With default LiveUpdate content revision settings configured within the Symantec Endpoint Protection Manager, clients are downloading full definition updates instead of delta updates

Article:TECH94916  |  Created: 2009-01-07  |  Updated: 2011-12-13  |  Article URL http://www.symantec.com/docs/TECH94916
Article Type
Technical Solution


Environment

Issue



The clients download full content updates with default LiveUpdate configuration in Symantec Endpoint Protection Manager (SEPM)



Error



Symptoms

The clients are downloading full content updates instead of delta updates from SEPM.


The size of full content is around 100 MB* and the clients (which have not reported to SEPM for more than a certain number of days) are downloading 100 MB* of content from SEPM.


Cause



This is working as designed. There are two criteria for the clients to download full content:

  • The client definitions are corrupted and can not be recovered locally.
  • The definition revision on the client at the time of check-in is not present in SEPM.

By default, SEPM is configured to keep only three revisions if 500 or less clients were chosen during the SEPM installation, 10 revisions if 500 to 1,000 clients were chosen during the SEPM installation, or 30 revisions if more than 1,000 clients were chosen during the SEPM installation, and LiveUpdate for the SEPM will run every four hours. On average, Symantec releases Symantec Endpoint Protection (SEP) Certified Definitions three times a day. Essentially, three revisions is a day's worth of definitions. For example, if a client checks in after two days with the SEPM configured to maintain only three revisions, then the client's definition set will be older than any revision stored in the SEPM. Therefore, a delta content package cannot be built, and the full definitions package (full.zip) will be sent to the client instead.


Solution



Open SEPM Console.

  1. Go to the Admin > Server > Properties of Local site in SEPM > LiveUpdate.
  2. Increase the "Number of content revisions to keep" to a higher number which suits your requirement.


Note: Increasing the above setting will directly effect the SEPM's hard drive space, as more content revisions will be stored in [Root]:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content. It will also increase the space used to store content revisions in the Database.

 

* Reference value for the beginning of the year 2011. Because of new threats and variants being regularly appearing "in the wild", the size of virus definitions tends to increase with time.




Legacy ID



2009070719483348


Article URL http://www.symantec.com/docs/TECH94916


Terms of use for this information are found in Legal Notices