MS SCCM is now using port 8005 for the Express Updates. Our McAfee IDS defaults to 8005. I just lost a huge amount of logging after systems were patched. I'm trying to understand why SCCM would choose this port. Any insight?
It's quite challenging to tell why SSCM uses 8005 Port.
NSP uses ports in series of 85xx and not 8005. Can you please confirm which port are you referring to?
Following document should help you to get list of Ports used by McAfee NSP product:
I don't see 8005 listed on the Knowledge Center. I'm not sure of specific configurations currently being once removed from the change order. This occurred after a series of patches, updates, and reboots.
I have recently had the same issue. After the managers were rebooted the NSP Manager service was unable to start.
The Manager logs showed the following error;
I'm looking at option for a permanent solution
NSM Service will fail to start if any required ports are being used. I would suggest you have a dedicated server for NSM.
I would suggest you stop SSCM and start manager service; then start SSCM again. This step should start the manager service and later try starting SSCM.