We use Citrix Branch Repeaters at all our locatoins. Using the monitoring tools in Citrix, we disovered a bug in Symantec Endpoint where clients download part of an update, which fails. Then the clients attempt re-download this same update over and over non stop. Because client updates do not use the GUP but go to the SEPM, the bandwidth limiting specified for the GUP does not apply.
I have a thread in this forum about it. The fix was to delete the failed download of the SEP update from the Symantec folder on the client PCs.
Another alternative is to remove the client update package from the groups in SEPM. Or move these clients into their own group as previously mentioned, and create a new install package for them.
Not sure if that is what you are seeing, however that bug was causing a constant 40Mbps avg of traffic to the SEPM. 80Mbps bursts.