Information on all the Ports needed for communications and other important functions
obtained from: http://service1.symantec.com/SUPPORT/ent-security.nsf/pfdocs/2005033011582148?Open&dtype=corp
 |
Document ID:2005033011582148 Last Modified:05/08/2006 |
Ports used for communication in Symantec AntiVirus 10.x and Symantec Client Security 3.x
Situation:
This document discusses the ports that Symantec AntiVirus 10.x
and Symantec Client Security 3.x use for communication between servers
and clients.
Solution:
Installation ports
The following table describes the network protocols and ports that must
to be available to perform network installations of the product:
| Function | Location | Protocol | Port range |
| Client deployment | Symantec System Center | TCP | local ports 1024–4999 |
| Client deployment | Target clients | TCP | local ports 1024–5000 |
| Client deployment | Management server and target clients | TCP | 139 |
| Server deployment | Target servers | TCP | local ports 1024–5000 |
| Server deployment | Management server and target servers | TCP | 139, 38293 |
Remote installation
Remote installation tools such as ClientRemote Install and AV Server
Rollout use TCP port 139 on the targeted computers. If you plan to
install Symantec Client Security or Symantec AntiVirus onto a computer
running Windows 2003/XP, then read Windows XP Service Pack 2 or Windows Server 2003 firewall prevents remote installation.
Client/server communication ports
The following table describes the network protocols and ports that must
be available to perform the standard functions of the product.
Configurable ports are marked with an asterisk (*).
| Function | Location | Protocol | Port range |
| General communication | Symantec System Center, servers | TCP | local ports 1024–4999 |
| General communication | Symantec System Center, servers, clients | TCP | 2967* |
| General communication | NetWare servers | TCP | 2968* |
| General communication | Clients | TCP | local ports 1024–5000 |
Rtvscan
Rtvscan makes a request to Winsock for TCP port 2967 on IP-based
networks. This is the only port needed for default client-to-server
communication. On NetWare servers, Rtvscan.nlm listens on TCP port 2968.
Note: Some versions of the Administrator's Guide erroneously state that Symantec AntiVirus uses port 2043. It actually uses port 2967.
On Windows computers, this value can be configured by using the following registry key:
HKEY_LOCAL_MACHINESOFTWAREINTELLANDeskVirusProtect6CurrentVersionAgentIPPort
If the request for the static port fails, then Rtvscan uses a dynamic
TCP port. This port is assigned by Winsock on that server and can be
different each time that Rtvscan requests a port.
Roaming clients
The SAVRoam service used by roaming clients connects to the server TCP port 2967 with a random port.
Central management ports
The following table describes the network protocols and ports required to be available in order to manage the product centrally:
| Function | Location | Protocol | Port range |
| Discovery | Servers | UDP | 38293 |
| Discovery | Symantec System Center | UDP | local ports 1024–4999 |
Intel PDS Service
A Windows-based computer running a Symantec AntiVirus server
installation runs the Intel PDS Service. Intel PDS listens for ping
packets from servers. It responds with a pong packet containing
information on how to communicate with RTVScan. Intel PDS listens on
UDP port 38293 for ping packets. This value cannot be configured.
Other server-to-server communications
In server-to-server communication, the sending Symantec AntiVirus
server picks a random port, starting at TCP 1025 and moving up from
that point. From that point, traffic is returned on that random port.
To allow communication to pass through a firewall or gateway, create
rules to allow any port to accept TCP communication on 2967 and 38293
and to allow outbound TCP communication from ports 2967 and 38293:
| TCP | Allow 2967 to * |
| UDP | Allow 38293 to * |
| TCP | Allow * to 2967 |
| UDP | Allow * to 38293 |
On NetWare servers, Rtvscan.nlm listens on TCP port 2968. If you have NetWare servers, create the following rules:
| TCP | Allow 2968 to * |
| TCP | Allow * to 2968 |
Ports for specific components and features
The following table describes the network protocols and ports required for certain optional components of the product:
| Component | Location | Protocol | Port range |
| Quarantine | Central Quarantine Server | TCP | 2847 (HTTP) 2848 (HTTPS) |
| Msgsys | Servers | UDP | 38037 |
| Msgsys | Servers | TCP | 38292 |
| Legacy management | Servers and clients; see below | UDP | 2967, 2968 |
Quarantine
Quarantine servers connect to the Digital Immune System by using HTTP
on TCP port 2847 and HTTPS on TCP port 2848. For information about
general configuration of Quarantine server and how to modify the TCP
ports, see the document Setting up Symantec Central Quarantine for Symantec Client Security 3.x or Symantec AntiVirus Corporate Edition 10.x.
Msgsys
Msgsys is an Alert Management System (AMS) process for generating and
sending configured AMS alerts. Msgsys communications uses UDP port
38037 and TCP port 38292.
Communication with legacy clients
To allow a Symantec AntiVirus 10.x server to communicate with clients
running Symantec AntiVirus 9.x or earlier, you must set the Server
Tuning Options in Symantec System Center. For help with this, read the
document Managing legacy clients with Symantec Client Security 3.x and Symantec AntiVirus Corporate Edition 10.x.
Because legacy clients use UDP communication, you must create rules to
allow any port to accept UDP communication on 2967 and to allow
outbound UDP communication from port 2967:
| UDP | Allow 2967 to * |
| UDP | Allow * to 2967 |
Configuring ports to protect clients
Because these ports are listening for incoming traffic, they should be
protected from being accessed from computers that are outside of the
network. To do so, do the following:
- On the network, block external access to these ports with a perimeter firewall.
- On mobile computers, close the ports when the computer is not
on the corporate network. This can be accomplished by blocking any
unauthorized network traffic with a firewall rule or by using Location
Awareness in Symantec Client Security to differentiate between
corporate network traffic and other insecure communication.
References:
For a list of ports that are used in Windows 2003/2000/NT, see the Microsoft document How to Configure a Firewall for Domains and Trusts (179442).
For information about the deployment of Windows Firewall settings, see the Microsoft document Deploying Windows Firewall Settings for Microsoft Windows XP with Service Pack 2.
Love
Can we use Let's Encrypt, the free and open certificate authority?
Hola! gracias por la info, me sirvió el comando sacandole el nombre del server. En mi caso, fue una migración…
Yes 3rd option helped me too. I removed the WC key Values from config file then started working.
I know this is from 2014. But really, thank you!