Purpose
This article provides information about the port requirements for Shavlik Protect.
Symptoms
Features of Protect and Protect Agents may not work if these ports are blocked.
Description/Resolution
You will need to ensure the following ports are open/allowed for the corresponding features of Protect to work.
Inbound Ports
| Machine | Inbound Port | Explanation |
| Agentless System | TCP 135 | WMI Scanning – Only needed if using Asset Scanning |
| Agentless System | TCP 137-139 or TCP 445 | (Windows file sharing/directory services) required for agentless scan and Deployment to work |
| Agentless System | TCP 5120 | Allows Scheduler to receive commands from console machine |
| Agentless System | UDP 9 | Only used if using Wake on Lan |
| Agentless System | TCP 5985 | Allows you to use IT Scripts feature |
| Agent System | TCP 4155 | Allows Agent to allow commands from console |
| Protect Console | TCP 3121 | Required for Deployment Tracker status updates for patch deployment and agent communication back to console |
| Distribution Server: HTTP configuration | TCP 80 | Needed for Distribution Servers to Sync patches with Console only if using HTTP |
| Distribution Server: HTTPS configuration | TCP 443 | Needed for Distribution Servers to Sync patches with Console only if using HTTPS |
| Distribution Server: UNC configuration | TCP 137-139 or TCP 445 | (Windows file sharing/directory services) Needed for Distribution Servers to Sync patches with Console only if using UNC |
Outbound Ports
| Machine | Outbound Port | Explanation | ||
| Agent System | TCP 80 | (Only for Distribution Servers that utilize HTTP) Allows agent and console communion with Distribution Server using HTTP | ||
| Agent System | TCP 443 | Only used for cloud agents | ||
| Agent System | TCP 3121 | Agent communication back to console | ||
| Agentless System | TCP 137-139 or TCP 445 | (Windows file sharing directory services) required for agentless scan to work | ||
| Agentless System | TCP 3121 | Required for Deployment Tracker status updates back to console | ||
| TCP 135 |
| ||
| Protect Console | TCP 80 | Patch and Data downloads | ||
| Protect Console | TCP 137-139 or TCP 445 | (Windows file sharing directory services) | ||
| Protect Console | 443 | Only used for cloud sync for agents | ||
| Protect Console | TCP 5120 | (From console to agentless target) Allows console to send commands to target machine Scheduler | ||
| Protect Console | UDP 9 | Only used if using Wake on Lan and Error Reporting |
Additional Information
There is a port requirements table within Protect under Help > Contents > System Requirements.
In some locked down environments, you will also need to specifically allow traffic over the default dynamic port range which is: 49152 - 65535.
How to use Telnet to test the connection over specific ports
How to configure Windows Firewall port exceptions
Explanations of port requirements
Affected Product(s)
All Versions