Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Definition size

Created: 27 Jan 2013 • Updated: 28 Jan 2013 | 5 comments
This issue has been solved. See solution.

When server getting definition from Symantec lu server what the size of definition(kb, mb, gb) and where this information store?

Discussion Filed Under:

Comments 5 CommentsJump to latest comment

Mithun Sanghavi's picture

Hello,

Check this Thread:

https://www-secure.symantec.com/connect/forums/endpoint-protection-11-definition-update-size

Again, you can also check this Article:

http://www.symantec.com/docs/TECH102211

It states as below:

What are the sizes of the various packages that are sent between the Symantec Endpoint Protection client and manager?
The following are estimates of the size of packages that are sent between the Symantec Endpoint Protection client and manager:

  • Heartbeat (with no updates to be exchanged) - When there is no traffic to be exchanged (i.e. no profile to download and no logs to update) then the heartbeat is between 2 KB/s and 3 KB/s.
  • Policies (i.e. AV/AS, Firewall, OS Protection, Host Integrity) - Typically varies between 20 KB and 80 KB, but can increase if detailed rules are included, or OS protection templates are used. Generally, after you set your policies to suit your network needs, you do not modify them on a regular basis.
  • IPS Signature Updates - Files range between 50 KB and 100 KB. Symantec supplies updates approximately every quarter unless a specific threat or vulnerability needs to be addressed.
  • AV Signatures - 50 KB to 100 KB daily for clients, if you assume that the signatures are updated successfully every day.
  • Logs - Logs are compressed at the client before they are uploaded to the Symantec Endpoint Protection Manager. Approximately, 800 log entries take up 1KB of file space.

 

For more indepth understanding, you check the Log.liveupdate (incase of SEP 11.x) and Log.lue (incase of SEP 12.1)

Log.liveupdate could be found under -

Windows 2003: C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate
Windows 2008: C:\ProgramData\Symantec\LiveUpdate

whereas,

Log.lue could be found under -

On Windows XP and Windows server 2003:
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\<silo_id>\Data\Lue\Logs
On Windows Vista, Windows 7, and Windows Server 2008:
C:\Program Data\Symantec\Symantec Endpoint Protection\<version number>\Data\Lue\Logs

Look for "estimated file size" and This file size will indicate the total package size that was requested from the SEPM.

NOTE: The value would in bytes, so if full content update will be around 77 MB (77,000,000 bytes).

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SOLUTION
Ashish-Sharma's picture

HI,

Check this same query related thread

https://www-secure.symantec.com/connect/forums/cur...

Thanks In Advance

Ashish Sharma

 

 

Ambesh_444's picture

Hello,

 

Check this Thread:

https://www-secure.symantec.com/connect/forums/endpoint-protection-11-definition-update-size

Again, you can also check this Article:

http://www.symantec.com/docs/TECH102211

 

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

SebastianZ's picture

Some information about that - this articles has been updated recently:

Drive Space used by Virus Definitions Updates

http://www.symantec.com/docs/TECH141811

 

Folders used to store virus definitions on SEPM:

- Liveupdate downloads them first to: C:\ProgramData\Symantec\Liveupdate\Downloads\

- SEPM stores its copy in: C:\ProgramData\Symantec\Definitions\SymcData

- SEPM folder for definition dristribution to clients: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\content\

- SEP clients store its definitions in: C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Definitions\

... those are examples out of 64bit OS - for 32bit use Program files instead of Program files (x86), for OS older than 2008 Server use Documment and Settings\All Users\Application Data instead of Program Data.

Ambesh_444's picture

Thank you for marking your solution.

 

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."