PortsusedforcommunicationinSAV10

Ports used for communication in Symantec AntiVirus 10.x and Symantec Client Security 3.xQuestion/Issue: This document discusses the ports that Symantec AntiVirus 10.x and Symantec Client Security 3.x use for communication between servers and clients.Solution:Installation portsThe following table describes the network protocols and ports that must to be available to perform network installations of the product:FunctionLocationProtocolPort rangeClient deploymentSymantec System CenterTCPlocal ports 10244999Client deploymentTarget clientsTCPlocal ports 10245000Client deploymentManagement server and target clientsTCP139Server deploymentTarget serversTCPlocal ports 10245000Server deploymentManagement server and target serversTCP139, 38293Remote installationRemote installation tools such as ClientRemote Install and AV Server Rollout use TCP port 139 on the targeted computers. If you plan to install Symantec Client Security or Symantec AntiVirus onto a computer running Windows 2003/XP, then read Windows XP Service Pack 2 or Windows Server 2003 firewall prevents remote installation.Client/server communication portsThe following table describes the network protocols and ports that must be available to perform the standard functions of the product. Configurable ports are marked with an asterisk (*).FunctionLocationProtocolPort rangeGeneral communicationSymantec System Center, serversTCPlocal ports 10244999General communicationSymantec System Center, servers, clientsTCP2967*General communicationNetWare serversTCP2968*General communicationClientsTCPlocal ports 10245000RtvscanRtvscan makes a request to Winsock for TCP port 2967 on IP-based networks. This is the only port needed for default client-to-server communication. On NetWare servers, Rtvscan.nlm listens on TCP port 2968.Note: Some versions of the Administrators Guide erroneously state that Symantec AntiVirus uses port 2043. It actually uses port 2967.On Windows computers, this value can be configured by using the following registry key:HKEY_LOCAL_MACHINESOFTWAREINTELLANDeskVirusProtect6CurrentVersionAgentIPPortIf the request for the static port fails, then Rtvscan uses a dynamic TCP port. This port is assigned by Winsock on that server and can be different each time that Rtvscan requests a port.Roaming clients The SAVRoam service used by roaming clients connects to the server TCP port 2967 with a random port. Clients communicate with the roam server on Port 38293 (PDS) and it must be open.Central management portsThe following table describes the network protocols and ports required to be available in order to manage the product centrally:FunctionLocationProtocolPort rangeDiscoveryServersUDP38293DiscoverySymantec System CenterUDPlocal ports 10244999Intel PDS ServiceA Windows-based computer running a Symantec AntiVirus server installation runs the Intel PDS Service. Intel PDS listens for ping packets from servers. It responds with a pong packet containing information on how to communicate with RTVScan. Intel PDS listens on UDP port 38293 for ping packets. This value cannot be configured.Other server-to-server communicationsIn server-to-server communication, the sending Symantec AntiVirus server picks a random port, starting at TCP 1025 and moving up from that point. From that point, traffic is returned on that random port. To allow communication to pass through a firewall or gateway, create rules to allow any port to accept TCP communication on 2967 and 38293 and to allow outbound TCP communication from ports 2967 and 38293:TCPAllow 2967 to *UDPAllow 38293 to *TCPAllow * to 2967UDPAllow * to 38293On NetWare servers, Rtvscan.nlm listens on TCP port 2968. If you have NetWare servers, create the following rules:TCPAllow 2968 to *TCPAllow * to 2968Ports for specific components and featuresThe following table describes the network protocols and ports required for certain optional components of the product:ComponentLocationProtocolPort rangeQuarantineCentral Quarantine ServerTCP2847 (HTTP)2848 (HTTPS)MsgsysServersUDP38037MsgsysServersTCP38292Legacy managementServers and clients; see belowUDP2967, 2968Quarantine Quarantine servers connect to the Digital Immune System by using HTTP on TCP port 2847 and HTTPS on TCP port 2848. For information about general configuration of Quarantine server and how to modify the TCP ports, see the document Setting up Symantec Central Quarantine for Symantec Client Security 3.x or Symantec AntiVirus Corporate Edition 10.x.MsgsysMsgsys is an Alert Management System (AMS) process for generating and sending configured AMS alerts. Msgsys communications uses UDP port 38037 and TCP port 38292.Communication with legacy clientsTo allow a Symantec AntiVirus 10.x server to communicate with clients