SmartScan (which uses server resources in an Akamai cloud to off-load scanning overhead) is a part of the Trend Worry Free Business Service anti-malware product. It fails to connect on Windows 8 devices behind the RT-AC68 running 376.45. However, the same Trend product works without flaw on Windows 7 devices behind the same router. The failing Windows 8 devices work perfectly on other networks or plugged into the Comcast boundary router that the Asus router is plugged into.
Config has some complexity with IP Tables entries for several static IP external-internal maps and a single port forward for the router IP itself.
I've cycled the firewall and DOS options without impact. Pings and tracert from the failing device to the targeted server work flawlessly. Wired and wireless makes no difference.
I've sent logs and wireshark files out the kazoo to Trend for help but until tonight never suspected the router of involvement since the Win 7 devices behind the router worked fine. But the fact that the Win 8 device works in front of the router and not behind it is rather interesting.
For info, ports used by the client which stay local to the network (clients share info to minimize network traffic):
Port 61117 (Broadcasting Server)
This is used to select which of the WFBS-SVC agents will be the Active/InActive agent. This is also used by the Active Agent (AA) to collect online/offline information and report it back to the server.
Port 61116 (HTTP Local Server)
This is used by the AA for component sharing, which includes (but is not limited to) configuration, pattern files, engines, hot fixes and the like.
Port 61119 (Downloader Listening Port)
This is used by the Downloader to receive all response before downloading the MSI package.
Port 21112 (Listening port)
This is used by the clients for communication with the AA/IA to get notifications.
Notify Client Update
Notify Client ScanNow
Notify Client Stop ScanNow
Notify Client ScanVA
Notify Client Uninstall
Notify Client Apply Firewall Settings
Notify Client Apply Opp Settings
Notify Client Apply Scan Mode( smart scan or traditional scan)
Notify Client Apply new Spyware Approved List
The internet server side connects via:
Port 443 (initiated by the client)
The WFBS-SVC server uses this port to communicate with the agents.
Port 5228, 5229, and 5230
This is used by Android devices. Set the outbound rule to android.apis.google.com. The Android device will connect to Google Cloud Messaging (GCM) through this port.
Port 5223, 2195 and 2196
This is used for iOS Devices. The iOS devices use these ports for APNs server communication, notification and feedback service. Communication Server communicates with Apple Push Notification Services via port 2195 and FQDN gateway.push.apple.com.
I'm at a loss and waiting for a response from Trend. Any history and suggestions on an approach? Any past lessons?
Don
Config has some complexity with IP Tables entries for several static IP external-internal maps and a single port forward for the router IP itself.
I've cycled the firewall and DOS options without impact. Pings and tracert from the failing device to the targeted server work flawlessly. Wired and wireless makes no difference.
I've sent logs and wireshark files out the kazoo to Trend for help but until tonight never suspected the router of involvement since the Win 7 devices behind the router worked fine. But the fact that the Win 8 device works in front of the router and not behind it is rather interesting.
For info, ports used by the client which stay local to the network (clients share info to minimize network traffic):
Port 61117 (Broadcasting Server)
This is used to select which of the WFBS-SVC agents will be the Active/InActive agent. This is also used by the Active Agent (AA) to collect online/offline information and report it back to the server.
Port 61116 (HTTP Local Server)
This is used by the AA for component sharing, which includes (but is not limited to) configuration, pattern files, engines, hot fixes and the like.
Port 61119 (Downloader Listening Port)
This is used by the Downloader to receive all response before downloading the MSI package.
Port 21112 (Listening port)
This is used by the clients for communication with the AA/IA to get notifications.
Notify Client Update
Notify Client ScanNow
Notify Client Stop ScanNow
Notify Client ScanVA
Notify Client Uninstall
Notify Client Apply Firewall Settings
Notify Client Apply Opp Settings
Notify Client Apply Scan Mode( smart scan or traditional scan)
Notify Client Apply new Spyware Approved List
The internet server side connects via:
Port 443 (initiated by the client)
The WFBS-SVC server uses this port to communicate with the agents.
Port 5228, 5229, and 5230
This is used by Android devices. Set the outbound rule to android.apis.google.com. The Android device will connect to Google Cloud Messaging (GCM) through this port.
Port 5223, 2195 and 2196
This is used for iOS Devices. The iOS devices use these ports for APNs server communication, notification and feedback service. Communication Server communicates with Apple Push Notification Services via port 2195 and FQDN gateway.push.apple.com.
I'm at a loss and waiting for a response from Trend. Any history and suggestions on an approach? Any past lessons?
Don