Video Screencast Help
Search Video Help Close Back
to help

Endpoint Protection Virus Definition Folder Very Large 12GB

Created: 11 Dec 2012 | 20 comments
Bruggs's picture
Bruggs
0 0 Votes
Login to vote

Hi,

 

My virus definition folder is growing very large, its currently up to 12GB. The server is retaining over a months worth of definitions and it is using up all my available disk space on my server.

How can i change Endpoint to only retain 1-5 days worth of definitions? or how can i delete these definitions on a regular basis?

Thanks

Discussion Filed Under:
, , , , , ,

Comments 20 CommentsJump to latest comment

pete_4u2002's picture
pete_4u2002 Symantec Employee
Endpoint Protection Virus Definition Folder Very Large 12GB - Comment:12 Dec 2012 : Link

are you talking about the virusdef on SEPM or SEP client?

Cheers!
Pete

Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619

0
Login to vote
Bruggs's picture
Bruggs
Endpoint Protection Virus Definition Folder Very Large 12GB - Comment:12 Dec 2012 : Link

SEPM

0
Login to vote
Ajit Jha's picture
Ajit Jha Partner Accredited
Endpoint Protection Virus Definition Folder Very Large 12GB - Comment:12 Dec 2012 : Link

Check the Link Below

http://www.symantec.com/business/support/index?pag...

Regard's

Ajit Jha

Technical Consultant

ASC & STS

0
Login to vote
AravindKM's picture
AravindKM Trusted Advisor
Endpoint Protection Virus Definition Folder Very Large 12GB - Comment:12 Dec 2012 : Link

Have a look at this KB

Disk Space Management procedures for the Symantec Endpoint Protection Manager

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

0
Login to vote
Ajit Jha's picture
Ajit Jha Partner Accredited
Endpoint Protection Virus Definition Folder Very Large 12GB - Comment:12 Dec 2012 : Link

To make Chnages in keeping the Number of Revisions, please see the Link below

http://www.symantec.com/business/support/index?pag...

Regard's

Ajit Jha

Technical Consultant

ASC & STS

0
Login to vote
pete_4u2002's picture
pete_4u2002 Symantec Employee
Endpoint Protection Virus Definition Folder Very Large 12GB - Comment:12 Dec 2012 : Link

you need to change the content revision, check this link

Best Practices for configuring the number of content revisions to keep in Symantec Endpoint Protection Manager

http://www.symantec.com/business/support/index?page=content&id=TECH92225

 

Cheers!
Pete

Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619

0
Login to vote
Bruggs's picture
Bruggs
Endpoint Protection Virus Definition Folder Very Large 12GB - Comment:12 Dec 2012 : Link

I looked at the links that were posted and checked my "Disk Space Management for Downloads" it is set to keep 3 retentions.

Now for some reason it has kept the last months worth of retentions.

How do i fix this?

0
Login to vote
pete_4u2002's picture
pete_4u2002 Symantec Employee
Endpoint Protection Virus Definition Folder Very Large 12GB - Comment:12 Dec 2012 : Link

when did you change this? if it is changed it will take sometime to remove the old content revision.

Cheers!
Pete

Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619

0
Login to vote
Bruggs's picture
Bruggs
Endpoint Protection Virus Definition Folder Very Large 12GB - Comment:12 Dec 2012 : Link

This havnt changed it. It has been 3 revisions for 8 months now. all of a sudden its not working correctly.

I have no more room on my server, so if it doesnt remove the old revisions it cant download the new ones.

0
Login to vote
AravindKM's picture
AravindKM Trusted Advisor
Endpoint Protection Virus Definition Folder Very Large 12GB - Comment:12 Dec 2012 : Link

Restart SEPM service once and launch liveupdate manually.

By the way do you have both 32 bit and 64 bits clients which are served by this SEPM?

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

0
Login to vote
pete_4u2002's picture
pete_4u2002 Symantec Employee
Endpoint Protection Virus Definition Folder Very Large 12GB - Comment:12 Dec 2012 : Link

try restarting the SEPM srevice.

does manually deleting the old content revision help or does it appear back?

Cheers!
Pete

Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619

0
Login to vote
Bruggs's picture
Bruggs
Endpoint Protection Virus Definition Folder Very Large 12GB - Comment:12 Dec 2012 : Link

AravindKM, i have done what you suggested. waiting for the update to complete. Yes i do have both 32 bit and 64 bit clients.

 

pete_4u2002, I cannot delete the old content. It is in a hidden folder "Program Data" i can access the files but it wont let me delete them. "Requires admin rights" although i have admin rights the system still wont let me delete them.

0
Login to vote
Ajit Jha's picture
Ajit Jha Partner Accredited
Endpoint Protection Virus Definition Folder Very Large 12GB - Comment:12 Dec 2012 : Link

STOP the SEPM and DB service and then try to delete the revisions.