running Symantec AntiVirus 9.x or earlier, you must set the Server Tuning Options in Symantec System Center. For help with this, read the document Managing legacy clients with Symantec Client Security 3.x and Symantec AntiVirus Corporate Edition 10.x.Because legacy clients use UDP communication, you must create rules to allow any port to accept UDP communication on 2967 and to allow outbound UDP communication from port 2967:UDPAllow 2967 to *UDPAllow * to 2967Configuring ports to protect clientsBecause these ports are listening for incoming traffic, they should be protected from being accessed from computers that are outside of the network. To do so, do the following: On the network, block external access to these ports with a perimeter firewall. On mobile computers, close the ports when the computer is not on the corporate network. This can be accomplished by blocking any unauthorized network traffic with a firewall rule or by using Location Awareness in Symantec Client Security to differentiate between corporate network traffic and other insecure communication. References: For a list of ports that are used in Windows 2003/2000/NT, see the Microsoft document How to Configure a Firewall for Domains and Trusts (179442).For information about the deployment of Windows Firewall settings, see the Microsoft document Deploying Windows Firewall Settings for Microsoft Windows XP with Service Pack 2.Document ID: 2005033011582148Last Modified: 2007-11-27Date Created: 2005-03-30Operating System(s): Windows 2000, Windows XP Home, Windows XP Professional Edition, Windows XP Tablet PC, NetWare 5.1, NetWare 6.0, NetWare 6.5, Windows Server 2003 32-bit Edition, Windows XP Media Center Edition 2005Product(s): Symantec AntiVirus 10.1, Symantec AntiVirus Corporate Edition 10.0, Symantec Client Firewall 8.0, Symantec Client Firewall 8.7, Symantec Client Security 3.0, Symantec Client Security 3.1Release(s): SAV 10.0 All Releases, Symantec AntiVirus 10.1 All Releases, Symantec Client Firewall 8.7 All Releases, Symantec Client Firewall 8.x All versions, Symantec Client Security 3.1 All Releases, Symantec Client Security 3.x All versions A computer running SCS 3.x or SAVCE 10.x shows Disabled ? Time out of sync in Symantec System CenterQuestion/Issue: You notice that one or more computers in Symantec System Center shows the message Disabled Time out of sync.Symptoms: A computer running Symantec Client Security 3.x or Symantec AntiVirus Corporate Edition 10.x shows Disabled ? Time out of sync in Symantec System Center You notice that one or more computers in Symantec System Center shows the message Disabled ? Time out of sync. Solution:Before you begin: In some cases, you can fix the problem by clicking Tools Discovery Service Clear Cache Now in Symantec System Center. If the problem persists after you clear the cache, follow the steps in this document.This message means that the computer is no longer authorized to communicate with its parent server. Auto-Protect is still enabled on the computer, and it can receive virus definitions using LiveUpdate.By default, the system clocks of all management console computers, servers, and clients must be within the default of 24 hours plus or minus of the system time on the primary management server. If this time requirement is not met, servers and clients will not authenticate the Symantec System Center user who is logged on and communications will fail. Note that time synchronization includes time zones. In other words, 3 PM Pacific Standard Time is synchronized with 6 PM Eastern Standard Time.For details, read the document About login certificates in Symantec Client Security 3.x and Symantec AntiVirus Corporate Edition 10.x.To check the certificate validity time on a client 1. Start Windows Explorer. 2. Go to the Symantec AntiVirus program folder.The default location is Program FilesSymantec Client SecuritySymantec AntiVirus. 3. Open the pkiroots folder. 4. Double-click the xxx.x.servergroupca.cer file. 5. On the General tab, look at the date range next to Valid from. 6. Click OK.To check the certificate validity time on a server 1. Start Windows Explorer. 2. Go to the Symantec AntiVirus program folder.The default path is one of the following: On a Symantec AntiVirus Corporate Edition server, the default path is :Program FilesSAV. On a Symantec Client Security server, the default path is :Program FilesSAVSymantec AntiVirus.For help with this, follow the directions in the To find the Symantec AntiVirus program folder section in the Technical Information section of this document.3. Open the pkiroots folder. 