Endpoint Protection

 View Only

  • 1.  port to open

    Posted Sep 27, 2009 01:26 PM
    hi! I've recently upgraded my older version of endpoint 11 to MR4 MP2. I noticed that with this new revision i need to disable my xp and vista firewall to have the communication linked between the endpoint console and the client. This was not necessary in my older version. Is this norm?

    What's the advise on port/protocol to be open for def update and client/svr comm? In our environemt, we've a third party tools to delete client's windows profile every week. I also noticed that, the port setting i set will be deleted once the profile is deleted. Is there anyway that i can hardcord this in a registry or any better way to achieve this?

    In earlier version of AV corporate edition 10.2. or earlier i can set the internal client to pull the virus def file from my internal def update server and i can actually scheduled an live update from symantec weekly from live update (in case the internal server failed). Can this be done in the new endpoint 11?

    Thanksl.


  • 2.  RE: port to open

    Posted Sep 27, 2009 06:40 PM


    The default port for SEP -> SEPM communication has changed from port 80 to 8014.
    You will need to add this to your XP firewall exception.

    List of communication ports below:
    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007090614430148


    In your LiveUpdate policies you can also schedule the clients to use LiveUpdate as an alternative route to pull definitions.



  • 3.  RE: port to open

    Posted Sep 27, 2009 09:39 PM
    I think earlier also it was using 8014 port.


  • 4.  RE: port to open

    Posted Sep 28, 2009 07:55 AM
     If your are using Network Threat Protection (firewall) with SEP you should not use the windows built in firewall. It is not really easy to adminstrate the two firewalls on the same system I would not say that it adds anything to security either.


  • 5.  RE: port to open

    Posted Sep 28, 2009 02:59 PM
    Hi,

           Please check this link which gives us a detail information about the ports used by endpoint.

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007091010224248
             


  • 6.  RE: port to open

    Posted Sep 29, 2009 04:38 AM
    i can set the internal client to pull the virus def file from my internal def update server and i can actually scheduled an live update from symantec weekly from live update (in case the internal server failed)

    For my laptops, I defined a policy so that when they are not in contact with my SEPM server, they will download the definitions from the LiveUpdate site.


  • 7.  RE: port to open

    Posted Sep 29, 2009 02:12 PM
    hi! i noticed that in the endpoint protection console, under the home main page and in the Virus Distribution section, i can see that the "Latest Symantec Version" is showing the latest date, whereas the "Latest Manager Version" is showing the old date. The clients connected to the console are showing the same def date as the "Latest MAnager version". This seems that the svr is updated with the latest def but it's not push to the clients.

    here's my current settings. In the "Policies" page....the LiveUpdate>Server Settings> The "Use the default Management server (recommended)" and "use a liveupdate server" is ticked. + in the Schedulde "Enable LiveUpdate Scheduling" ticked. This is the shared policy used by all the groups i created.

    In the "Admin" page >local site> site properties> live update --->download schedule set to download def and content daily.

    The communication between the svr and client should work fine, because i can do a remote restart of the client. Somehow the def, just can't be pushed from the internal svr to the client. Just to confirm whether the settings in my "policies" page is good enough to push the def down?

    Thanks.


  • 8.  RE: port to open

    Posted Sep 30, 2009 10:08 AM
    hi! Anyone any help on this?> thanks.


  • 9.  RE: port to open

    Posted Sep 30, 2009 10:51 AM
    Check if the manager has the latest defs
    go to admin
    servers
    click on local site on top
    at the bottom click on show liveupdate downloads
    check the definition dates for 32 bit defs
    if it shows old date then you need to do a manual cleanup of defs.


  • 10.  RE: port to open

    Posted Sep 30, 2009 12:45 PM
    hi! thanks for the reply. I've checked that it showed the latest update. The thing is that the update is not push down to the clients. If i schedule the client to download the def file from the symantec live update, the policies can be pushed down.....just that the def file is not from the management svr.....the rest of the policies are working fine (Eg. AV's action for virus, worm, spyware and etc.)


  • 11.  RE: port to open

    Posted Oct 01, 2009 03:10 AM

    Whats the version you are running on ? MR4 MP2
    Seems like this was a bug and its resolved but running MR5 should fix it.

    Please check the release notes

    Release Update 5 (RU5)


    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid_p/2007121216360648


    Symantec Endpoint Protection Manager fails to update virus definitions or policies to clients
    Fix ID:     1212533
    Symptoms: Symantec Endpoint Protection Manager outbox/agent directory fails to update with new content, and clients remain out of date.
    Solution: Added a synchronizing mechanism to avoid multiple updates and replication while updating.