Which Communication Ports does Symantec Endpoint Protection 11.0 use?

To open firewall ports for SEP you need to know the following ports:

Number Port Type Initiated by Listening Process Description
80, 8014 TCP SEP Clients svchost.exe (IIS) Communication between the SEPM manager and SEP clients and Enforcers. (8014 in MR3 and later builds, 80 in older).
443 TCP SEP Clients svchost.exe (IIS) Optional secured HTTPS communication between a SEPM manager and SEP clients and Enforcers.
1433 TCP SEPM manager sqlservr.exe Communication between a SEPM manager and a Microsoft SQL Database Server if they reside on separate computers.
1812 UDP Enforcer w3wp.exe RADIUS communication between a SEPM manager and Enforcers for authenticating unique ID information with the Enforcer.
2638 TCP SEPM manager dbsrv9.exe Communication between the Embedded Database and the SEPM manager.
8443 TCP Remote Java or web console SemSvc.exe HTTPS communication between a remote management console and the SEPM manager. All login information and administrative communication takes place using this secure port.
9090 TCP Remote web console SemSvc.exe Initial HTTP communication between a remote management console and the SEPM manager (to display the login screen only).
8005 TCP SEPM manager SemSvc.exe The SEPM manager listens on the Tomcat default port.
39999 UDP Enforcer Communication between the SEP Clients and the Enforcer. This is used to authenticate Clients by the Enforcer.
2967 TCP SEP Clients Smc.exe The Group Update Provider (GUP) proxy functionality of SEP client listens on this port.

 

The Symantec Endpoint Protection Manager (SEPM) use two web servers: Internet Information Services (IIS) and Tomcat. IIS uses port 80 (or 8014) and 443 – Tomcat uses port 9090 and 8443. The communication between IIS and Tomcat uses the HTTP protocol. IIS uses port 9090 to talk to Tomcat, Tomcat uses port 80 to talk to IIS.

Client-Server Communication:
For IIS SEP uses HTTP or HTTPS between the clients or Enforcers and the server. For the client server communication it uses port 80 (or 8014) and 443 by default. In addition, the Enforcers use RADIUS to communicate in real-time with the manager console for clients authentication. This is done on UDP port 1812.

Remote Console:
9090 is used by the remote console to download .jar files and display the help pages.
8443 is used by the remote console to communicate with SEPM and the Replication Partners to replicate data.

Client-Enforcer Authentication:
The clients communicate with the Enforcer using a proprietary communication protocol. This communication uses a challenge-response to authenticate the clients. The default port for this is UDP 39,999.

http://service1.symantec.com/SUPPORT/ent-security.nsf/2326c6a13572aeb788257363002b62aa/edda0cd89141a6788025734e004b6a02?OpenDocument

iDRAC 6 – Poorten

iDRAC6 Server Listening Ports

Port Number Function
22* SSH
23* Telnet
80* HTTP
443* HTTPS
623 RMCP/RMCP+
5900* Console Redirection keyboard/mouse, Virtual Media Service, Virtual Media Secure Service, Console Redirection video
* Configurable port

 

iDRAC6 Client Ports 

Port Number Function
25 SMTP
53 DNS
68 DHCP-assigned IP address
69 TFTP
162 SNMP trap
636 LDAPS
3269 LDAPS for global catalog (GC)

Disabling the Windows Logon Screen Saver

Screen savers are not necessary for virtual machines, to disable Windows Logon Screen Saver:
  1. Click Start > Run, type regedit, click OK.
  2. Locate the following registry key:

    HKEY_USERS\.DEFAULT\Control Panel\Desktop

  3. Double-click the ScreenSaveActive string value item in the Details pane.
  4. In the Value data box, replace the number 1 with the number 0 , and then click OK.

Alternatively, you can save the attached registry file and double click it. The key above is set for you (Windows 2000 and 2003 only).

Create a bootable SERT USB key

The Symantec Endpoint Recovery Tool is an image that you can burn on a disc, which you can use to scan and remove malware from client computers. You use this tool for the computers that are too infected for Symantec  Endpoint Protection to clean effectively.

(http://www.symantec.com/connect/videos/symantec-endpoint-recovery-tool-sert)

You can download the tool from https://fileconnect.symantec.com/ and you need your license number like B1234567891.

Download the tool and get a USB key with at least 512 MB space

1.    Using WinRAR or similar, extract the SERT.iso file to the local file system (assume C:\SERT).
2.    Open a command prompt with admin rights.
3.    Insert the USB stick into the computer.
4.    Type the following command to start Diskpart:
diskpart <enter>
5.    Type the following command to list the available disks:
list disk <enter>

This command is important.  It will show you what number your USB drive is.  Failure to select the right disk at this point may result in loss of data from your hard disk.  Normally the drive is Disk 1, but you should confirm before proceeding.

6.    Type following commands to format the USB stick and prepare it for SERT:
select disk <number> <enter>
clean <enter>
create partition primary <enter>
select partition 1 <enter>
active <enter>
format fs=fat32 <enter>
assign <enter>
exit <enter>

7.    At the command prompt, type the following to copy the SERT files to the USB Stick:
xcopy C:\SERT\*.* <removable disk drive letter>\ /e /h /f <enter>

For updated definition files, download the JDB files and unzip them to the USB key. The JDB files can be found at http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=savce

To see how the SERT tool can be updated with the downloaded JDB file, read the following article: http://www.bvanleeuwen.nl/faq/?p=748