Endpoint Protection

 View Only

  • 1.  Virus Definition update problem

    Posted Jul 25, 2012 12:10 AM

    Hi,..

    Recently my SEPM doesnt get new definition at all and i believe this is because of the 3rd party software that we are install

    to monitor users internet usage( mimesweeper software). Could you please specify which port actually SEPM use to download patches by default.

    Many thanks in advance.

     

    Regards

    Wanorwm

     

     



  • 2.  RE: Virus Definition update problem

    Posted Jul 25, 2012 12:30 AM

     

    Troubleshooting LiveUpdate Issues with Symantec Endpoint protection

    https://www-secure.symantec.com/connect/articles/troubleshooting-liveupdate-issues-symantec-endpoint-protection

     The following table lists ports and processes associated with Symantec Endpoint Protection version 11.0, 12.0 and 12.1:

    Communications Ports and Protocols

     

    Port Number Port Type Initiated By Listening Process Description
    80, 8014 TCP SEP Clients svchost.exe (IIS)
    httpd.exe (Apache)    		 Communication between the SEP manager and SEP clients and Enforcers.
    (8014 in MR3 and later builds, 80 in older).
    The 11.x product line uses IIS. The 12.x product line uses Apache.
    443 TCP SEP Clients svchost.exe (IIS)
    httpd.exe (Apache)    		 Optional secured HTTPS communication between a SEP Manager and SEP clients and Enforcers.
    1433 TCP SEP Manager sqlserver.exe Communication between a SEP Manager and a Microsoft SQL Database Server if they reside on separate computers.
    1812 UDP Enforcer 11.x: w3wp.exe
    12.x: httpd.exe (Apache)    		 RADIUS communication between a SEP Manager and Enforcers for authenticating unique ID information with the Enforcer.
    2638 TCP SEP Manager 11.x: dbsrv9.exe
    12.1.x: dbsrv11.exe    		 Communication between the Embedded Database and the SEP Manager.
    2967 TCP SEP Clients Smc.exe The Group Update Provider (GUP) proxy functionality of SEP client listens on this port.
    8005/8765 TCP SEP Manager SemSvc.exe This is the Tomcat Shutdown port.
    In the 11.x product line SEP Manager listens on the Tomcat default port of 8005 except RU7 uses 8765.  Also in 12.x product line port 8765 is used instead.
    8045 TCP SEP Manager SemSvc.exe In the SEP 11 RU6 SEPM, the registry is started by the Tomcat servlet container. CreamTec's AjaxSwing uses the existing registry to communicate with its client agents that run in stand alone mode
    8443 TCP Remote Java or
    Web Console    		 SemSvc.exe HTTPS communication between a remote management console and the SEP Manager. All login information and administrative communication takes place using this secure port.
    8444 TCP Symantec Protection Center v 2.X SemSvc.exe This is the SEPM web services port. SPC 2.X makes Data Feed and Workflow requests to SEPM over this port.
    8445 TCP Reporting Console httpd.exe (Apache) Added in 12.1.x. HTTPS reporting console
    9090 TCP Remote Web Console SemSvc.exe Initial HTTP communication between a remote management console and the SEP Manager (to display the login screen only).
    39999 UDP Enforcer SNAC.exe (Windows SNAC)
    CClientCtl.exe (Windows ODC)
    SNAC
    (Mac SNAC/ODC)    		 Communication between the SEP Cients and the Enforcer. This is used to authenticate

     

    Added More.......

    Ports and Protocols to be allowed when using a proxy in a Symantec Endpoint Protection environment.

    http://www.symantec.com/business/support/index?page=content&id=TECH131843

     



  • 3.  RE: Virus Definition update problem

    Posted Jul 25, 2012 10:25 PM

    What reason is stated at the end of the log.liveupdate for the failure?



  • 4.  RE: Virus Definition update problem

    Trusted Advisor
    Posted Jul 26, 2012 05:59 AM

    Hello,

    I agree with Mick.. What happens when you try running the Liveupdate from SEPM and Liveupdate (luall.exe) from the RUN window ? Does it return any errors?

    Secondly, Are you talking about Clearswift MIMEsweeper for SMTP product ?

    MIMEsweeper for Web analyzes web content and blocks pages or files that are prohibited by your security policy but are not yet listed on any URL Filter.

    If yes, make sure you have to allow these websites...

    1. Liveupdate.symantecliveupdate.com
    2. Liveupdate.symantec.com
    3. Symantec.com

    Check these Articles:

    How to determine whether your firewall is blocking LiveUpdate

    http://www.symantec.com/docs/TECH102059

    Symantec Endpoint Protection: LiveUpdate

    http://www.symantec.com/docs/TECH95790

    Hope that helps!!