Is it possible to change Sophos ports 8192, 8193?

I've found plenty of guides to change Sophos port 8194 on Windows, but none to change ports 8192 and 8193. I'm using Windows Server 2016. Is this possible? If so, how?

  • Hi Calvin,

    Although this might be possible it will likely break things and isn't supported.  You could modify the hex key in C:\Program Files (x86)\Sophos\Remote Management System\mrinit.conf and run ClientMRInit.exe in the same folder.  I would suspect if you change it here you will also need to change it on all your machines as they will still attempt to connect to each other on 8192.

  • Hello Calvin Miner,

    the SESC Console forum is, maybe, the better place for this question.
    First of all, is this a theoretical question or where does this need come from?

    Port 8193 isn't used, but if it is already acquired by some other application this might prevent the startup of the Message Router service (haven't tested it). How a managed endpoint client locates the management server mentions [t]he 'ClientIORPort', by default 8192 so I assume it's permissible to change it even though it is not documented. I assume there aren't many reports of conflicts w.r.t. port 8192, if at all.

    Christian

  • In reply to QC:

    This isn't hypothetical, I have software that needs to listen on these ports.

     

    I see RouterNT.exe always listening on 8192 and 8193 (and 9194 after configuring that). The local address is 0.0.0.0:8191 and 0.0.0.0:8192. Foreign port is 0.0.0.0:0 and 0.0.0.0:0. I'm not expert on networking, but this sounds like a loopback.

     

    Thanks for the suggestions and background. I'll put this question in SESC console forum.

  • In reply to Calvin Miner:

    Hello Calvin Miner,

    I'll put this question in SESC console forum
    please note that you only have to join the SESC group, then this thread can be moved.

    As to the meaning of these Local and Foreign addresses (without going into too many details, example addresses are IPv4):
    An application can either listen on a specific local address (interface) or on any interface, and usually on a specific port. Any is denoted by all zeros, e.g. 0.0.0.0:8192. If an application intends to accept only loopback connections it'd use e.g. 127.0.0.1:8888. And as long as no connection is established (i.e. the status is LISTENING) the Foreign Address is all zeros. Once a connection is established it shows the address on the other side.

    Christian