Endpoint Protection

When server getting definition from Symantec lu server what the size of definition(kb, mb, gb) and where this information store?

Hello,

Check this Thread:

https://www-secure.symantec.com/connect/forums/endpoint-protection-11-definition-update-size

Again, you can also check this Article:

http://www.symantec.com/docs/TECH102211

It states as below:

What are the sizes of the various packages that are sent between the Symantec Endpoint Protection client and manager?
The following are estimates of the size of packages that are sent between the Symantec Endpoint Protection client and manager:

• Heartbeat (with no updates to be exchanged) - When there is no traffic to be exchanged (i.e. no profile to download and no logs to update) then the heartbeat is between 2 KB/s and 3 KB/s.
• Policies (i.e. AV/AS, Firewall, OS Protection, Host Integrity) - Typically varies between 20 KB and 80 KB, but can increase if detailed rules are included, or OS protection templates are used. Generally, after you set your policies to suit your network needs, you do not modify them on a regular basis.
• IPS Signature Updates - Files range between 50 KB and 100 KB. Symantec supplies updates approximately every quarter unless a specific threat or vulnerability needs to be addressed.
• AV Signatures - 50 KB to 100 KB daily for clients, if you assume that the signatures are updated successfully every day.
• Logs - Logs are compressed at the client before they are uploaded to the Symantec Endpoint Protection Manager. Approximately, 800 log entries take up 1KB of file space.

 

For more indepth understanding, you check the Log.liveupdate (incase of SEP 11.x) and Log.lue (incase of SEP 12.1)

Log.liveupdate could be found under -

Windows 2003: C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate
Windows 2008: C:\ProgramData\Symantec\LiveUpdate

whereas,

Log.lue could be found under -

On Windows XP and Windows server 2003:
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\<silo_id>\Data\Lue\Logs
On Windows Vista, Windows 7, and Windows Server 2008:
C:\Program Data\Symantec\Symantec Endpoint Protection\<version number>\Data\Lue\Logs

Look for "estimated file size" and This file size will indicate the total package size that was requested from the SEPM.

NOTE: The value would in bytes, so if full content update will be around 77 MB (77,000,000 bytes).

Hope that helps!!

HI,

Check this same query related thread

https://www-secure.symantec.com/connect/forums/current-defintion-size

Hello,

 

Check this Thread:

https://www-secure.symantec.com/connect/forums/endpoint-protection-11-definition-update-size

Again, you can also check this Article:

http://www.symantec.com/docs/TECH102211

Some information about that - this articles has been updated recently:

Drive Space used by Virus Definitions Updates

http://www.symantec.com/docs/TECH141811

 

Folders used to store virus definitions on SEPM:

- Liveupdate downloads them first to: C:\ProgramData\Symantec\Liveupdate\Downloads\

- SEPM stores its copy in: C:\ProgramData\Symantec\Definitions\SymcData

- SEPM folder for definition dristribution to clients: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\content\

- SEP clients store its definitions in: C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Definitions\

... those are examples out of 64bit OS - for 32bit use Program files instead of Program files (x86), for OS older than 2008 Server use Documment and Settings\All Users\Application Data instead of Program Data.

Thank you for marking your solution.