Endpoint Protection

 View Only

  • 1.  Deffination Traffic

    Posted Jun 06, 2011 05:50 PM

    We just want to know, When ILU downloads full Definition from Internet , then ILU distributes complete Definition or Incremental to SEPM and secondly when SEPM distribute definition to desktop's or server , then it transfer Incremental or Complete.

     

    If ILU distribute complete definition or incremental, so where we can see these thing.( Transferring  or size of the files )

    Same case with SEPM to desktop where we can see , SEPM transfer incremental or full definition

    If have any Symantec article that we will helpful for me.



  • 2.  RE: Deffination Traffic
    Best Answer

    Posted Jun 06, 2011 06:26 PM

    I think if the machine has not connected to the Symantec site for more than 30 days, it download the full defs.

    There was kb, i am not able to find that.

    In case of SEPM , it depends on the no of content revision to keep is set.

     

    Say the value is 10

    And if symantec upadtes the defs 3 time a day, so in that case if the client connects to the SEPM after 4 days it would download the full def



  • 3.  RE: Deffination Traffic

    Broadcom Employee
    Posted Jun 07, 2011 02:01 AM

    SEPM will download the full definition from ILU. From SEPM to SEP client it will be delta assuming the SEPM is able to generate delta based on the client request.



  • 4.  RE: Deffination Traffic

    Posted Jun 07, 2011 03:53 PM

    The determining factor in figuring whether deltas will be downloaded or the full definition, at least when using GUPs, is the "Delete content updates if unused (days)" setting. Go to your LiveUpdate setting in the folder you're working with, then go to "Server Settings". Click on "Group Update Provider..." The "Delete content updates if unused (days)" is how many days worth of deltas will be held on the server. If a client is out of date by more than that amount of time, a full definition set will need to be downloaded. We learned this the hard way when someone turned off their computer over a long holiday weekend. When they turned it back on the following week, their machine (and in turn, the GUP and the SEPM server) had to download the full definition set. The full defs are at least 80MB and it wouldn't surprise me if they are over 100MB. I increased this from the default of 3 days to 10 days. This way, even if someone turns off their computer when they leave for a 1 week vacation, they can still just get the deltas without taking a long time or clogging the data pipe.



  • 5.  RE: Deffination Traffic

    Trusted Advisor
    Posted Jun 10, 2011 10:03 AM

    Hello,

    Here few Amazing Article which explains all:

    FOR SEPM TO SEP CLIENTS

     

    1) Determining how clients get content

     
    2) How are virus definitions distributed from the Symantec Endpoint Protection Manager?

    http://www.symantec.com/docs/HOWTO53175

    3) With default LiveUpdate content revision settings configured within the Symantec Endpoint Protection Manager, clients are downloading full definition updates instead of delta updates
     
     
    4) How to manually force the creation of content deltas
     
     
    5) Symantec Endpoint Protection clients download full definitions from Group Update Provider or from Symantec Endpoint Protection Manager
     
     
     
     
     
    ILU TO CLIENTS
     
    1) LiveUpdate Administrator Architecture, Sizing, and Performance Recommendations
     
     
    2) Testing Updates in LiveUpdate Administrator 2.x (LUA 2.x)
     
     
    3) Determining the definitions available to clients on a Symantec Endpoint Protection Manager