MoonPoint Support Logo

 

Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals



Advanced Search
July
Sun Mon Tue Wed Thu Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      
2024
Months
Jan Feb Mar
Apr May Jun
JulAug Sep
Oct Nov Dec


Mon, Apr 09, 2007 9:47 pm

Allow Rtvscan Access Through Windows XP Firewall

Symantec AntiVirus Corporate Edition 8.0 uses rtvscan.exe on client systems for management of those systems from the antivirus server. Rtvscan listens on UDP port 2967 on the client systems. You can determine if rtvscan.exe is running on a Windows XP or later system with the tasklist command. 
C:\>tasklist /fi "imagename eq rtvscan.exe"

Image Name                   PID Session Name     Session#    Mem Usage
========================= ====== ================ ======== ============
Rtvscan.exe                 1784 Console                 0      9,736 K

From the above information, I can see that rtvscan.exe is running on the system and that it has process ID (PID) 1794. I can verify that the process with PID 1784 is listening on port 2967 on the system using the netstat command. 

C:\>netstat -ano | find "1784"
UDP    0.0.0.0:1061           *:*                                    1784
UDP    0.0.0.0:2967           *:*                                    1784

You can create a firewall rule to allow the server to communicate with the client using the instructions at Configuring Windows XP Firewall for Symantec Antivirus Client through either a GUI or the command line. An example using the command line is shown below. The example below presumes the server's IP address is 192.168.0.33. 

C:\>netsh firewall set portopening protocol = UDP port = 2967 name = "Symantec A
ntiVirus Client Management" mode = ENABLE scope = CUSTOM 192.168.0.33
Ok.

You can verify the firewall now has the appropriate port opening with the netsh firewall show portopening command. 

C:\>netsh firewall show portopening

Port configuration for Domain profile:
Port   Protocol  Mode     Name
-------------------------------------------------------------------
10280  UDP       Enable   Windows Media Connect
10281  UDP       Enable   Windows Media Connect
10282  UDP       Enable   Windows Media Connect
10283  UDP       Enable   Windows Media Connect
10284  UDP       Enable   Windows Media Connect
10243  TCP       Enable   Windows Media Connect
22     TCP       Enable   OpenSSH
2967   UDP       Enable   Symantec AntiVirus Client Management
139    TCP       Enable   NetBIOS Session Service
445    TCP       Enable   SMB over TCP
137    UDP       Enable   NetBIOS Name Service
138    UDP       Enable   NetBIOS Datagram Service
1900   UDP       Enable   SSDP Component of UPnP Framework
2869   TCP       Enable   UPnP Framework over TCP

Port configuration for Standard profile:
Port   Protocol  Mode     Name
-------------------------------------------------------------------
10280  UDP       Enable   Windows Media Connect
10281  UDP       Enable   Windows Media Connect
10282  UDP       Enable   Windows Media Connect
10283  UDP       Enable   Windows Media Connect
10284  UDP       Enable   Windows Media Connect
10243  TCP       Enable   Windows Media Connect
139    TCP       Enable   NetBIOS Session Service
445    TCP       Enable   SMB over TCP
137    UDP       Enable   NetBIOS Name Service
138    UDP       Enable   NetBIOS Datagram Service
1900   UDP       Enable   SSDP Component of UPnP Framework
2869   TCP       Enable   UPnP Framework over TCP
3389   TCP       Enable   Remote Desktop

Port configuration for Local Area Connection:
Port   Protocol  Mode     Name
-------------------------------------------------------------------
3389   TCP       Enable   Remote Desktop

Or, alternatively, you can use the netsh firewall show state command. 

C:\>netsh firewall show state

Firewall status:
-------------------------------------------------------------------
Profile                           = Domain
Operational mode                  = Enable
Exception mode                    = Enable
Multicast/broadcast response mode = Enable
Notification mode                 = Enable
Group policy version              = Windows Firewall
Remote admin mode                 = Enable

Ports currently open on all network interfaces:
Port   Protocol  Version  Program
-------------------------------------------------------------------
10243  TCP       IPv4     (null)
10280  UDP       IPv4     (null)
10281  UDP       IPv4     (null)
10282  UDP       IPv4     (null)
10283  UDP       IPv4     (null)
10284  UDP       IPv4     (null)
135    TCP       IPv4     (null)
137    UDP       IPv4     (null)
139    TCP       IPv4     (null)
138    UDP       IPv4     (null)
3389   TCP       IPv4     (null)
445    TCP       IPv4     (null)
22     TCP       IPv4     C:\Program Files\Network\OpenSSH\usr\sbin\sshd.exe
1562   TCP       IPv4     C:\WINDOWS\SYSTEM32\SVCHOST.EXE
2869   TCP       IPv4     (null)
1900   UDP       IPv4     C:\WINDOWS\SYSTEM32\SVCHOST.EXE
2967   UDP       IPv4     C:\Program Files\Symantec_Client_Security\Symantec Ant
iVirus\Rtvscan.exe

Additional ports open on Local Area Connection:
Port   Protocol  Version
-------------------------------------------------------------------
3389   TCP       Any

The netsh firewall show state command will show you what program is listening on the port. In this case it shows that Rtvscan.exe is listening on port 2967

References:

  1. Configuring Windows XP Firewall for Symantec Antivirus Client
    Written: May 30, 2005
    MoonPoint Support

[/security/antivirus/symantec/SAV-Firewall] permanent link

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo