Video Screencast Help
Search Video Help Close Back
to help

Definition size

Created: 27 Jan 2013 | Updated: 28 Jan 2013 | 5 comments
canumahajan's picture
canumahajan
0 0 Votes
Login to vote
This issue has been solved. See solution.

When server getting definition from Symantec lu server what the size of definition(kb, mb, gb) and where this information store?

Discussion Filed Under:
,

Comments 5 CommentsJump to latest comment

Mithun Sanghavi's picture
Mithun Sanghavi Symantec Employee Technical Support Accredited
Definition size - Comment:27 Jan 2013 : Link

Hello,

Check this Thread:

https://www-secure.symantec.com/connect/forums/endpoint-protection-11-definition-update-size

Again, you can also check this Article:

http://www.symantec.com/docs/TECH102211

It states as below:

What are the sizes of the various packages that are sent between the Symantec Endpoint Protection client and manager?
The following are estimates of the size of packages that are sent between the Symantec Endpoint Protection client and manager:

  • Heartbeat (with no updates to be exchanged) - When there is no traffic to be exchanged (i.e. no profile to download and no logs to update) then the heartbeat is between 2 KB/s and 3 KB/s.
  • Policies (i.e. AV/AS, Firewall, OS Protection, Host Integrity) - Typically varies between 20 KB and 80 KB, but can increase if detailed rules are included, or OS protection templates are used. Generally, after you set your policies to suit your network needs, you do not modify them on a regular basis.
  • IPS Signature Updates - Files range between 50 KB and 100 KB. Symantec supplies updates approximately every quarter unless a specific threat or vulnerability needs to be addressed.
  • AV Signatures - 50 KB to 100 KB daily for clients, if you assume that the signatures are updated successfully every day.
  • Logs - Logs are compressed at the client before they are uploaded to the Symantec Endpoint Protection Manager. Approximately, 800 log entries take up 1KB of file space.

 

For more indepth understanding, you check the Log.liveupdate (incase of SEP 11.x) and Log.lue (incase of SEP 12.1)

Log.liveupdate could be found under -

Windows 2003: C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate
Windows 2008: C:\ProgramData\Symantec\LiveUpdate

whereas,

Log.lue could be found under -

On Windows XP and Windows server 2003:
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\<silo_id>\Data\Lue\Logs
On Windows Vista, Windows 7, and Windows Server 2008:
C:\Program Data\Symantec\Symantec Endpoint Protection\<version number>\Data\Lue\Logs

Look for "estimated file size" and This file size will indicate the total package size that was requested from the SEPM.

NOTE: The value would in bytes, so if full content update will be around 77 MB (77,000,000 bytes).

Hope that helps!!

Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3

Twitter: @mithun_sanghavi

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a

SOLUTION
0
Login to vote
  • Actions
Ashish-Sharma's picture
Ashish-Sharma
Definition size - Comment:27 Jan 2013 : Link

HI,

Check this same query related thread

https://www-secure.symantec.com/connect/forums/cur...

Thanks In Advance

Ashish Sharma

SEPM Knowledgebase Documents  

 

+1
Login to vote
  • Actions
Ambesh_444's picture
Ambesh_444 Partner Accredited
Definition size - Comment:27 Jan 2013 : Link

Hello,

 

Check this Thread:

https://www-secure.symantec.com/connect/forums/endpoint-protection-11-definition-update-size

Again, you can also check this Article:

http://www.symantec.com/docs/TECH102211

 

Thank& Regards,

Ambesh

Please mark your thread as 'SOLVED' with the answer that helps you.

0
Login to vote
  • Actions
SebastianZ's picture
SebastianZ Symantec Employee
Definition size - Comment:28 Jan 2013 : Link

Some information about that - this articles has been updated recently:

Drive Space used by Virus Definitions Updates

http://www.symantec.com/docs/TECH141811

 

Folders used to store virus definitions on SEPM:

- Liveupdate downloads them first to: C:\ProgramData\Symantec\Liveupdate\Downloads\

- SEPM stores its copy in: C:\ProgramData\Symantec\Definitions\SymcData

- SEPM folder for definition dristribution to clients: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\content\

- SEP clients store its definitions in: C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Definitions\

... those are examples out of 64bit OS - for 32bit use Program files instead of Program files (x86), for OS older than 2008 Server use Documment and Settings\All Users\Application Data instead of Program Data.

+1
Login to vote
  • Actions
Ambesh_444's picture
Ambesh_444 Partner Accredited
Definition size - Comment:28 Jan 2013 : Link

Thank you for marking your solution.

 

Thank& Regards,

Ambesh

Please mark your thread as 'SOLVED' with the answer that helps you.

0
Login to vote
  • Actions