Symantec Altiris traffic

Posted on 2014-09-02
Last Modified: 2014-09-18
I am seeing a lot of connections on port 50124 and 443 from machines on a remote site that is connected to main site via VPN. They are connecting to an Altiris server but I am unclear (as I didn't set it up) as to whether they are just small pings to check in with the server or if they are files that are being transferred. The remote broadband line is slow which iis why I am investigating. The firewall on site is basic and not offering much insight. I can run a wireshark.
Question by:Sid_F
    LVL 60

    Accepted Solution

    Reference to Symantec on the Altiris ports, it seems that 50124 is used to receive Tickle Packets

    Specifically for those port stated below.

    * 50124 - Task Server (Altiris Object Host Service (atrshost.exe)), From client task agents and configurable in Altiris.ClientTask.Server.config
    * 443 - Task Server (IIS or Altiris HTTP Server), From client task agents and configurable in use in the Altiris.Http.config file

    Will be good to see the best practice in managing the Task server per se and check for such activities if they are indeed legit and can see if log file is showing any difference in norm for that particular period of concern

    Task Server Logging Information - Task Servers installed on a Notification Server will use the a.log files Remote Task Servers use a log file named TASKMANAGMENT.log, found in C:\program files\altiris\client task management\logs\taskmanagement.log
    On a client machine, the agent.log files contain all Task Server-related logging information.

    There will be times that port binding can be encountered which the below will help to further investigate the configuration are in accordance proper order to avoid corruption
    LVL 5

    Author Comment


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Suggested Solutions

    I eventually solved a perplexing problem setting up telnet for a new switch.  I installed a new Cisco WS-03560X-24P switch connected to an existing Cisco 4506 running a WS-X4013-10GE Sup II-Plus. After configuring vlans and trunking,  I could no…
    Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now