Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

Endpoint Protection Virus Definition Folder Very Large 12GB

Created: 11 Dec 2012 | 20 comments

Hi,

 

My virus definition folder is growing very large, its currently up to 12GB. The server is retaining over a months worth of definitions and it is using up all my available disk space on my server.

How can i change Endpoint to only retain 1-5 days worth of definitions? or how can i delete these definitions on a regular basis?

Thanks

Comments 20 CommentsJump to latest comment

AravindKM's picture

Have a look at this KB

Disk Space Management procedures for the Symantec Endpoint Protection Manager

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

Ajit Jha's picture

To make Chnages in keeping the Number of Revisions, please see the Link below

http://www.symantec.com/business/support/index?pag...

Regard's

Ajit Jha

Technical Consultant

ASC & STS

pete_4u2002's picture

you need to change the content revision, check this link

Best Practices for configuring the number of content revisions to keep in Symantec Endpoint Protection Manager

http://www.symantec.com/business/support/index?page=content&id=TECH92225

 

Bruggs's picture

I looked at the links that were posted and checked my "Disk Space Management for Downloads" it is set to keep 3 retentions.

Now for some reason it has kept the last months worth of retentions.

How do i fix this?

pete_4u2002's picture

when did you change this? if it is changed it will take sometime to remove the old content revision.

Bruggs's picture

This havnt changed it. It has been 3 revisions for 8 months now. all of a sudden its not working correctly.

I have no more room on my server, so if it doesnt remove the old revisions it cant download the new ones.

AravindKM's picture

Restart SEPM service once and launch liveupdate manually.

By the way do you have both 32 bit and 64 bits clients which are served by this SEPM?

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

pete_4u2002's picture

try restarting the SEPM srevice.

does manually deleting the old content revision help or does it appear back?

Bruggs's picture

AravindKM, i have done what you suggested. waiting for the update to complete. Yes i do have both 32 bit and 64 bit clients.

 

pete_4u2002, I cannot delete the old content. It is in a hidden folder "Program Data" i can access the files but it wont let me delete them. "Requires admin rights" although i have admin rights the system still wont let me delete them.

Ajit Jha's picture

STOP the SEPM and DB service and then try to delete the revisions.

Regard's

Ajit Jha

Technical Consultant

ASC & STS

AravindKM's picture

Simply deleting manually the virus defs are not advisable.

Even after running the liveupdate if you are still facing the problem, I recommend you to clear the defs as per below KB

Only 32 Bit Antivirus / Antispyware Definitions are not updating on the 32 Bit / 64 Bit Operating System.

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

Bruggs's picture

I ran the live update but it didnt delete the old defs, it just used up all my hdd space and stopped all my other services from running.

AravindKM, i looked at the link but i cant find the keys that the article states. Symcdata-sesmvirdef

See attached pic.

Untitled.jpg
AravindKM's picture

Please delete whatevever entries are available and try...

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

psj_symhelp's picture

Perform below step.

 

Steps to clean Virus Definitions folders and republish LiveUpdate Product Inventory on Symantec Endpoint Protection Manager:

  1. Delete the content of folder "c:\documents and settings\All users\Application Data\Symantec\LiveUpdate\Downloads\"
    Note: Application Data is a hidden folder. Delete the content of the Downloads folder, but not the folder itself.
  2. Update the LiveUpdate catalog by opening the following link in Internet Explorer:
    http://localhost:9090/servlet/ConsoleServlet?ActionType=ConfigServer&action=PublishLuInventory
    After few seconds you will get a confirmation message "Responsecode="0".
  3. Stop the services "Symantec Endpoint Protection Manager" and "Symantec Endpoint Protection"
    To stop the services:
    1. Go to Start > Run.
    2. Type the following: Services.msc
    3. Select and stop the above mentioned services.
  4. Delete the numbered or TMP folders inside the paths:
    • %programfiles%\symantec\symantec endpoint protection manager\inetpub\content\{1CD85...
    • %programfiles%\symantec\symantec endpoint protection manager\inetpub\content\{C60DC...
    • %commonprogramfiles%\Symantec Shared\SymcData\sesmvirdef32
    • %commonprogramfiles%\Symantec Shared\SymcData\sesmvirdef64
    • %commonprogramfiles%\Symantec Shared\VirusDefs
  5. Before deleting above path, uninstall LiveUpdate then follow mentioned steps as above.
  6. Re-install LiveUpdate and register the Catalog by following below command in cmd prompt.
  7. Command- C:\  Program Files\Symantec\Symantec Endpoint Protection Manager\bin > lucatalog -forcedupdat 
  8. Launch the process LUALL.EXE from %programfiles%\Symantec\LiveUpdate (May be requested to click on "START")
    (LiveUpdate should run for some minutes (5-10 min), if some error messages are displayed, exit and launch again LUALL.exe)
  9. Restart both Symantec Endpoint Protection services when LiveUpdate is complete.
  10. Verify the numbered folders of virus definitions are created in the following paths:
    (There might be just 2-3 folders in the beginning, but the default number is 10 folders)
    • %programfiles%\symantec\symantec endpoint protection manager\inetpub\content\{1CD85...
    • %programfiles%\symantec\symantec endpoint protection manager\inetpub\content\{C60DC...
  11. Log on to Symantec Endpoint Protection Manager Console and launch a LiveUpdate from Admin > Server > Local Site > Download LiveUpdate content

 

Ajit Jha's picture

I would suggest you to contact Symantec Technical Support.

Regard's

Ajit Jha

Technical Consultant

ASC & STS