Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

Daily download very big for SEP 11.x

Migration User

Migration UserNov 28, 2011 11:27 AM

It's 11.0.7100

  • 1.  Daily download very big for SEP 11.x

    Posted Nov 28, 2011 09:32 AM

    Hello

    I have a big problem,

    Some of my client SEP 11.x, have sometime a big saily download 160Mb

    I dont see how, because normaly, only virus definitions must be upload.

     

    And my wan is very impacted by this !

    Thanks for your help

     

    ps: sorry for my poor english, i m french



  • 2.  RE: Daily download very big for SEP 11.x

    Posted Nov 28, 2011 09:58 AM

    kindly check the content from inetpub\content directory

    also re install liveupdate on 1 affected machine which is downlaoding data in 160mb

    http://www.symantec.com/business/support/index?page=content&id=TECH102609&actp=search&viewlocale=en_US&searchid=1322492272046



  • 3.  RE: Daily download very big for SEP 11.x

    Posted Nov 28, 2011 10:15 AM

    Hello

    in my D:\SYMANTEC\Symantec Endpoint Protection Manager\Inetpub\content

    content is 2.5Gb (all my symantec product upgrade)

     

    i only reinstall on my pc client liveupdate; not endpoint client?



  • 4.  RE: Daily download very big for SEP 11.x

    Posted Nov 28, 2011 10:27 AM

    yes only reinstall liveupdate not the entire client



  • 5.  RE: Daily download very big for SEP 11.x

    Posted Nov 28, 2011 10:37 AM

    Other information

    in my server SEP manager :

    D:\SYMANTEC\Symantec Endpoint Protection Manager\Inetpub\content\{C60DC234-65F9-4674-94AE-62158EFCA433}\111127005\ with FULL.zip (160Mb)

    D:\SYMANTEC\Symantec Endpoint Protection Manager\Inetpub\content\{C60DC234-65F9-4674-94AE-62158EFCA433}\1111240365\ with FULL.zip (160Mb)

     

     

    and on my PC client, i have strange thing :

    c:\program Files\Fichiers communs\Symantec Shared\VirusDefs

    i have lot of folder who is definition virus, but not only one

    20111123.036 (280Mb)

    20111124.036 (281Mb)

    20111127.005 (281Mb)

     

    I dont understand who dont send only modified definition.

     



  • 6.  RE: Daily download very big for SEP 11.x

    Posted Nov 28, 2011 10:48 AM

    you are correct the client should only get the delta file and not the full.zip from sepm unless the client is not communicating to sepm so after reinstall liveupdate this client should download delta file only which you can monitor



  • 7.  RE: Daily download very big for SEP 11.x

    Trusted Advisor
    Posted Nov 28, 2011 11:06 AM

    Hello,

    Could you let us know what version of SEP are you carrying??

    This issue was a known issue in versions prior to SEP RU7.

    This issue is Fixed in SEP RU7.

    Please make sure you are carrying the Latest version or SEP RU7 and above.

    I am sure that would help.



  • 8.  RE: Daily download very big for SEP 11.x

    Posted Nov 28, 2011 11:21 AM

    thanks for all you replies

     

    My SEP client version : 11.0.5002.333

    it s RU7 ?



  • 9.  RE: Daily download very big for SEP 11.x

    Posted Nov 28, 2011 11:27 AM

    It's 11.0.7100



  • 10.  RE: Daily download very big for SEP 11.x

    Trusted Advisor
    Posted Nov 28, 2011 11:53 AM

    Hello,

    Please Migrate to the Latest version and that should solve the issue.

    The Latest version of SEP is SEP RU7 MP1

    Check this Article:

    Migrating to Symantec Endpoint Protection 11.0.7101 (RU7 MP1)

    http://www.symantec.com/docs/TECH171552

    You could download the same version from: https://fileconnect.symantec.com/

    Hope that helps!!




  • 11.  RE: Daily download very big for SEP 11.x

    Posted Nov 28, 2011 01:53 PM

    How many content revisions are you keeping? See under Admin > Servers > Local Site > Edit Site Properties > LiveUpdate > Number of content revisions in your SEPM console.

    If you have only 3 or 4 revisions, it's totally normal that some clients are pulling full content (as you say, about 160 MB). A client whose youngest content revision is older than the oldest content revision of the SEPM has to pull full content. That can happen after a long weekend or a short vacation. The reason is that SEPM can only produce tiny content packages (delta files) if the content revision times of SEPM and client overlap..

    Symantec is delivering about 3 revisions per day. If your SEPM is downloading every 4 hours, you get 3 revisions per day. If you want to cover a week, you have to save 21 content revisions. Of course, if you are just updating once a day, 7 content revisions are enough.

