Video Screencast Help

EndPoint Protection using too much disk: can I re-install and solve problem?

Created: 25 Mar 2013 • Updated: 19 Apr 2013 | 12 comments
This issue has been solved. See solution.

This old server has a tiny C drive. I researched the problems with LIveUpdate using up lots of space, and have found lots of inconsistencies on disk folder locations with the Symantec sources I found (Mick2009).

Also, SEP did not install with LUA.

This 2003 win sbs server had an old installation of LiveUpdate from when we used Symantec Antivirus products a few years ago. I did uninstall the antivirus, but not the liveupdate

When I install SEP on the e drive, I find after 3 days 13 GB of space has been used, but i can only find  2 GB in e:\program files\....SEP\data\backup.

all I want is for all the diskspace that SEP needs be used from e: drive. Installing SEP on e: did not accomplish that objective as my c drive has shrunk by 3GB since the install of SEP on 3/22/2013.

Can I uninstall SEP, LU, and delete old folders, then reinstall SEP using custom mode and make all data storage needs go to e:?

If that doesn't work, can I install LUAM and reassign the storage locations? Will LUAM figure out where stuff is (btw, I could not find the LU version number).

Any other suggestions for how to solve my immediate dilema of tiny C drive, lots of space on e:, and wanting to use EndPoint Protection on this server?

If I can't get a solution, that I can't use SEP (I'm in the trial time) and will have to find another solution. My first attempt at running SEP caused the c: drive to almost fill and the system to go unstable and I had to  scramble to get it back up (because I didn't realize SEP and LU would eat my c: ). We plan to replace the tiny C drive, but that will be a few weeks out, and I need protection in the meantime.

 

Heidi

 

Operating Systems:

Comments 12 CommentsJump to latest comment

.Brian's picture

How many content revisions are you keeping? What folder is it that is taking up space?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Heidi B's picture

The interface to LU that EndPoint Protection gives has no settings to change the no. of revisions.

I uninstalled then reinstalled EP (custom with data on e:) on Fri 3/22 and since then 13 GB was used on e: andon  c: used 3.3 GB.

After pocking around for a while, the only folder I found with lots of Bytes used was

e:\program files\Symantec EndPoint\data\backup and that was just 2GB

e:\program files\Symantec EndPoint2 took up 11GB

But e drive has lots of space, so I did not research e: folders further

On the other hand, in c: I found the following

c:\Doc + Settings\All users\application data\Symantec\LiveUpdate and that was 700 MB

was the largest I found.

other folders mentioned in Mick2009's article did not exist on my server.

If I can install LUA and move the folders growing on C, I that would solve my problem.....

W007's picture

Hello,

Look this public kb

 

Managing content updates in Symantec Endpoint Protection Manager SBE 12.1

http://www.symantec.com/business/support/index?page=content&id=HOWTO54846

 

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Ambesh_444's picture

Hello,

Please check with this thread.

 

https://www-secure.symantec.com/connect/forums/too...

https://www-secure.symantec.com/connect/forums/too...

 

 

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

Heidi B's picture

ambesh, this link was helpful.

I found that my e:\program files\Symantec Endpoint2\Inetpub did hold 5.64 GB of data (out of 20 GB used). So I edited the conf.properties files by adding the line

scm.lucontentcleanup.threshold=5

This link tells me to Start>Run services.msc and right click on Symantec Protection Center and then do a restart. EndPoint protection does not have Symantec Protection Center but has instead

Symantec Embedded Database

Symantec Endpoint Protection

Symantec Endpoint Protection Manager

Symantec Endpoint Protection Manager Webserver

Symantec Management Client

Symantec Network Access Control

Any idea which of these 6 services I should restart to get SEP to pick up the revised conf.properties file?

John Cooperfield's picture

When space is very low it is best to start with only a few content revisions and work from there. The is configured in the v12.1 SEPM at SEPM > Admin > Servers > select "Local Site (xxx)" > edit Site Props > LU tab.

