Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Ports and protocols used by OfficeScan (OSCE) that should be allowed through a firewall or router

    • Updated:
    • 23 Feb 2017
    • Product/Version:
    • OfficeScan 10.6
    • OfficeScan 11.0
    • OfficeScan XG.All
    • Platform:
    • Windows 2003 Enterprise Server
    • Windows 2003 Standard Server Edition
    • Windows 2008 Enterprise Server
    • Windows 2008 Standard Server Edition
    • Windows 2012 Standard
    • Windows 2012 Standard R2
Summary

This article enumerates the different ports and protocols used in OfficeScan, which should be allowed to communicate via firewall or router. This is typically the scenario in case the customer deployed either an OfficeScan server or a client/agent in a DMZ or they have segmented their network into multiple subnets.

Details
Public
  • Agent/Server communication port - It is a random 5-digit port number set during installation. To determine this port number, check the "Client_LocalServer_Port" parameter in the \PCCSRV\ofcscan.ini file.
  • NetBIOS ports - This uses TCP/UDP port 137, TCP port 139, and TCP port 445. These ports are used when installing clients/agents via Remote Install and when clients/agents send quarantined files to the server using the UNC path.
  • Communication with Control Manager - MCP agent uses TCP port 80 on HTTP or TCP port 443 on HTTPS to communicate with Control Manager.
  • License ports - TCP and UDP allow access to the Trend Micro License Server via port 80, 60162, and 60163.
  • Standalone Smart Protection Server - If Standalone Smart Protection Server is used in the environment, File Reputation Service for smart scan uses port 80 for HTTP and port 443 for HTTPS. Web Repuation Service uses port 5274. The web console uses port 4343 for HTTPS.

Some using ports vary depanding on the OfficeScan version:

  • OfficeScan web console port - To determine this port number, check the "Master_DomainPort" and "Master_SSLPort" parameter in the \PCCSRV\ofcscan.ini file.
    Web Server and SettingsPorts
    HTTPHTTPS (SSL)
    IIS default website with SSL enabled80 (not configurable)443 (not configurable)
    IIS virtual website with SSL enabled8080 (configurable)4343 (configurable)
  • Integrated Smart Protection Server - Smart Protection Server provides File Reputation Service (FRS) and Web Reputation Service (WRS). The port numbers used for FRS and WRS depend on the web server the OfficeScan server uses. Refer to the following tables:
    Web Server and SettingsPorts For File Reputation Service
    HTTPHTTPS (SSL)
    IIS default website80443
    IIS virtual website80804343
    Web Server and SettingsHTTP Port For Web Reputation Service
    IIS default website with SSL enabled80 (not configurable)
    IIS virtual website with SSL enabled8080 (not configurable)
     
    Apache server is no longer in use for OfficeScan XG.
  • Off-Premise management - OfficeScan XG provides Off-Premise agent management via Edge server. The default connection port between the OfficeScan server and Edge server is 10669, which is configurable. The Off-Premise endpoint reports backlogs, submits samples, and updates the Suspicious Object List by using port 443 for HTTPS.
  • OfficeScan web console port - To determine this port number, check the "Master_DomainPort" and "Master_SSLPort" parameter in the \PCCSRV\ofcscan.ini file.
    Web Server and SettingsPorts
    HTTPHTTPS (SSL)
    Apache web server with SSL enabled8080 (configurable)4343 (configurable)
    IIS default website with SSL enabled80 (not configurable)443 (not configurable)
    IIS virtual website with SSL enabled8080 (configurable)4343 (configurable)
  • Integrated Smart Protection Server - Smart Protection Server provides File Reputation Service (FRS) and Web Reputation Service (WRS). The port numbers used for FRS and WRS depend on the web server the OfficeScan server uses. Refer to the following tables:
    Web Server and SettingsPorts For File Reputation Service
    HTTPHTTPS (SSL)
    Apache web server80824345
    IIS default website80443
    IIS virtual website80804343
    Web Server and SettingsPorts For Web Reputation Service
    Apache web server with SSL enabled5274
    IIS default website with SSL enabled80 (not configurable)
    IIS virtual website with SSL enabled8080 (not configurable)
  • OfficeScan web console port - To determine this port number, check the "Master_DomainPort" and "Master_SSLPort" parameter in the \PCCSRV\ofcscan.ini file.
    Web Server and SettingsPorts
    HTTPHTTPS (SSL)
    Apache web server with SSL enabled8080 (configurable)4343 (configurable)
    Apache web server with SSL disabled8080 (configurable)N/A
    IIS default website with SSL enabled80 (not configurable)443 (not configurable)
    IIS default website with SSL disabled80 (not configurable)N/A
    IIS virtual website with SSL enabled8080 (configurable)4343 (configurable)
    IIS virtual website with SSL disabled8080 (configurable)N/A
     
    Apache and IIS use 8080 and 4343. 8081 and 4344 only happen when the above ports have been used. It is not a default setting.
  • Integrated Smart Protection Server - Smart Protection Server provides File Reputation Service (FRS) and Web Reputation Service (WRS). The port numbers used for FRS and WRS depend on the web server the OfficeScan server uses. Refer to the following tables:
    Web Server and SettingsPorts For File Reputation Service
    HTTPHTTPS (SSL)
    Apache web server with SSL enabled80804343
    Apache web server with SSL disabled80804345
    IIS default website with SSL enabled8082443 (not configurable)
    IIS default website with SSL disabled8082443 (not configurable)
    IIS virtual website with SSL enabled80824345
    IIS virtual website with SSL disabled80824345
    Web Server and SettingsPorts For Web Reputation Service
    Apache web server with SSL enabled8080 (not configurable)
    Apache web server with SSL disabled8080 (not configurable)
    IIS default website with SSL enabled80 (not configurable)
    IIS default website with SSL disabled80 (not configurable)
    IIS virtual website with SSL enabled5274
    IIS virtual website with SSL disabled5274
Premium
Internal
Rating:
Category:
Configure
Solution Id:
1054836
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.