- Agent/Server communication port - It is a random 5-digit port number set during installation. To determine this port number, check the "Client_LocalServer_Port" parameter in the \PCCSRV\ofcscan.ini file.
- NetBIOS ports - This uses TCP/UDP port 137, TCP port 139, and TCP port 445. These ports are used when installing clients/agents via Remote Install and when clients/agents send quarantined files to the server using the UNC path.
- Communication with Control Manager/Apex Central - MCP agent uses TCP port 80 on HTTP or TCP port 443 on HTTPS to communicate with Control Manager/Apex Central.
- License ports - These allow access to the Trend Micro License Server via TCP port 443.
- Standalone Smart Protection Server - If Standalone Smart Protection Server is used in the environment, File Reputation Service for smart scan uses port 80 for HTTP and port 443 for HTTPS. Web Reputation Service uses port 5274 and port 5275 for HTTPS.
- Unmanaged endpoints checking - This port (TCP 135 by default) is used by the Apex One server to check with those unreachable and determine whether it’s managed by another Apex One server. This port can be configured through the following menu path: Apex One web console > Assessment > Unmanaged Endpoints > Define scope.
- SQL - SQL will by default use TCP port 1433 to communicate with the SQL Server hosting the Apex One database.
- SNMP - If SNMP is enabled, it will use UDP ports 161 and 162 by default.
- SMTP - Email notifications will use the standard SMTP port TCP 25.
IPs are not included as they can change frequently and without notice.
- Apex One web console port - To determine this port number, check the "Master_DomainPort" and "Master_SSLPort" parameter in the \PCCSRV\ofcscan.ini file.
Web Server and Settings Ports HTTP HTTPS (SSL) Direction IIS default website with SSL enabled 80 (not configurable) 443 (not configurable) Inbound IIS virtual website with SSL enabled 8080 (configurable) 4343 (configurable) Inbound - Integrated Smart Protection Server - Integrated Smart Protection Server provides File Reputation Service (FRS) and Web Reputation Service (WRS). The port numbers used for FRS and WRS depend on the web server the Apex One server uses. Refer to the following tables:
Web Server and Settings Ports for File Reputation Services HTTP Port for Web Reputation Services Direction HTTP HTTPS (SSL) IIS default website with SSL enabled 80 443 (not configurable) 80 (not configurable) Bi-Directional IIS default website with SSL disabled 80 443 (not configurable) 80 (not configurable) Bi-Directional IIS virtual website with SSL enabled 8080 4343 (configurable) 8080 (configurable) Bi-Directional IIS virtual website with SSL disabled 8080 4343 (configurable) 8080 (configurable) Bi-Directional Apache server is no longer in use for Apex One.To change the ports of your Web Reputation Services and File Reputation Services, contact Trend Micro Technical Support .
- Edge Relay Server Off-Premise management- The Off-Premise endpoint report backs up logs, submits samples, and updates the Suspicious Object (SO) List to the Edge server. The port information is shown below:
Web Server and Settings HTTPS Listen Port Direction External (Agent to Edge) 443 (configurable) Inbound Internal (Edge server to Apex One server) 4343 (default) Inbound