4. Double-click the xxx.x.servergroupca.cer file. 5. On the General tab, look at the date range next to Valid from. 6. Click OK.Fixing out-of-sync time on a clientCorrect the time on the client and restart the Symantec AntiVirus service.Fixing out-of-sync time on a serverIf you installed a Symantec Client Security or Symantec AntiVirus server when the system time was incorrect, the certificates created for that machine will be set to the incorrect time. Follow the directions that apply to your situation: If the time was incorrect by up to a year in the past, change the time and restart the server. If the time was incorrect by more than a year in the past, uninstall and reinstall the Symantec Client Security or Symantec AntiVirus server. If the time was incorrect by less than a day in the future, change the time and restart the server. If the time was incorrect by more than a day in the future, uninstall and reinstall the Symantec Client Security or Symantec AntiVirus server, or delay deployment of clients and/or secondary servers until the server certificates are valid. For example, if the server date was set to March 12, 2006, when the correct date is March 2, 2006, you could simply wait until March 12 (March 22 on the server clock) before resetting the time. In the meantime, you will not be able to deploy new clients or make configuration changes. However, the server will still be able to manage legacy clients, which are not time-dependent.If the problem persists on a primary server, corrupted certificate information may be the cause. In these cases, you can fix the problem by moving that server to a new server group.To fix the problem on a primary server 1. In Symantec System Center, right-click System Hierarchy, and then click New Server Group. 2. Type a name for the new server group. 3. Type a user name for the new server groups administrator, and then type the password that you want for that account. 4. Click OK. 5. Drag the affected primary server into the new server group. 6. After the server appears in the new server group, right-click the server and then click Make Server a Primary Server. 7. Drag any other servers from the old server group into the new server group.Technical Information:To find the Symantec AntiVirus program folder 1. On the Windows taskbar, click Start Run. 2. In the Run dialog box, type the following:cmd3. Click OK. 4. At the command prompt, type the following: net share5. Under Share name, find the VPHOME listing. The folder listed in the Resource column is the Symantec AntiVirus program folder and contains the pki folder.Document ID: 2005041313132348Last Modified: 2008-10-31Date Created: 2005-04-13Operating System(s): Windows 2000, Windows XP Professional Edition, Windows XP Tablet PC, NetWare 5.1, NetWare 6.0, NetWare 6.5, Windows Server 2003 32-bit Edition, Windows XP Media Center Edition 2005Product(s): Symantec AntiVirus 10.1, Symantec AntiVirus Corporate Edition 10.0, Symantec Client Security 3.0, Symantec Client Security 3.1Release(s): SAV 10.0, SAV 10.0 All Releases, Symantec AntiVirus 10.1, Symantec AntiVirus 10.1 All Releases, Symantec AntiVirus for Linux 1.0, Symantec AntiVirus for Linux All Releases, Symantec Client Security 3.0, Symantec Client Security 3.1, Symantec Client Security 3.1 All Releases, Symantec Client Security 3.x All versions Determining the version of Symantec System CenterQuestion/Issue: You need to know which version of Symantec System Center is installed.Solution:There are two ways to determine the version of Symantec System Center: Check the Symantec System Center snap-in properties. Check the version number of the Nsctop.exe file.To determine the version of Symantec System Center from the console 1. Start Symantec System Center. 2. Click Console. 3. Click Add/Remove Snap-in. 4. On the Standalone tab, click Symantec System Center. 5. Click About. The version number is located in the lower-left corner.Use this version of Symantec System Center With this version of Symantec AntiVirus Corporate Edition5.08.x6.09.x10.010.010.110.1Compare the file version number of Nsctop.exe with the Norton AntiVirus Corporate Edition version number in the following table to confirm that the correct version of Symantec System Center is installed.To determine the file version of the Nsctop.exe file 1. On the Windows taskbar, click Start Search (or Find) For Files or Folders. 2. In the Search for files or folders named box, type-or copy and paste-the following:nsctop.exe3. Click Search Now or Find Now. 4. Right-click the Nsctop.exe file, and then click Properties. 