Regard's

Ajit Jha

Technical Consultant

ASC & STS

0
Login to vote
AravindKM's picture
AravindKM Trusted Advisor
Endpoint Protection Virus Definition Folder Very Large 12GB - Comment:12 Dec 2012 : Link

Simply deleting manually the virus defs are not advisable.

Even after running the liveupdate if you are still facing the problem, I recommend you to clear the defs as per below KB

Only 32 Bit Antivirus / Antispyware Definitions are not updating on the 32 Bit / 64 Bit Operating System.

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

0
Login to vote
Bruggs's picture
Bruggs
Endpoint Protection Virus Definition Folder Very Large 12GB - Comment:12 Dec 2012 : Link

I ran the live update but it didnt delete the old defs, it just used up all my hdd space and stopped all my other services from running.

AravindKM, i looked at the link but i cant find the keys that the article states. Symcdata-sesmvirdef

See attached pic.

Untitled.jpg
0
Login to vote
AravindKM's picture
AravindKM Trusted Advisor
Endpoint Protection Virus Definition Folder Very Large 12GB - Comment:12 Dec 2012 : Link

Please delete whatevever entries are available and try...

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

0
Login to vote
psj_symhelp's picture
psj_symhelp Partner
Endpoint Protection Virus Definition Folder Very Large 12GB - Comment:12 Dec 2012 : Link

Perform below step.

 

Steps to clean Virus Definitions folders and republish LiveUpdate Product Inventory on Symantec Endpoint Protection Manager:

  1. Delete the content of folder "c:\documents and settings\All users\Application Data\Symantec\LiveUpdate\Downloads\"
    Note: Application Data is a hidden folder. Delete the content of the Downloads folder, but not the folder itself.
  2. Update the LiveUpdate catalog by opening the following link in Internet Explorer:
    http://localhost:9090/servlet/ConsoleServlet?ActionType=ConfigServer&action=PublishLuInventory
    After few seconds you will get a confirmation message "Responsecode="0".
  3. Stop the services "Symantec Endpoint Protection Manager" and "Symantec Endpoint Protection"
    To stop the services:
    1. Go to Start > Run.
    2. Type the following: Services.msc
    3. Select and stop the above mentioned services.
  4. Delete the numbered or TMP folders inside the paths:
    • %programfiles%\symantec\symantec endpoint protection manager\inetpub\content\{1CD85...
    • %programfiles%\symantec\symantec endpoint protection manager\inetpub\content\{C60DC...
    • %commonprogramfiles%\Symantec Shared\SymcData\sesmvirdef32
    • %commonprogramfiles%\Symantec Shared\SymcData\sesmvirdef64
    • %commonprogramfiles%\Symantec Shared\VirusDefs
  5. Before deleting above path, uninstall LiveUpdate then follow mentioned steps as above.
  6. Re-install LiveUpdate and register the Catalog by following below command in cmd prompt.
  7. Command- C:\  Program Files\Symantec\Symantec Endpoint Protection Manager\bin > lucatalog -forcedupdat 
  8. Launch the process LUALL.EXE from %programfiles%\Symantec\LiveUpdate (May be requested to click on "START")
    (LiveUpdate should run for some minutes (5-10 min), if some error messages are displayed, exit and launch again LUALL.exe)
  9. Restart both Symantec Endpoint Protection services when LiveUpdate is complete.
  10. Verify the numbered folders of virus definitions are created in the following paths:
    (There might be just 2-3 folders in the beginning, but the default number is 10 folders)
    • %programfiles%\symantec\symantec endpoint protection manager\inetpub\content\{1CD85...
    • %programfiles%\symantec\symantec endpoint protection manager\inetpub\content\{C60DC...
  11. Log on to Symantec Endpoint Protection Manager Console and launch a LiveUpdate from Admin > Server > Local Site > Download LiveUpdate content

 

-1
Login to vote
pkh's picture
pkh Trusted Advisor
Endpoint Protection Virus Definition Folder Very Large 12GB - Comment:15 Dec 2012 : Link

The above is extracted from this document

http://www.symantec.com/docs/TECH104721

0
Login to vote
Ajit Jha's picture
Ajit Jha Partner Accredited
Endpoint Protection Virus Definition Folder Very Large 12GB - Comment:12 Dec 2012 : Link

I would suggest you to contact Symantec Technical Support.

Regard's

Ajit Jha

Technical Consultant

ASC & STS

0
Login to vote
pete_4u2002's picture
pete_4u2002 Symantec Employee
Endpoint Protection Virus Definition Folder Very Large 12GB - Comment:12 Dec 2012 : Link

can you post the screen shot of the virus def folder for 32 bit ?

Cheers!
Pete

Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619

0
Login to vote