Same problem here.
The folder C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content is occupying 24Gb :smileysad:

Can I just delete the bigger folders?

Please upgrade to MR-2 if not already done. This issue has been fixed in MR-2.

Otherwise, you can refer to the following -


 https://forums.symantec.com/syment/board/message?board.id=endpoint_protection11&message.id=1347&query.id=66376#M1347

Our server is already MR2, and we only found this problem after upgrading it to MR2

We've deleted all the "digit named folders", but now the clients stopped receiving the definitons updates. I've executed Rx4Defs on the SEPM server, but even it's client (SEP 11 MR2) stopped on November 07 definitions :smileyindifferent:

No news here?

So, a motivation:


Yesterday, after a forced "Update Content", 4 computers were updated to date (2008-04-22), but 3 of them automatically downgraded to the 2008-04-21 definitions, as you can see

Message Edited by Eduardo Nazato on 04-23-2008 04:27 PM

Just to remember: it's getting worse, ok

The SEPM server is up-to-date, but the most up-to-dated client is using the definitions from 2008-04-21

Thank you a lot, Symantec!

MR2 installed and guess what my content folder is still growing (13gb ) and after clearing it out as suggested on this forum by a Symantec employee now my clients wont update the virus def unless I force them via the SEPM. Thanks Symantec your the best!

I've got a question w.r.t. to this issue - had anyone amongst you implemented the semi-fix we used to implement before MR-2 came out? In case you did not do that, you may try to implement the semi-fix to try and resolve this issue.

I'm giving it FYI here -

To adjust the number of content updates stored by Symantec Endpoint Protection Manager
Open the \Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\etc\conf.properties file.
Add the following setting to the file, (the example uses a value of 5, adjust the value as necessary, the default value is 10 if no entry is present)

scm.lucontentcleanup.threshold=1

Close the conf.properties file and click Yes to save your changes.
Click Start > Run.
Type services.msc and click OK.
Right-click on Symantec Endpoint Protection Manager, and click Restart.
Close Services.

Within a short period of time the numbered content folders should adjusted to the value that you selected, the example below is based on a value of 5:

\Program Files\Symantec Endpoint Protection Manager\Inetpub\content\{C60DC234-65F9-4674-94AE-62158EFCA433}\
71016009
71019009
71020006
71021005
71022017


Add the line scm.lucontentcleanup.threshold=x (preferably between 1 to 5, since 10 is the default value) to the end of the conf.properties file.
Stop the SEPM service.
Navigate to the content folder, and then from each of the folders present under the CONTENT folder, go in and delete ALL the sub-folders with names in DIGITS.

Hope this helps. In case it doesn't, please post here so we can try to find a solution to this.


Then RESTART the Server which has the SEPM installed, and then start the SEPM service again

Thank you for the attention Abhishek... I do tried these steps, with a guy from Symantec tech support on the phone (who actually send them for me). It did fixed the Content folder growing issue, but it lead me to the other problem, which is the non-updating clients.

The Symantec support staff talked to me on the phone for about a week, and they couldn't fix this new problem. Now they want me, for the 3rd time, to rebuild the whole SEPM server :smileysad:

Hi Eduardo,

Why dont you PM em the case number that you have open, and we'll get something worked out.

I did implement  the scm.lucontentcleanup.threshold=1 fix before I applied MR2 and it seem to work but after installing MR2 it started doing it again so maybe I need to apply it again. But I am still having the problem were my client’s wont update unless I do it manually. I am to the point where I am going to write a script just to launch LiveUpdate on each machine via the Scheduled task but I should not have to apply workarounds for things that the software should be doing in the first place.

Hi Raider,

In case you are unable to do the LiveUpdate automatically, chances are that the Folder Structure has been corrupted since wrong folders were deleted.

In this case, I'd recommend taking a backup of the DB, the keystore.jks and server.xml files as outlined below, and then uninstalling the SEPM and then doing a fresh install of the SEPM to resolve the issue.



ON THE OLD INSTALLATION
Copy the "Server Private Key Backup folder" from:
\\ProgramFiles\Symantec\ Symantec Endpoint Protection Manager\Server Private Key Backup


Paste it to another storage area (as it will be deleted during Symantec Endpoint protection Manager uninstall)
Copy the "Data folder" from:
\\ProgramFiles\Symantec\ Symantec Endpoint Protection Manager\Data


Paste it to another storage area.
Copy the "sem5.db" database file from:
\\ProgramFiles\Symantec\ Symantec Endpoint Protection Manager\db


Paste it to another storage area.
Make a note of the "Encryption Password" used during the install.



ON THE NEW INSTALLATION AFTER THE DISASTER RECOVERY  OF OPERATING SYSTEM (OS)

Ensure that the server has the same IP Address and Host Name the Operating System has been Installed.
Install the "Symantec Endpoint Protection Manager" with the "Embedded Database."
Enter the "Encryption Password" that was used on the old "Symantec Endpoint Protection Manager" installation.
Log in to the Console
Click Admin.
Select Tasks> Servers.
Under "View Servers", expand Local Site.
Click the <computer name> that identifies the local site.
Select Tasks.
Click Manage Server Certificate.
In the "Welcome panel", click Next.
In the "Manage Server Certificate panel", select Update the Server Certificate
Click Next.
Under "Select the type of certificate to import", select JKS keystore.
Click Next.
Note: If one of the other certificate types has been implemented, select that type.


