Video Screencast Help

Normal Size of SEP Virus Definition

Created: 14 Aug 2013 • Updated: 19 Sep 2013 | 7 comments
kintachi's picture
This issue has been solved. See solution.

Hi All,

We're having an issue on the size of virus definition of SEP client. 1 of our server is having 2.40gb total folder size, and it fills up disk space. We raised this to Symantec Support, and Support mentioned that this is normal. Is there any article for the normal size of SEP Virus Definition? Thanks.

Operating Systems:

Comments 7 CommentsJump to latest comment

ᗺrian's picture

By default, SEP 12.1 keeps 1 content revision while SEp 11.x keeps 3.

How many are showing for your client?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SebastianZ's picture

What SEP client version are you using? There is a known issue regarding the amount of AV defs kept on the SEP 12.1 on Server OS (SEP 12.1 versions affected prior to RU2):

Symantec Endpoint Protection (SEP) 12.1 client is maintaining multiple virus definitions versions on servers.

padding: 1px;padding-bottom: 3px ;font: 12px Arial; text-align: left;">Article:TECH180056 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 0px;font: 12px Arial; text-align: left;">Created: 2012-01-27 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 1px;font: 12px Arial; text-align: left;">Updated: 2013-03-28 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 1px;font: 12px Arial; text-align: left;">Article URL

- you may want to try the workarounds from here or updating to RU2 - the fix to this was implemented in this version Please note the default amount of Virus defs kept on the SEP client in version 12.1 should be only 1.

Sumit G's picture

What is your SEP Client Version?

Clean the definition, may be it corrupt.

How to clear out definitions for a Symantec Endpoint Protection 12.1 client manually
Article:HOWTO59193  |  Created: 2011-09-08  |  Updated: 2013-06-24  |  Article URL


Sumit G.

Mithun Sanghavi's picture


First, determine whether the amount of space used is as designed, or whether the definitions are not working correctly.

  • Symantec Endpoint Protection 12.1 will keep 1 definition set

Best Practices for configuring the number of content revisions to keep in Symantec Endpoint Protection Manager

Examine the files and folders in the VirusDefs folder. You should see the following:

  1. 2-3 numbered folders, approximately 430 - 470 MB each. On 3 January 2013 it was 454 MB for 64 bit 12.1.
    The numbered folders will have names that appear similar to the following: 20110408.002.
  2. 1 folder named BinHub, approximately 250 - 470 MB depending on the age of the file. 
  3. 1 folder named Incoming, which should be empty [this folder may not be present].
    The Incoming folder should only contain files while a virus definition update is in progress.
  4. 1 folder named TextHub, approximately 1 KB
  5. 1 file named definfo.dat, approximately 1 KB
  6. 1 file named usage.dat, approximately 1 KB
  7. 1 file named Cat.DB, approximately 650 KB
    The total size of all files and folders should be about 2 GB for SEP 11.0 and under 800 MB for 12.1.
  8. If any of the following is true, the definitions may not be working correctly:
    • The Incoming folder never becomes empty.
    • Several .tmp folders or files exist in the VirusDefs folder.
    • The numbered folders are 800 MB or greater in size.

The files sizes listed are as of January 2013.  Definitions files are continually getting larger in size.

Drive Space used by Virus Definitions Updates

Hope that helps!!

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

raju123's picture

I agree with Brian, Sep 12.1 Keep only one revision, you can check how many def folder dispaly in your Server. If it reflect more than one revision then there some problem in definition. In that case clear the definition