Windows Integrity HP Smart Update Manager User Guide
The HP Smart Update Manager cannot be run in directories containing double-byte characters
in the path name. Paths can be created with double-byte characters when using certain
versions of the operating system (for example, Japanese or Chinese).
• How do I use HP Smart Update Manager over a firewall? Which ports do I need to open?
Are they configurable?
The port that HP Smart Update Manager uses cannot be configured. When HP Smart Update
Manager initiates communications to remote targets, it uses several well-known ports
depending on the OS. For Windows, it uses ports 138 and 445 to connect to remote targets
(equivalent to net use functionality).
HP Smart Update Manager uses random ports above 49152 to communicate between the
remote target and the workstation where HP Smart Update Manager is executing. When
you run HP Smart Update Manager, it uses the administrator/root privileges to dynamically
register the port with the default Windows firewalls for the length of the application
execution, then closes and deregisters the port. All communications are over a SOAP server
using SSL with additional functionality to prevent man-in-the-middle, packet spoofing,
packet replay, and several other attack profiles. The randomness of the port is one of the
methods used to prevent port scanning software from denying service to the application.
The SOAP server is landed on the remote target using the initial ports described above (ports
138, 445, and 22) and then allocates another independent port above 49152 for its
communications back to the workstation where HP Smart Update Manager is running.
During shutdown of HP Smart Update Manager, the SOAP server is shutdown and removed
from the target server, leaving no trace it was there other than the log files in the
%WINDOWS%\temp directory.
38 Troubleshooting