    The more content revisions you save, the rarer your clients will pull the full download.

    But be aware that you need about 18GB for 21 content revisions (and the size grows slowly, but constantly). It's a trade-off.



  • 12.  RE: Daily download very big for SEP 11.x

    Posted Nov 29, 2011 03:54 AM

    Thanks Greg

    I look my parameter

    Number of content revisions : 10

    Execute liveupdate : every 4 hours

     

    If i understand, if i want to have  10 but cover a week, i must Execute liveupdate  1 time per day and stay in 10 revisions ?

    or Execute liveupadte 1 time per day but put 21 revisions?



  • 13.  RE: Daily download very big for SEP 11.x

    Trusted Advisor
    Posted Nov 29, 2011 06:24 AM

    Hello,

    By default the Symantec Endpoint Protection Manager downloads and keeps a particular number of virus defintion revisions in its repositories based on the type of install performed: 

      • Simple: A management server that manages fewer than 100 clients and uses an embedded database.
        • 3 revisions
      • Advanced: A management server that manages more than 100 clients or if you want to customize the configuration.
        • Between 100 and 500 = 3 revisions
        • Between 500 and 1,000 = 10 revisions
        • More than 1,000 = 30 revisions

    This number can be lowered to help reduce the amount of disk space that is used by content revisions. The Symantec Endpoint Protection Manager must have previous content revisions stored in order to create a "delta", or differential, capable of updating a client from its version of that content type to the most recent type. 

    Reference: 

    Disk Space Management procedures for the Symantec Endpoint Protection Manager

    http://www.symantec.com/docs/TECH96214

    Hope that helps!!



  • 14.  RE: Daily download very big for SEP 11.x

    Posted Nov 30, 2011 03:16 PM

    Number of content revisions : 10

    Execute liveupdate : every 4 hours

    That means that you are covering about 10/3 = ~3 days. Not surprising that some clients are pulling the full content sometimes.

    If i understand, if i want to have  10 but cover a week, i must Execute liveupdate  1 time per day and stay in 10 revisions ?

    Yes. You can even lower the number a bit to 7 or 8 for a week. For security reasons, it's better to update every 4 hours, though.

    or Execute liveupadte 1 time per day but put 21 revisions?

    In this case, you would cover 3 weeks.



  • 15.  RE: Daily download very big for SEP 11.x

    Posted Dec 15, 2011 11:25 AM

    Ok, put you recommandation :

    Number of content revisions : 22

    Execute liveupdate : every 12 hours

     

    normally i must have 11 days ?

     

    but some client with only 3 days disconnected, take the full package ~160Mo insted of 6 lasts revisions ~1Mo

     

    I dont understand why i take a full version and not only the little package of my revision.

     

     



  • 16.  RE: Daily download very big for SEP 11.x

    Posted Dec 15, 2011 05:49 PM

    Execute liveupdate : every 12 hours

    normally i must have 11 days ?

    Yes, roughly.

    but some client with only 3 days disconnected, take the full package ~160Mo insted of 6 lasts revisions ~1Mo

    When did you change the settings? Perhaps the 22 content revisions aren't complete. Have a look in this folder where the content (only antivirus) is saved on the SEPM:

    <SEPM installation folder>\inetpub\content\{C60D... (32-bit)
    <SEPM installation folder>\inetpub\content\{1CD8... (64-bit)

    Every folder with the name format YYMMDDnnn (nnn = revision number) is a content version. If clients have content which is older than the folder with the oldest date, the client has to pull 160 MB.



  • 17.  RE: Daily download very big for SEP 11.x

    Posted Dec 23, 2011 05:55 AM

    Thanks Greg

     

    I dont understand

    One PC connect every 7 days, but it take the full package .zip, not only short revision.

    |   <SEPM installation folder>\inetpub\content\{C60D... (32-bit)
    |   <SEPM installation folder>\inetpub\content\{1CD8... (64-bit) 

    I look this 2 folders, all my revison are OK

    all content full.zip, and files named xdeltaYYMMDDnnn.dax / .dax.sig

     



  • 18.  RE: Daily download very big for SEP 11.x

    Posted Dec 23, 2011 10:37 AM

    One PC connect every 7 days, but it take the full package .zip, not only short revision.

    Not nice wink

    Perhaps the client has other problems. See this documents to check:

    Symantec Endpoint Protection: LiveUpdate Troubleshooting Flowchart

    http://www.symantec.com/docs/TECH95790

    Troubleshooting Client Communication with SEPM

    http://www.symantec.com/docs/TECH95789

     

    all content full.zip, and files named xdeltaYYMMDDnnn.dax / .dax.sig

    The .dax files are the delta files of the clients which are behaving well.