5. Click the Version tab to see the version information.Use this version of Nsctop.exe With this version of Symantec AntiVirus Corporate Edition8.0.0.3748.0.0.3748.0.0.3788.0.0.3788.0.1.4258.0.1.4258.0.1.4298.0.1.4298.0.1.4348.0.1.4348.0.1.4378.0.1.4378.0.1.4468.0.1.4468.0.1.4578.0.1.4578.0.1.4608.0.1.4608.0.1.4648.0.1.4648.0.1.4718.0.1.4718.0.1.5018.0.1.5018.1.1.3148.1.1.3148.1.1.3198.1.1.3198.1.1.3238.1.1.3238.1.1.3298.1.1.3298.1.1.3368.1.1.3368.1.1.3668.1.1.3668.1.1.3778.1.1.3778.1.1.3858.1.1.385Use this version of Nsctop.exe With this version of Symantec AntiVirus Corporate Edition9.0.0.3389.0.0.x9.0.1.10009.0.1.x9.0.2.10009.0.2.x9.0.3.10009.0.3.x9.0.4.10009.0.4.x9.0.5.10009.0.5.xUse this version of Nsctop.exe With this version of Symantec AntiVirus Corporate Edition10.0.0.35910.0.0.35910.0.1.100010.0.1.100010.0.2.100010.0.2.100010.110.1Knowledge Base X窗体顶端Document ID: 2001091312173448Last Modified: 2007-02-23Date Created: 2001-09-13Operating System(s): Windows 2000, Windows XP Professional Edition, Windows Server 2003 32-bit Edition, Windows NT 4.0 SP6aProduct(s): Symantec AntiVirus 10.1, Symantec AntiVirus Corporate Edition 10.0, Symantec AntiVirus Corporate Edition 8.0, Symantec AntiVirus Corporate Edition 9.0, Symantec Client Security 3.0, Symantec Client Security 3.1Release(s): SAV 10.0 All Releases, SAV 8.0, SAV 9.0 All Releases, Symantec AntiVirus 10.1 All Releases, Symantec Client Security 3.1, Symantec Client Security 3.1 All Releases, Symantec Client Security 3.x All versions Troubleshooting communication problems with Symantec Client Security 3.x or Symantec AntiVirus Corporate Edition 10.xQuestion/Issue: You use Symantec System Center and either Symantec Client Security 3.x or Symantec AntiVirus Corporate Edition 10.x. The communication between clients and servers does not work correctly. You may see one of the following symptoms: - Clients disappear from Symantec System Center - Clients cannot be configured from Symantec System Center - Clients do not receive automatic virus definition updates Solution:Before you begin: Before you follow the directions in this document, confirm basic network communication by using the ping, netstat, and telnet commands.For directions, read Symantec AntiVirus quick communications check.If you see an error message or an entry in the Windows Event Viewer, first follow the directions in the document for that error message. You can find a list of documents that relate to common error messages in the References section of this document. If your error message does not appear in the list, search the Symantec Knowledge Base for a relevant document.This document provides tools and techniques to help you troubleshoot common communication problems with Symantec Client Security and Symantec AntiVirus. In many cases, the procedures in this document can solve the problem. If problems persist after you complete the steps in this document, contact Symantec Technical Support for assistance. Take note of each change or discovery that you make while you use this document. Symantec Technical Support needs this information if you request assistance.General guidelinesThe following topics address the most common causes of communication problems with Symantec Client Security 3.x and Symantec AntiVirus 10.x The version of Symantec System Center should not be older than the version on the primary server.Symantec recommends that the version of Symantec System Center be the same as the version on the primary server.For details, read Version compatibility between the Symantec System Center and Symantec AntiVirus Corporate Edition. The version of Symantec AntiVirus on the parent server should not be older than the version on the clientsSymantec recommends that the version of Symantec AntiVirus on the parent server be the same or newer than the version on the clients. For example, you may encounter communications problems between the clients that run Symantec AntiVirus 10.x and parent servers that run Symantec AntiVirus 9.x. Symantec System Center and Terminal ServerBefore you install Symantec System Center on a Windows Terminal Server, the Terminal Server must be in Remote Administration mode. After you install Symantec System Center and restart the computer, you can put the Terminal Server in Application mode. When Symantec System Center is installed on a Terminal Server, run Symantec System Center locally. Do not connect to Symantec System Center by using a terminal session, regardless of whether the server is in Application mode or Remote Administration mode. Symantec AntiVirus over VPN ConnectionsSymantec does not provide support for the problems that are related to communication with any clients that use VPN connections to check in with their parent server. Symantec recommends that remote clients be allowed to run LiveUpdate themselves. You can create a separate client group for remote clients so that if they visit the main site, they can be managed without changing their configuration. For more information, read Best practices for managing laptop and mobile clients with Symantec AntiVirus Corpor