Port 1072: GFI LanGuard — Where security scanners phone home

What Runs on Port 1072

Port 1072 is the default port used by GFI LanGuard (version 12 and later) for agent communication. GFI LanGuard is network security and vulnerability management software that scans computers for missing patches, security vulnerabilities, and configuration issues.¹

Agents installed on monitored computers communicate with the LanGuard server through TCP port 1072, sending scan results, requesting program updates, and receiving instructions. Each day between 10 AM and 5 PM, agents check in to request new patch definitions and vulnerability information.²

The Registered Port Range

Port 1072 sits in the registered port range (1024-49151). Unlike well-known ports (0-1023) which are reserved for fundamental Internet services, registered ports are assigned by IANA to specific applications upon request. Companies and developers register ports to avoid conflicts—ensuring that when GFI LanGuard expects to find its agent communication on port 1072, nothing else is using that number.

If port 1072 is already occupied when GFI LanGuard installs, it automatically searches for an available port in the range 1072-1170.³

How Agent Communication Works

The LanGuard server listens on port 1072 for inbound connections from agents. When an agent completes a security scan of its host computer, it connects to the server and transmits:

• Detected vulnerabilities
• Missing patches
• Software inventory
• Configuration compliance status

The server processes these reports and displays them in a central management console. Without port 1072 accessible, agents cannot report their findings—the security scanner goes silent even though it's still collecting data locally.

Security Considerations

Firewall requirements: Port 1072 must be open between monitored computers and the LanGuard server. If firewall rules block this port, agents cannot communicate and will show as "Unable to contact server" in the console.⁴

Network exposure: Port 1072 should only be accessible within your internal network. Exposing LanGuard's agent communication port to the Internet would allow attackers to potentially send false security reports or attempt to exploit the communication protocol.

Apache dependency: GFI LanGuard runs an Apache server component to handle agent communications. If Apache stops running, port 1072 stops accepting connections and all agent communication fails.⁵

Common Issues

Port already in use: Another application claimed port 1072 before LanGuard started. Check what's listening with netstat -ano | findstr 1072 on Windows or lsof -i :1072 on Linux.

Agent shows as offline: The agent cannot reach the server on port 1072. Verify firewall rules, check that the Apache service is running, and confirm the server is listening on the correct port.

Version mismatch: LanGuard version 11 and earlier used port 1070 by default. If you're running mixed versions, agents and servers may be trying to communicate on different ports.

Checking What's Listening

To see if something is listening on port 1072:

Windows:

netstat -ano | findstr :1072

Linux/macOS:

lsof -i :1072
ss -tulpn | grep 1072

If you see a process listening on port 1072 and you don't have GFI LanGuard installed, investigate immediately—unauthorized software may be running.

Why Unassigned Ports Matter

Most ports in the registered range don't have official assignments. Port 1072 is an exception—it's claimed by GFI for a specific purpose. But thousands of registered ports remain unassigned, available for future applications or temporary use.

These unassigned ports serve as the Internet's expansion space. When developers create new network protocols, they need port numbers. The registered range provides that space while preventing chaos—IANA coordination ensures two popular applications don't accidentally choose the same port and conflict worldwide.

Port 1072 started as just another number. Then GFI registered it. Now it carries vulnerability reports across thousands of corporate networks. That's how ports become meaningful—one application at a time.

Related Ports

• Port 1070: GFI LanGuard agent communication (version 11 and earlier)
• Port 80/443: Used by LanGuard for downloading patch definitions and updates
• Port 135, 139, 445: Windows ports used by LanGuard for agentless scanning