Endpoint Protection Small Business Edition

 View Only
  • 1.  Folder to exclude from backup

    Posted Jul 16, 2015 11:05 AM

    If this is better to be posted on the SEPM forums, feel free to move it there.

    We're running backup exec 2014 and SEP 12.1 and the SEPM/SEP files are generating daily incremental backup data of roughly 10 gigs. The following folders contain the majority of the backup data that is being included in those incrementals:

     

    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\Content (about 3 gigs)

    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\db (about 3 gigs)

    C:\ProgramData\Symantec\Definitions (about 3 gigs again)

    C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.xxxxx\Data\Definitions\VirusDefs\

     

    Of these, I know that the db folder will need to be backed up, however all 3 of the other directories appear to contain virus definitions/virus definition deltas. If I were to exclude the other folders from backup and we were to enter a disaster recovery situation where I did a full restore of the system, from SEPM and SEP's point of view, these files would appear to have just been mysteriously deleted. How would SEPM and SEP react to this? Would they just go out an re-download the appropriate files or would this simply fubar my SEPM and SEP installations?

    Related articles I was able to find:

    http://www.symantec.com/connect/forums/what-sep-filesfolders-exclude-during-backup

    This article indicates to just entirely exclude the SEP directories from backup (and certain other shared symantec files), which would functionally delete all of SEP's files and potentially some shared files used by other applications. This seems like a horrifyingly terrible idea, as you'd have uninstalled all of the application files while leaving all of the registry entries intact. Windows would still attempt to start SEP on startup, but wouldn't even be able to find the executable. I don't know if SEPM would be able to start, as it may be missing symantec shareed files it needs. A reinstall would probably fix SEP, but I have no clue how SEPM would react or the backup exec agent installed on the server. SEPM might have to be reinstalled as well, which might not go nearly as well as most of it's files would still be present on the system. Would a reinstall of SEP and SEPM work? Would my SEPM database still be usable, or under this solution would I be better off to just exclude all of the SEPM files as well and deal with the potential database loss. If I did the reinstall, would my existing clients be able to re-attach themselves to the SEPM server or would I have to also go through and redeploy SEP to all of the clients?

    https://www-secure.symantec.com/connect/forums/symantec-definition-files-causing-large-incremental-images-shadowprotect

    This isn't related to backup exec and is specific to SEP(M) 11.x rather than 12.1, but seems to be functionally the same issue. Unfortunately, it doesn't actually list files that could be excluded it simply links to another article about disk space management... which also doesn't list files that are safe to delete/exclude, simply procedures to reduce the number of backup deltas and compress the database. Neither of these is actually applicable.



  • 2.  RE: Folder to exclude from backup
    Best Answer

    Posted Jul 16, 2015 05:36 PM

    The files of the Inetpub\content folder are stored in the DB, too. So if you restore SEPM with a functional database but without stuff in Inetpub\content, SEPM will recreate Inetpub\content from the database automatically.

    The same applies to the other folders (except for the db folder).

    As soon as the SEPM's Inetpub\content folder is intact, clients are able to update.

    If you have to reinstall SEPM or SEP, you can remove remnants of previous installations with the CleanWipe tool (in the \tools folder of the SEP download).

    If your SEPM is running without issues, the clients should seamlessly re-attaching themselves. If they don't, you have to distribute the new communication settings to the clients. That's not a big deal as you can do it through the Client Deployment Wizard.

     

     



  • 3.  RE: Folder to exclude from backup
    Best Answer

    Posted Jul 17, 2015 09:01 AM

    Just incase you have to perform a disaster recovery these are the the files you should have a backup.

     

    First you will require the SEPM installation binary files, make sure to have a copy of your existing version, because fileconnect will host only the lastest version and if you even one version back you will not be able to use DB back on the higer version and getting old SEPM binary from Symantec is a time consuming process.

     

    Second and most importantly you need to have a backup of DB, I am not sure if your are using Embedded or SQL.

       >> If Embeded, in Admin -> Server -> Localhost configure the database backup to set it happen daily or atleast bi weekly

      >> If SQL, configure the backup in the SQL studio to run daily during non business hours

    be sure to copy the backup files to a different servers to have the redundancy.

     

    Finally you need to have the backup of server certificate, a new certifcate will be generated every time you upgrade the SEPM version. if you need the new bacupup you can manually export in from admin -> servers -> select the manage server under Tasks, click Manage Server Certificate, and then click Next.
    In the Manage Server Certificate panel, click backup.

    hope this solves your quiries. with just these files you can perform a complete DR without any issues. the DB backup itself wil contain your contents, client pacakages, group structe, client information and their logs. Inother words SEPM DB has everything so just be sure to have the backup of the above said files.