Hello,
First, determine whether the amount of space used is as designed, or whether the definitions are not working correctly.
- Symantec Endpoint Protection 12.1 will keep 1 definition set
Best Practices for configuring the number of content revisions to keep in Symantec Endpoint Protection Manager
http://www.symantec.com/docs/TECH92225
Examine the files and folders in the VirusDefs folder. You should see the following:
- 2-3 numbered folders, approximately 430 - 470 MB each. On 3 January 2013 it was 454 MB for 64 bit 12.1.
The numbered folders will have names that appear similar to the following: 20110408.002.
- 1 folder named BinHub, approximately 250 - 470 MB depending on the age of the file.
- 1 folder named Incoming, which should be empty [this folder may not be present].
The Incoming folder should only contain files while a virus definition update is in progress.
- 1 folder named TextHub, approximately 1 KB
- 1 file named definfo.dat, approximately 1 KB
- 1 file named usage.dat, approximately 1 KB
- 1 file named Cat.DB, approximately 650 KB
The total size of all files and folders should be about 2 GB for SEP 11.0 and under 800 MB for 12.1.
- If any of the following is true, the definitions may not be working correctly:
- The Incoming folder never becomes empty.
- Several .tmp folders or files exist in the VirusDefs folder.
- The numbered folders are 800 MB or greater in size.
The files sizes listed are as of January 2013. Definitions files are continually getting larger in size.
Drive Space used by Virus Definitions Updates
http://www.symantec.com/docs/TECH141811
Hope that helps!!