Video Screencast Help

Limit VirusDef disk space - SEP Small Business Edition

Created: 06 Mar 2012 | 16 comments

Hello All,

I need a way to limit the size of this: C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs

I have seen ways to do this for other versions of Endpoint - but not the Small Business Edition.

I cannot find any settings from within the console to do this.

Any help would be greatly appreciated!

 - James

Comments 16 CommentsJump to latest comment

pete_4u2002's picture

what is the current size, i believe there will be only 1 folder.

Jimms's picture

Sorry - I should clarify: I am referring to the SERVER not the CLIENT.

There are currently 5.75 GB of Defs stored here:

C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs

in 20 folders.

See attachement > I need to limit the size of this.

berrynext4u's picture

In SEPM> go to servers tab, then click on site name and then edit site properties.

Go to the second tab and select the number of content revisions to be kept.

Restart the SEPM service after that and check the size of the folder shld decrease.

Simpson Homer's picture

 

How to reduce the number of content revisions stored in Symantec Endpoint Protection Manager\Inetpub\content folder in SEP SBE.

 

 

Solution

The number of content updates stored in the \Program Files\Symantec\Symantec Protection Center\Inetpub\content folder can be reduced by creating the setting called "scm.lucontentcleanup.threshold" to the conf.properties file. This setting controls how many revisions that Symantec Protection Center retains of content (Virus Definitions, etc) for distribution and deltas (microdefs). Reducing this value reduces the amount of disk space and database space that is utilized, but increases the likelihood that clients that are not connected to the Symantec Protection Center for extended periods of times (such as laptops) will download a full virus definition set as opposed to microdefs, potentially increasing network utilization. Increasing the value of "scm.lucontentcleanup.threshold" will increase the disk and database space used, but clients that are not connecting to the Symantec Protection Center can stay offline for longer period and still receive microdef content, decreasing network utilization. This should not be of too much concern as SEP SBE clients are hard coded to update from Symantec LiveUpdate servers once a day. Clients that have updated from Symantec LiveUpdate servers would still receive a delta package from the SPC if they were within the amount of revisions available to create a delta on the server.

 

    To adjust the number of content updates stored by Symantec Protection Center

    1. Open the \Program Files\Symantec\Symantec Protection Center\tomcat\etc\conf.properties file.
    2. Add the following setting to the file, (the example uses a value of 5, adjust the value as necessary, the default value is 10 if no entry is present)

      scm.lucontentcleanup.threshold=5

    3. Close the conf.properties file and click Yes to save your changes.
    4. Click Start Run.
    5. Type services.msc and click OK.
    6. Right-click on Symantec Protection Center, and click Restart.
    7. Close Services.
  • Within a short period of time the numbered content folders should adjusted to the value that you selected

 

Jimms's picture

These recommendations do not work for whay I am trying to do. In fact they do not apply to my product?
 

1. This does not exist in my interface: SEPM> go to servers tab, then click on site name and then edit site properties.

2. This does not exists on my server: \Program Files\Symantec\Symantec Protection Center\tomcat\etc\conf.properties file.
 

~~~~~~~~~~~~~~

I am trying to limit the size of this:

C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs

morbiousx's picture

I'm having the same problem, over 11gb of old virusdef files but can not delete, need to know if there is something in 12.1 that you can change to allow the deletion in the following folder:

 

C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.x.x.x\Data\Definitions\VirusDefs

mharrington21's picture

I'm having the same issue with my SEP clients.  I've noticed it's very random.  All of my clients are managed by the SEPM and have the same policy.  One connection I've made is that the clients I'm seeing have this issue are all Virtual Machines.  Is anyone else having this issue on just VMs or on physical servers as well?

A response from Symantec would be much appreciated.

Go_Beavs's picture

Is this a server?  What happens if you reboot this machine?  Do the folders other than the most recent definition get removed?

If so, you may be running into the issue described here:

Symantec Endpoint Protection (SEP) 12.1 client is maintaining multiple virus definitions versions on servers.

http://www.symantec.com/business/support/index?page=content&id=TECH180056

mharrington21's picture

Indeed all of our SEP "clients" are in fact servers.  I rebooted and it removed all the old virus def folders as stated in the link above.  However, rebooting a server is not best practice as we strive to provide 100% uptime.  Also, stopping SEP services and removing each old virus def folder manually is quite a bit of overhead when you have a large quantity of servers.  Do you have any idea as to when this issue will be resolved by Symantec?

 

Thanks for your help

Go_Beavs's picture

I definately understand not having the ability to reboot machines on a whim, and that the steps of manually clearing out definitions is not ideal either, it was more of a way to see if your symptoms match what the document was referring to.

Unfortunately I don't know when it will be resolved.  You may want to open a support case to see if you can get any further information.

Mick2009's picture

Hi mharrington21,

I have seen a couple instances of this.  One easy trick usually resolves the problem: check how often the SEP 12.1 client on those servers is running a scheduled scan.  Is it daily?  If the scan running when LiveUpdate has its session?

Simply changing the frequency of scheduled scans from daily to weekly will enable LiveUpdate to run smoothly and delete the old definition sets.

If you do have an open case about the issue, please do PM me the number.  I will get in touch with the Tech Support Engineer who is looking into the case and provide them with some extra info that will help.  &: )

Extra note: please do upgrade to SEP 12.1 RU1 MP1 which will be available soon.  It will not fix this issue, but contais many other importnat enhancements and improvements.

With thanks and best regards,

Mick

SS - Ed Hallett's picture

Hi, does this issue have any further updates?

Our clients' SEPM - SBE is taking over 10gb in virus defs. I spoke to a guy in symantec tech support who was impossible to understand and refused to give his name - so, next best shot is the forums..

Does anyone have a resolution? I've tried all of the above.

Thanks, and kind regards,

Ed - Support Analyst - SystemSense

Chetan Savade's picture

Hi,

In Small Business Edition have limited options, you can not modify settings to reduce number of revisions to keep like Enterprise Edition.

Please check following article:

How to reduce the number of content revisions stored in Symantec Endpoint Protection Manager\Inetpub\content folder in SEP SBE

http://www.symantec.com/docs/TECH98137 

To reduce the database size (sem5.db) can use this tool.

https://www-secure.symantec.com/connect/downloads/shrink-symantec-endpoint-protection-manager-121-embedded-database

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<