Video Screencast Help

Daily definition size

Created: 10 Nov 2011 • Updated: 16 Nov 2011 | 6 comments
This issue has been solved. See solution.

Hi,

Can some one help me with the below information?

What is the approximate amount of data received in the form of daily definitions by SEP 11.x client and SAV 10.x (daily definition size)

Comments 6 CommentsJump to latest comment

Mithun Sanghavi's picture

Hello,

Check this Thread:

https://www-secure.symantec.com/connect/forums/endpoint-protection-11-definition-update-size

Again, you can also check this Article:

http://www.symantec.com/docs/TECH102211

It states as below:

 

What are the sizes of the various packages that are sent between the Symantec Endpoint Protection client and manager?
The following are estimates of the size of packages that are sent between the Symantec Endpoint Protection client and manager:

  • Heartbeat (with no updates to be exchanged) - When there is no traffic to be exchanged (i.e. no profile to download and no logs to update) then the heartbeat is between 2 KB/s and 3 KB/s.
  • Policies (i.e. AV/AS, Firewall, OS Protection, Host Integrity) - Typically varies between 20 KB and 80 KB, but can increase if detailed rules are included, or OS protection templates are used. Generally, after you set your policies to suit your network needs, you do not modify them on a regular basis.
  • IPS Signature Updates - Files range between 50 KB and 100 KB. Symantec supplies updates approximately every quarter unless a specific threat or vulnerability needs to be addressed.
  • AV Signatures - 50 KB to 100 KB daily for clients, if you assume that the signatures are updated successfully every day.
  • Logs - Logs are compressed at the client before they are uploaded to the Symantec Endpoint Protection Manager. Approximately, 800 log entries take up 1KB of file space.

 

 

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SOLUTION
Galaxy S's picture

Thanks for the information.

Are the Daily AV signatures 50 KB to 100 KB (approximately) even for SAV 10.x client?? As the main detail I'm looking for, here, is the difference of Daily Defn size in SAV 10.x client and SEP 11.0...

Mithun Sanghavi's picture

Hello,

Yes. Even for SAV 10.x clients Daily AV signatures 50 KB to 100 KB (approximately).

Now, please MARK, it's AntiVirus definitions only.

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Paul Murgatroyd's picture

The key point here is that SAV10 clients can take a daily update for maybe 10 maximum (I'd have to check, but it may be less than that now).  Wheras a SEP client can take deltas from its management server for as long as you need, dependent on having the right amount of storage on the SEPM.

The SAV limit is hardcoded, as we supply deltas to the server for distribution.. With SEP, the server builds the deltas itself, so you have more flexibility.

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint

Galaxy S's picture

Thanks for the additional Information shared... It was informative and worth noting..