Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Symantec Altiris traffic

Posted on 2014-09-02
2
Medium Priority
?
794 Views
Last Modified: 2014-09-18
I am seeing a lot of connections on port 50124 and 443 from machines on a remote site that is connected to main site via VPN. They are connecting to an Altiris server but I am unclear (as I didn't set it up) as to whether they are just small pings to check in with the server or if they are files that are being transferred. The remote broadband line is slow which iis why I am investigating. The firewall on site is basic and not offering much insight. I can run a wireshark.
0
Comment
Question by:Sid_F
2 Comments
 
LVL 66

Accepted Solution

by:
btan earned 2000 total points
ID: 40300302
Reference to Symantec on the Altiris ports, it seems that 50124 is used to receive Tickle Packets
http://www.symantec.com/connect/forums/how-do-i-create-firewall-exceptions-altiris-deployment-solution
http://www.symantec.com/business/support/index?page=content&id=DOC1892

Specifically for those port stated below.

* 50124 - Task Server (Altiris Object Host Service (atrshost.exe)), From client task agents and configurable in Altiris.ClientTask.Server.config
* 443 - Task Server (IIS or Altiris HTTP Server), From client task agents and configurable in use in the Altiris.Http.config file

Will be good to see the best practice in managing the Task server per se and check for such activities if they are indeed legit and can see if log file is showing any difference in norm for that particular period of concern
http://www.symantec.com/connect/articles/altiris-task-server-best-practices-part-5-managing-and-troubleshooting-task-server

Task Server Logging Information - Task Servers installed on a Notification Server will use the a.log files Remote Task Servers use a log file named TASKMANAGMENT.log, found in C:\program files\altiris\client task management\logs\taskmanagement.log
On a client machine, the agent.log files contain all Task Server-related logging information.

There will be times that port binding can be encountered which the below will help to further investigate the configuration are in accordance proper order to avoid corruption
http://www.symantec.com/business/support/index?page=content&id=TECH187699
0
 
LVL 6

Author Comment

by:Sid_F
ID: 40329838
Thanks
0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
In this article, we’ll look at how to deploy ProxySQL.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses
Course of the Month10 days, left to enroll

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question