Here is a list of communication ports that TMCM Apex Central uses:
HTTP console port of TMCM / Apex Central
- Source: Trend Micro products and administrators who will connect to the web browser
- Destination: TMCM / Apex Central
- Destination Port: TCP port 80 by default. This can vary, depending on the IIS settings of each customer.
- Details: HTTP port of website where TMCM / Apex Central is configured. TMCM / Apex Central is placed in the default website. MCP agents use this port to connect to the TMCM
/ Apex Central server, and vice versa if the low security option is selected, or when the medium option is selected and HTTPS is unavailable. Products also connect to the HTTP port to download updates.
HTTPS console port of TMCM / Apex Central
- Source: Trend Micro products and administrators who will connect to the web browser
- Destination: TMCM / Apex Central
- Destination Port: TCP port 443 by default. This may vary depending on the IIS settings of each customer.
- Details: HTTPS port of website where TMCM / Apex Central is configured. TMCM / Apex Central is placed in the default website. MCP agents use this port to connect to the TMCM / Apex Central server, and vice versa if the low security option is selected, or when the medium option is selected and HTTPS is unavailable. Some products also connect to the HTTPS port to download updates.
TMI proprietary port (From TMCM/ Apex Central to TMI Agent)
- Source: Trend Micro products that use TMI Agent
- Destination: TMCM / Apex Central
- Destination Port: TCP port 10319
- Details: TMI-based agents use this port to connect to the server and vice versa. Examples are Trend Micro ServerProtect and ScanMail for Domino for AS400.
TMI proprietary port (From TMI Agent to TMCM/ Apex Central)
- Source: TMCM / Apex Central
- Destination: Trend Micro products that use TMI Agent
- Destination Port: TCP port 10319
- Details: TMI-based agents use this port to connect to the server and vice versa. Examples are Trend Micro ServerProtect and ScanMail for Domino for AS400.
TMI Interprocess port
- Source: Control Manager / Apex Central server
- Destination: TMCM / Apex Central server
- Destination Port: TCP port 10198
- Details: In case that customers enable server firewall, please make sure to port this internal communication port.
License Validation
- Source: Trend Micro products
- Destination:
License renewal/upgrade: olr.trendmicro.com
License update: licenseupdate.trendmicro.com - Destination Port: TCP port 443
- Details: Trend Micro products uses HTTPS (port 443) to communicate with Trend Micro Licensing Servers and validate the license and activation keys.
Heartbeat processes of TMCM / Apex Central agents
- Source: Trend Micro products
- Destination: TMCM / Apex Central server
- Destination Ports:
UDP 10319 – Heartbeat port for TMI-based agents
UDP 10323 – Heartbeat port for MCP-based agents - Details: This port is used by the Control Manager / Apex Central server to listen if the products are still alive.
Web service-based agents
- Description: For Web Service-based agents, the TMCM / Apex Central server must be able to connect to the console of the product.
- Source: TMCM / Apex Central server
- Destination: Trend Micro products
TCP port 4119 – Deep Security port, Vulnerability Protection
TCP port 4343 – Officescan console port, Trend Micro Security for Macintosh port
TCP port 8080 – Endpoint Encryption port
Cloud-based products
- Source: TMCM / Apex Central server
- Destination: sco-nabu.trendmicro.com
- Destination ports: TCP ports 80 and 443
- Details: The TMCM / Apex Central server connects to the this website to get information about cloud-based products (Hosted Email Security, Interscan Web Security as a Service, Worry-free Business Security Services).
Suspicious Objects
- Source: TMCM / Apex Central Server
- Destination: Trend Micro Products
- Destination Ports: Target product’s web console port (e.g. TCP port 443)
- Details: TMCM / Apex Central connect to Deep Discovery Analyzer or Deep Discovery Director to sync Suspicious Objects.
SMTP port for notifications (Optional)
- Source: TMCM / Apex Central server
- Destination: SMTP Service
- Destination Port: TCP 25 by default. This can vary depending on the SMTP service used by customers.
- Details: TMCM / Apex Central may send notifications by SMTP service
Syslog port for notifications (Optional)
- Source: TMCM / Apex Central server
- Destination: Syslog server used by customers
- Destination Port: UDP 514. This can vary depending on the Syslog servers used by customers.
- This is the default destination port for sending TMCM / Apex Central data to a named syslog server.