Symantec Endpoint Protection clients download full definitions from Group Update Provider or from Symantec Endpoint Protection Manager

Article:TECH122612  |  Created: 2010-01-21  |  Updated: 2011-03-09  |  Article URL http://www.symantec.com/docs/TECH122612
Article Type
Technical Solution


Issue



You notice a large amount of bandwidth is consumed as Symantec Endpoint Protection clients are downloading full definitions from the Group Update Provider (GUP) or from the Symantec Endpoint Protection Manager (SEPM) . This issue was reported against Symantec Endpoint Protection 11.0.5002.333 (MR5).

Symptoms
0 kb dax files on the SEPM

Large number of groups on SEPM
Low resources and/or High CPU on SEPM


Cause



This is caused 0 byte deltas that are created before the full.zip can be extracted, thus causing the GUP or SEPM to distribute full definitions (full.zip) instead. In some instances, it takes longer then normal to extract the full.zip and when the clients check-in for content updates and before the extraction of the full.zip is completed, this causes the XDelta to generate 0 byte .dax files.

Example from scm-server log: 2010-01-19 04:14:12.562 SEVERE: DeltaContentTask.generateDeltaContent FAILED 4: 2010-01-19 04:14:12.562 SEVERE: CODE -1:

Example of issue:

See how the 0 byte .dax files are generated before the Full directory can be extracted:

 


Solution



This problem is fixed in Symantec Endpoint Protection 11.0.6100.645 (RU6MP1). For information on how to obtain the latest build of Symantec Endpoint Protection, read Obtaining an upgrade or update for Symantec Endpoint Protection  http://www.symantec.com/docs/TECH103088

 


Supplemental Materials

SourceETrack
Value1950212

Legacy ID



2010012109152248


Article URL http://www.symantec.com/docs/TECH122612


Terms of use for this information are found in Legal Notices