Endpoint Protection

 View Only

  • 1.  Has their been a change to the unpacking of Virus Defs?

    Posted Jan 07, 2015 10:47 AM

    Hi,

     

    In our environment we've recently noticed that when the definitions expand out it's creating a folder of approx 900Mb that Symantec does nothing with. After about 30 mins it then expands out again with a new folder and successfully updates to the correct definiton.

     

    Due to the nature of our environment we have limited disk space, due to this we have noticed the change in the expanding as it fills the disk.

     

    We have looked through the logs and can find no errors or entries regarding the first expansion that Symantec does nothing with. The only thing we can think is that the unpacking of the definition files on the drive has changed recently.

     

    Thanks



  • 2.  RE: Has their been a change to the unpacking of Virus Defs?

    Posted Jan 07, 2015 10:48 AM

    The defs come down compressed and will unpack once down. This is normal behaviour. The problem is the def sizes continue to grow, well over 500MB nowadays.

    This article contains some numbers on size:

    http://www.symantec.com/docs/TECH141811



  • 3.  RE: Has their been a change to the unpacking of Virus Defs?

    Posted Jan 07, 2015 10:54 AM

    Is this all clients or specific ones?

    What's the SEP version you're on?



  • 4.  RE: Has their been a change to the unpacking of Virus Defs?

    Posted Jan 07, 2015 10:54 AM

    The issue is the defs are uncompressing and not doing anything. 

    After a certain time the client then grabs the defs again and this time successfully updates itself. 

    With this being done twice it fills up the amount of disk space we have. We've only noticed this since the 5th Jan, they successfully updated before this time.



  • 5.  RE: Has their been a change to the unpacking of Virus Defs?

    Posted Jan 07, 2015 11:00 AM

    are you using SEPM 11.x ?

    On January 5th, 2015, Symantec Endpoint Protection version 11.0.x will reach end of support life. Virus definitions and security updates will cease to be published to LiveUpdate and general support for the product will no longer be provided

    Symantec Endpoint Protection 11.0.x End of Support Life

    Article:TECH226804 | Created: 2014-12-03 | Updated: 2014-12-12 | Article URL http://www.symantec.com/docs/TECH226804


  • 6.  RE: Has their been a change to the unpacking of Virus Defs?

    Posted Jan 07, 2015 11:11 AM

    We are using SEPM 11 on our 2003 servers, this is due to compabaility with other programs.

    Currently we are checking the clients with 12.1 to see if the same unpackaging of the defs is the same.



  • 7.  RE: Has their been a change to the unpacking of Virus Defs?

    Posted Jan 07, 2015 11:12 AM

    Since on 11.x and EOL, you may stop receiving defs altogether. There is no guarantee anymore.



  • 8.  RE: Has their been a change to the unpacking of Virus Defs?

    Broadcom Employee
    Posted Jan 07, 2015 11:27 AM

    Hi,

    Thank you for posting in Symantec community. I would be glad to answer your query.

    You must upgrade to the latest version of SEP. SEP 12.1 RU5 is the latest version.

    Here is the latest best practice article for SEP 12.1 RU5 (12.1.5337.5000)

    http://www.symantec.com/docs/TECH224034

    Endpoint Protection 11.0.x clients will no longer be able to download updates from Symantec LiveUpdate or an internal LiveUpdate Administrator.

    http://www.symantec.com/docs/TECH226804