Hello,
In your case, are these client machines, managed clients OR unmanaged?
If Managed, are the Liveupdate Policies applied to them?
All liveupdate servers are using akamaitechnology..for definition and patch updates..
When you run Liveupdate it goes to
liveupdate.symantecliveupdate.com
or liveupdate.symantec.com
and if these are unreachable, then these site search which is the closest Akamai server in your location and then from those akamai server your definitions get downloaded.
Symantec definitions are hosted on Akamai servers.So that for liveupdate around the world everybody doesn't have to go to US Liveupdate servers.
All virus definition servers of Symantec are akamized so if clients are connecting to akamai means they are connecting to internet to download virus definitions..
Double check you Liveupdate Policy and check under "Use Liveupdate Server" what is specified.
Check this Thread: https://www-secure.symantec.com/connect/forums/akamai-killing-my-bandwidth
Hope that helps!!!