Further, for relieveing space issues like this it is possible to redirect the Inetpub folder to another drive.
Please see this Sym KB doc http://www.symantec.com/docs/TECH103808
Please read the entired doc carefully before attempting.
We will be doing this at our site.

SEP (and SEPM) must be installed on C: the system drive.

SEPM and LUA are installed on different machines. I do not see LUA helping with what you want.

There is always more growth than we expected.

Junction Points article: http://support.microsoft.com/kb/205524

Path references are typical and can vary by Win 2003 vs Win 2008r2, 32 bit / 64 bit, etc.

I like SEP very well.

HTH
John
.

Heidi B's picture

Thank you John, this was helpful.

SEP custom install allowed me to install it on the e: drive, and that seems to be where most of the space is being used, so I will just leave it there.

Your instructions helped me find the Edit Site Properties tab which allows me to change the Number of content revisions. Sadly, this was set to 3, and if this item works as expected, it means that 3 or less revisions now use 2.4 GB (on c:) and 20 GB on e:. in just 4 days and growing daily. I did not see an entry in conf.properties that corresponded to 3 content revisions under scm.lucontentcleanup.threshold=3 (see above comments).

So you are saying I can't install LUA on the same server that runs SEPM? Hopefully a Symantec employee will confirm or deny or just state that LUA product will make my life even more complicated, not solve my problem.....

I love Symantec products. I'm frustrated that this is turning out to be so difficult. I seem to have touched all kinds of legacy and historic stuff here....

 

 

SebastianZ's picture

Yes it can be confirmed - LUA and SEPM installation on same physical machine is not recommended and not supported: http://www.symantec.com/docs/TECH105076 - this configuration can cause more issues than solve.

Heidi B's picture

Thank you for saving me untold hours of research and trial and error! 

Mithun Sanghavi's picture

Hello,

Since you are using SBE, I believe you have limited number of clients ranging from 0-100.

In your case, you would not need Liveupdate Administrator as you have only 50 SEP clients which needs to be updated and the same could be done via SEPM.

LiveUpdate Administrator 2.x can be of great assistance in environments which host a mixture of Symantec products (SEP, SAV, SMSMSE, and Scan Engine, for example). 

In environments where SEP is the only Symantec product that must be updated, a LUA 2.x server is usually not necessary.  The SEPM and GUPs can efficiently download and distribute all necessary updates without the need of LUA 2.x.  For more information please see Top 10 Symantec Best Practices - Deploying Symantec Endpoint Protection Architecture.

Check these Articles - 

When is it Recommended to Use LiveUpdate Administrator 2.x with Symantec Endpoint Protection?

http://www.symantec.com/docs/TECH154896

LiveUpdate Administrator 2.x and Symantec Endpoint Protection Manager on the Same Physical Server

http://www.symantec.com/docs/TECH105076

How much hard disk space is consumed by LiveUpdate Administrator 2.x for content updates?

http://www.symantec.com/docs/TECH90823

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Heidi B's picture

This is very helpful.

So I found out how to uninstall LiveUpdate

http://www.symantec.com/business/support/index?pag...

Do I also have to uninstall SEP at the same time?

Assuming I don't have to uninstall SEP, I found in SEPM the setting under clients and the properties

Group Update Provider - do I change this to true? Can I change this to true before I unstill LU?

Do I have to recreate the client with the new GUP True setting or does the current client just get the new settings and pull its own updates?

Thank you!

Heidi B's picture

I have now  been running SEP after reinstalling (custom, on non c drive) for 3 weeks, and the system has settled in using only 3 GB on C drive and 35 GB on the non C drive. It varies up and down by 1-2 GB on each drive but I can live with that.

I did not have to uninstall liveUpdate, I left as it was from a many years ago install.

Note to self: never allow default install!

I consider this problem solved, and appreciate the help and hints from this group.

 

Heidi

SOLUTION