sábado, 4 de setembro de 2010

Panda Desktop HTTP Updates / Ports Used

Well, Panda products documentation altough it's pretty extensive sometimes do not tell you much. For instance, you want to know what ports are required for Panda Desktop to be able to periodically update it's definitions, what are these ports? This is what i will briefly discusse only based on my findings

If you have deployed Panda Antivirus Product in your company then you probably have configured a repository from which Panda Clients are able to fetch periodic updates. This repository can be configured trough regular network shared folder resources, or trough HTTP repository, where you may have a tomcat server serving the client requests. This second alternative is better, as the first one will lead to more unnecessary overhead ( ref.) .

After clients are deployed automatically, a .ini file is configured in each client machine containing a reference to the original server.

This server is the server the clients will query for updates, sending packets trough port 19226 (folder repository), if it does not succed he will try http repository port 8080, if it does not respond, he will try http repository with port 80:



If it still does not respond he will query the internet, where?
1. Regedit.exe
2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\Panda Administrator 3.0\PLAgent

URL is listed on the right side.

The username and password to access the updates are also defined here, altough encrypted.




In sum, the following ports are used from the client side, depending on your infrastructure scenario:

Port 19226
Port 80
Port 8080

This information was gathered using the tool CurrPorts and log analysing.

Panda logs are located in Pavupg folder. The file is called PAVupg.log

To get a detailed log use the command:

Pavupg -c:ALL

It will then try to update the virus definitions and you can analyse the results too.

Taken from http://netproble.blogspot.com/

1 comentário: