protection already allows traffic on these ports.

Warning:

The firewall in the Symantec Endpoint Protection client is disabled by default at initial installation until the computer restarts. To ensure firewall protection, leave the Windows firewall enabled on the clients until the software is installed and the client is restarted. The Symantec Endpoint Protection client firewall automatically disables the Windows firewall when the computer restarts.

Table: Ports for client and server installation and communication

Protocol and port number	Used for	Listening process	Description	Applicable versions
TCP 139, 445 UDP 137, 138	Push deployment from Symantec Endpoint Protection Manager to Windows computers	svchost.exe	Initiated by Symantec Endpoint Protection Manager (clientremote.exe) Not configurable Also uses TCP ephemeral ports.	All
TCP 22	Push deployment from Symantec Endpoint Protection Manager to Mac computers	launchd	Initiated by Symantec Endpoint Protection Manager (clientremote.exe) Not configurable	All
TCP 2967	Group Update Provider (GUP) web-caching proxy functionality	ccSvcHst.exe (12.1.5 and later) Smc.exe (earlier than 12.1.5)	Initiated by Symantec Endpoint Protection clients Configurable	All
TCP 2968	WSS Traffic Redirection Client Authentication	ccSvcHst.exe	Initiated by Symantec Endpoint Protection clients Configurable	As of 14.2
TCP 2638	Communication between the embedded database and Symantec Endpoint Protection Manager	dbsrv16.exe	Initiated by Symantec Endpoint Protection Manager Configurable	All
TCP 1433	Communication between a remote SQL Server database and Symantec Endpoint Protection Manager	sqlserver.exe	Initiated by Symantec Endpoint Protection Manager Configurable The Symantec Endpoint Protection Manager management server also uses TCP ephemeral ports.	All
TCP 8443	Server communication (HTTPS)	SemSvc.exe	All logon information and administrative communication takes place using this secure port. Initiated by the Java-based remote console or web-based remote console, or by replication partners Configurable Symantec Endpoint Protection Manager listens on this port.	All
TCP 8444	Web services for Symantec Protection Center (SPC) 2.0	SemSvc.exe	This port is the Symantec Protection Center 2.0 web services port. Symantec Protection Center 2.0 makes Data Feed and Workflow requests to Symantec Endpoint Protection Manager over this port. Symantec Protection Center 2.0 is not supported for use with Symantec Endpoint Protection 14.x.	12.1.x
TCP 9090	Web console communication	SemSvc.exe	This port is used only for initial HTTP communication between the remote management console and Symantec Endpoint Protection Manager. This initial communication includes installation, and to display the logon screen only. Initiated by the remote Web console Configurable Also uses TCP ephemeral ports.	All
TCP 8014	Communication between Symantec Endpoint Protection Manager (HTTP) and the Symantec Endpoint Protection client	httpd.exe (Apache)	Initiated by Symantec Endpoint Protection clients Configurable Clients also use TCP ephemeral ports.	All
TCP 443	Communication between the Symantec Endpoint Protection Manager (HTTPS) and the Symantec Endpoint Protection client	httpd.exe (Apache)	Initiated by Symantec Endpoint Protection clients Configurable Optional for 12.1.x, but the default for new installations of 14.x Clients also use TCP ephemeral ports.	All
TCP 443	Communication between the Symantec Endpoint Protection Manager and the cloud console	prunsvr.exe	For information on which domains to add to the proxy bypass list for the cloud console, see: Proxy error messages appear in the Endpoint Protection Manager Cloud tab > Troubleshooting	As of 14.0.1
HTTPS 443	Communication between the Symantec Endpoint Protection roaming client and the cloud console	None	Managed clients that have intermittent communication with Symantec Endpoint Protection Manager upload their critical events directly to the cloud console. Symantec Endpoint Protection Manager must be enrolled with the cloud console. See Monitoring roaming Symantec Endpoint Protection clients from the cloud console.	As of 14.2
HTTP 8081 HTTPS 8082	Communication between Symantec Endpoint Protection Manager and the Content Analysis server appliance	Symantec Endpoint Protection Manager	The management server uses this port to communicate with the Content Analysis server or the Malware Analysis Appliance.	As of 14.2
TCP 8445	Used by the remote reporting console	httpd.exe (Apache)	Initiated by the reporting console Configurable	All
TCP 8446	Web services	semapisrv.exe (14.x) SemSvc.exe (12.1.x)	Remote management applications use this port to send web services traffic over HTTPS. Initiated by Remote Monitoring and Management (RMM) and by EDR Configurable Used for Java Remote Console (as of version 14.0.1)	All
TCP 8447	Process launcher	semlaunchsrv.exe	This virtual service account launches any Symantec Endpoint Protection Manager processes that require higher privileges, so that these other services do not need to have them. Only honors requests from localhost. Initiated by Symantec Endpoint Protection Manager (SemSvc.exe) Configurable	All, as of 12.1.5
TCP 8765	Server control	SemSvc.exe	Used by Symantec Endpoint Protection Manager for Tomcat web service for shutdown. Initiated by Symantec Endpoint Protection Manager Configurable	All
TCP 1100	Remote object registry	SemSvc.exe	Tells AjaxSwing on which port to run RMI Registry. Initiated by AjaxSwing Not configurable	All
UDP 514	Forwarding data to a Syslog server (Optional)	SemSvc.exe	Outbound traffic from Syslog server to Symantec Endpoint Protection Manager Inbound traffic to Syslog server Configurable Traffic to or from Symantec Endpoint Protection Manager uses UDP ephemeral ports.

Windows Vista and later contain a firewall that is enabled by default. If the firewall is enabled, you might not be able to install or deploy the client software remotely. If you have problems deploying the client to computers running these operating systems, configure their firewalls to allow the required traffic.
If you decide to use the Windows firewall after deployment, you must configure it to allow file and printer sharing (port 445).

For more information about configuring Windows firewall settings, see the Windows documentation.

See About basic management server settings.

See Preparing Windows and Mac computers for remote deployment.

See Monitoring endpoint protection.

See Preparing for client installation.

Legacy ID: v7054802_v81626096

Merci pour vos commentaires. Faites-nous savoir ci-dessous si vous avez d'autres commentaires. (connexion requise)

Communication ports for Symantec Endpoint Protection

Description

S'abonner à cet article

Produits connexes

Cet article a-t-il été utile ?