Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Ports and protocols used by OfficeScan (OSCE) that should be allowed through a firewall or router

    • Updated:
    • 29 Sep 2016
    • Product/Version:
    • OfficeScan 10.6
    • Platform:
    • Windows 2003 Enterprise Server
    • Windows 2003 Standard Server Edition
    • Windows 2008 Enterprise Server
    • Windows 2008 Standard Server Edition
    • Windows 2012 Standard
    • Windows 2012 Standard R2
Summary

This article enumerates the different ports and protocols used in OfficeScan, which should be allowed to communicate via firewall or router. This is typically the scenario in case the customer deployed either an OfficeScan server or a client/agent in a DMZ or they have segmented their network into multiple subnets.

Details
Public

The following lists the ports that are used in the OSCE client/agent and server communication:

Remote Installation Process:

TCP is port 139 and 445 on the client/agent. These ports are used to browse the workstation and/or they use the Find function to locate the client/agent.

Server:

The OfficeScan Server with IIS or Apache as the webserver.

Default SSL Port43434344
Default HTTP Port80808081

OfficeScan Client/Agent:

The client/agent listening port is randomly generated or specifically indicated while installing the OfficeScan Server. Clients/Agents that are installed from the same server will all use the same client/agent listening port.

Once the OSCE client/agent service has started, it sends a CGI command over HTTP to the OSCE Server with relevant information (including IP address). It uses the TCP port 8080 or whatever port is configured in the IIS to communicate with the server.

If you are using a firewall or router in your network, you need to allow communication on the following ports:

  • Client/Agent communication port - It is a random 5-digit port number set during installation. To determine this port number, check the "Client_LocalServer_Port" parameter in the \PCCSRV\ofcscan.ini file.
  • OfficeScan Web console port - It depends on the Web site used and if SSL is enabled. See the table below. To determine this port number, check the "Master_DomainPort" parameter in the \PCCSRV\ofcscan.ini file.
     Virtual WebsiteDefault Website
     IISApacheIIS
    HTTP8080808080
    HTTPS43434343443
  • Smart Scan Server Web console port - It uses TCP port 8080.
  • NetBIOS ports - This uses TCP/UDP port 137, TCP port 139, and TCP port 445. These ports are used when installing clients/agents via Remote Install and when clients/agents send quarantined files to the server using the UNC path.
  • Integrated Smart Scan Server scan query port - It depends on the web site used and if SSL is enabled. Refer to the following table.
     Virtual WebsiteDefault Website
     IISApacheIIS
    HTTP8082808080
    HTTPS43454343 or 4345443
  • Standalone Smart Scan Server scan query port - If you are using http:///tmcss, TCP port 80 is used. If you are using https:///tmcss, TCP port 443 is used.
  • LDAP port - It uses TCP port 389. This is used when the Security Compliance function retrieves Active Directory information.
  • MCP agent (for communication with Control Manager) - It uses TCP port 80 on HTTP or TCP port 443 on HTTPS.
  • License ports - TCP and UDP allow access to the Trend Micro License Server via port 80, 60162, and 60163.
  • File Reputation - HTTPS uses 4345 while HTTP uses 8082.
  • Web Reputation - HTTPS uses 5274.
Premium
Internal
Rating:
Category:
Configure
Solution Id:
1054836
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.