Symantec Endpoint Protection clients download full definitions from Group Update Provider or from Symantec Endpoint Protection Manager
|Article:TECH122612|||||Created: 2010-01-21|||||Updated: 2011-03-09|||||Article URL http://www.symantec.com/docs/TECH122612|
You notice a large amount of bandwidth is consumed as Symantec Endpoint Protection clients are downloading full definitions from the Group Update Provider (GUP) or from the Symantec Endpoint Protection Manager (SEPM) . This issue was reported against Symantec Endpoint Protection 11.0.5002.333 (MR5).
0 kb dax files on the SEPM
Large number of groups on SEPM
Low resources and/or High CPU on SEPM
This is caused 0 byte deltas that are created before the full.zip can be extracted, thus causing the GUP or SEPM to distribute full definitions (full.zip) instead. In some instances, it takes longer then normal to extract the full.zip and when the clients check-in for content updates and before the extraction of the full.zip is completed, this causes the XDelta to generate 0 byte .dax files.
Example from scm-server log: 2010-01-19 04:14:12.562 SEVERE: DeltaContentTask.generateDeltaContent FAILED 4: 2010-01-19 04:14:12.562 SEVERE: CODE -1:
Example of issue:
See how the 0 byte .dax files are generated before the Full directory can be extracted:
This problem is fixed in Symantec Endpoint Protection 11.0.6100.645 (RU6MP1). For information on how to obtain the latest build of Symantec Endpoint Protection, read Obtaining an upgrade or update for Symantec Endpoint Protection http://www.symantec.com/docs/TECH103088
Article URL http://www.symantec.com/docs/TECH122612