Have you tried running wireshark and checked the port is it on 8014 or 80 ?

What i can understand is these clients are pulling full.zip defs from sepm instead of delta files this might happen if the definitions on the problem client are corrupt however shows up to date or if GUP is configured and the def on gup are corrupt hence the clients are going to sepm to download the defs

Also in Sepm please check the content revision which has been configured from admin>server>site>liveupdate tab ususally the revision should be kept to 3 max 5

secondly try reinstalling LU on problem machine and observe it

Also under c;\programfiles\symantec\sepm\Inetpub\content\  clear the numbered folders by opening every alpha numeric folders do not delete alpha numeric folders .

The machine with problem are they in same group ? if yes go to clients tab the group and check Install packages tab if there are any packages listed kindly remove them and then observe it .

Also try moving few problem machines to another group which had no problem and check liveupdate policy if it is different for the location 

Sizing and scalablity might help

http://service1.symantec.com/SUPPORT/ent-security.nsf/383ed085ad1ed2c6882571500069b34d/18873ad6514d93b2882576cc0065df54/$FILE/SEP%20

1. As said by Swapnil, check if there are Packages assigned under 'Install Packages' tab for those groups where the client are utilizing larger bandwidth.

Check the Content revision in SEPM

2. You can also refer to - Best Practices for configuring the number of content revisions to keep in Symantec Endpoint Protection Manager:

http://www.symantec.com/business/support/index?pag...

3.Tips For Installing SEP In A Low Bandwidth Environment :

https://www-secure.symantec.com/connect/articles/t...

 Thanks and Regards, 

Prachi Tatkare.

Technical Support Analyst,

End Point Security, Enterprise Technical Support