In the "JKS Keystore panel", click Browse.
Locate and select the backed up "keystore_<timestamp>.jks" keystore file.
Click OK
Open the "server_<timestamp>.xml" file
Select and copy the "keystore password."
Activate the "JKS Keystore" dialog box.
Paste the "keystore password" into the "Keystore" and "Key boxes."
Note: The only supported paste mechanism is Ctrl + V.


Click Next
Note: If you get an error message that says you have an invalid keystore file, you probably entered invalid passwords. Retry the password copy and paste. (This error message is misleading.)


In the "Complete panel", click Finish.
Stop the services for the "Symantec Embedded database" and the "Symantec Endpoint Protection Manager"
Go to:
\Program Files\Symantec Endpoint Protection Manager\

on the new "Symantec Endpoint Protection Manager" and remove the "Data folder."


Move the "old Data folder" under:
\Program Files\Symantec Endpoint Protection Manager\Data

from the old "Symantec Endpoint Protection Manager" install directory to the new "Symantec Endpoint Protection Manager" install directory.


Create a new folder named "db1" in:
\Program Files\Symantec Endpoint Protection Manager\


Move the "sem5.db" from the old "Symantec Endpoint Protection Manager" install directory.
Click Start>Run.
Type regedit
Navigate to:
HKey_Local_Machine\System\CurrentControlSet\services\ASANYs_sem5\Parameters


Open the value name Parameters and the original database:
\Program Files\Symantec Endpoint Protection Manager\db\sem5.db


Change it to:
\Program Files\Symantec Endpoint Protection Manager\db1\sem5.db


Move the "sem5.db" database:
\Program Files\Symantec Endpoint Protection Manager\db

from the old "Symantec Endpoint Protection Manager"  install directory to the new "Symantec Endpoint Protection Manager" install directory.


Go to Administrative Tools> Data Sources ODBC
Ensure the database connectivity after the changing the database file location to:
\Program Files\Symantec Endpoint Protection Manager\db1\sem5.db


Run the "Migration Server Configuration Wizard."
Click Yes to replace the database after entering the password
Login to the "Symantec Endpoint Protection Manager" using the old password.
Ensure that the Domain ID is same as it was on the old clients.
If it not, follow the direction in the below document to restore the Domain ID.  This will enable client communication http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007082112135948


All of the clients should begin reporting back within approximately 30 minutes.

Yeah, I knew that my server is lost, and that I have to rebuild it.
But it was not our fault, we DID follow Symantec documented steps.

For the love of God, it's the third time I lost my server. Two times because of the embedded database corruption, and now because of the growing Content folder and a solution that only make things worse. All the times I spent a lot of time on the phone talking to the very Symantec support staff, and they couldn't help me.

When will this torture end?
Why could Symantec Client Security be left alone and work perfectly, while SEP always behave like a baby, whom I have to monitor all the time to see if something did poop again?

Message Edited by Eduardo Nazato on 05-09-2008 09:51 AM

Ok Abhishek Pradhan I have done a complete reinstall of my main manegent server and followed your instructions, the clients are now just coming back up. If this fixes my update problem do I need to apply the same method to my replication sites? If so is there any additional steps i need to take?

It has been 24 hours sence the reinstall, new def have been downloaded to the management server, but the clients have still not updated. The only client that updates automaticlly is the client on the server. I have tried a reinstall on a client but it too is still not getting the updates from the management server. Anymore sugestions?

Someone suggested that my database is corrupt and I need to do a fresh install without restoring the database. So I am going to backup my db, server key, and data folder. Then rebuild my entire SEPM, I will post if this fixes the problem. Funny thing is as many hours I spent working on this the company I work for could have just bought new anti-virus solution for less.




P.S. We wont be renewing our Symantec license

Message Edited by Raider1 on 05-14-2008 08:08 AM

Yes, we can. But in anyway the original server is lost :smileyindifferent:

And how many more times will I have to rebuild my server?

I just got done rebuilding my SEPM from the ground up. The clients are now getting the updates and are connecting back to the SEPM. Unfortuinly I am only back to square one and my content folder is going to grow once again...



@ doctortt

No you dont have to drop the sylink.XML on every client. You just create a domain in the SEPM and change its ID to the ID your clients are trying to connect to. As explained in the "Best Practices for Disaster Recovery with Symantec Endpoint Protection"
 
This is what i did

Backup my DB (just in case but didnt use)
Saved Data folder (just in case but didnt use)
Saved the Key Store File
Looked up the domain ID and saved it to a txt file
Exported all my policies
Uninstalled SEPM, SEP (on server only), and Live update also deleted the Symantec folder (just in case)
Installed SEPM
Imported policies
Restored Key Store File
Created a group with the same name the clients were in (not needed just saved time moving clients)
Created a new Domain
changed the domain ID
Clients reconnected and grabbed latest updates...


Now i look forward to the content folder growing like a wild flower :)