Symantec
™
Endpoint Detection and Response 4.5 Installation Guide for the S550
appliance
Table 8: Symantec EDR ports and settings
Service Protocol Port From To Description
Back up FTP; SSH 20 TCP, UDP
21 TCP
22 TCP, UDP
Management
platform or all-in-
one appliances
Configured
backup storage
server
(Internal traffic)
FTP server: FTP ports 20, 21
SSH server: SSH port 22
Email notifications SMTP 25 TCP
587 TCP
Management
platform or all-in-
one appliance
SMTP server
(Internal traffic)
Communication with the SMTP
server.
Content updates HTTP 80 TCP All appliances Symantec
(External traffic)
Virus and Vantage definitions,
and other content that
LiveUpdate delivers .
This port is required for proper
functioning of the product.
Statistics delivery HTTP 80 TCP All appliances Symantec
(External traffic)
Sends the data to Symantec
for statistical and diagnostic
purposes.
Private data is not sent over
this port.
(ECC) 2.0 HTTPS
HTTP
443
80
Managed SEP
endpoints
Symantec EDR Communicates commands to
the endpoints.
ECC 1.0 HTTPS 8446 Symantec EDR SEPM Commands to SEPM.
RRS/endpoint submissions
ECC 2.0
HTTPS
HTTP
443
8080
SEP Symantec EDR The SEPM private cloud that
lets endpoints communicate
with Symantec EDR.
RRS/endpoint submissions
ECC 1.0
HTTPS
HTTP
HTTP
443
80
8443¹
SEP Symantec EDR The SEPM private cloud that
lets endpoints communicate
with Symantec EDR.
Symantec cloud detection,
analysis, and correlation
services and telemetry
services
If endpoint
activity
recorder
enabled
If endpoint
activity
recorder
disabled
443 TCP All appliances Symantec
(External traffic)
Cloud service queries and
telemetry data exchanges .
If the endpoint activity recorder
is enabled SEP sends
conviction events directly to
Symantec EDR.
Antivirus and intrusion
prevention conviction
information
HTTPS HTTP 8080 TCP or
HTTPS 443 TCP
HTTP 80 TCP or
HTTPS 8443 TCP
SEP clients Symantec EDR
management
platform
Information about the files and
the network traffic that SEP
detects.
Antivirus and intrusion
prevention conviction
information
HTTPS
HTTP
443 TCP
80
Symantec EDR
management
platform
Symantec
(External traffic)
Information about files and
the network traffic that SEP
detects.
Product updates HTTPS 443 TCP All appliances Symantec
(External traffic)
Finds and delivers new
versions of Symantec EDR.
EDR appliance console HTTPS 443 TCP
443 (inbound) or in
the range of 1024
to 9997
Client connecting
to manage an
appliance
Management
platform or all-in-
one appliance
(Internal traffic)
EDR appliance console access
for an all-in-one appliance or
management platform.
21
To Next Page
Loading...