How does the Sweep function work?

The database sweep function can be triggered manually or automatically. It is triggered automatically when the number of records exceeds the value entered on the Policy Manager, or exceeds the time limit listed on the Policy Manager.

The sweep function works by using two tables for each log type. The server will start out by putting logs into one of the tables (call it Table1).

Once the sweep gets done the server will switch to use the second table (call it Table2) and start storing any new logs into this second table.

Before the server switches to Table2 it will remove all logs from Table2.  Table1 will still have all the logs it collected. Then once the sweep function is run again the server will switch back to Table1, removing all logs from Table1, but keeping the logs that were collected during the time it was using Table2. The server will basically switch back and forth between these two tables each time the sweep function is called, clearing that one table before using it.

After you configure database maintenance options from the Admin > Servers page, on the Database tab of the Site Properties dialog box in the Symantec Endpoint Protection Manager Console, the new options are not picked up by the database maintenance task. To have the options take effect, you can stop and start the database maintenance task by typing the following URLs in this order from a web browser located on the Symantec Endpoint Protection Manager server:

To stop a database maintainance task:
https://localhost:8443/servlet/ConsoleServlet?ActionType=ConfigServer&action=StopTask&task=AgentSweepingTask

To start  a database maintainance task
https://localhost:8443/servlet/ConsoleServlet?ActionType=ConfigServer&action=StartTask&task=AgentSweepingTask

Alternatively, you can log out of the console and restart the Symantec Endpoint Protection Manager service from the Task Manager.