Endpoint Protection

Hi all,

I have SEP 12.1.671.4971 with Live Update running on one of our Domain Controllers (Windows 2008 R2 Server) and currently having an issue.

The disk space for virus definitions have chewed up 15 GB in the last month and the drive is quickly running out of space. I have stopped the SEP services and cannot seem to delete the temp folders that are causing the problem, as I am getting back an error that I need administrator privileges. I am a domain admin and I have tried also running as a local administrator, and still I am not able to delete these temp folders.

I have a feeling that this is more a Windows permissions issue and less a Symantec issue, but if anyone has any feedback it would be greatly appreciated.

Where are the files building up, and what are they called? Since this is a DC, it probably doesn't get rebooted often, but do these files get purged on reboot?

sandra

Hello,

Please check out the below  link,

How to change the number of downloaded content revisions that are retained by the Symantec Endpoint Protection Manager versions 11.0. or 12.1

http://www.symantec.com/business/support/index?page=content&id=TECH104845

Hello,

There are few Article which may assist you.

Increasing Symantec Endpoint Protection Manager disk space before upgrading to version 12.1

http://www.symantec.com/docs/HOWTO55365

High Disk Space is being consumed by C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\Importpackage

http://community.spiceworks.com/how_to/show/2656

Symantec Endpoint Protection Manager 12.1 database using a high amount of Hard drive space

https://www-secure.symantec.com/connect/articles/symantec-endpoint-protection-manager-121-database-using-high-amount-hard-drive-space

Hope that helps!!

In the case of the Symantec Endpoint Protection (SEP) client using large amounts of disk space:

 Stop the Symantec service

• Symantec Endpoint Protection

  • Click Start, then Run
  • Type: smc -stop
  • Click OK

Deleting the files

NOTE: The following instructions are to be accomplished from the Command Prompt, as attempting to perform the deletions from Windows Explorer may result in delays and application hangs. Please note that these instructions will delete the files in the targeted directories/folders, not the directories/folders themselves. Do not remove the directories/folders themselves.

 NOTE: The following steps will delete files from the system and having a backup of the system in case of problems resulting from the the deletions is advised.

Open the Command Prompt

Deleting files from User Temp folder

• Click Start, then Run
• Type: cmd
• Click OK

1. Type the following command in Command Prompt. (The following command will vary depending on the user name.) Replace "<NAMEOFUSER>" with the username of the desired Windows user you wish to empty the temp folder for:

• For Windows 2000/XP/2003
   DEL /F /Q "C:\Documents and Settings\<NAMEOFUSER>\Local Settings\Temp"

•  For Windows Vista/7/2008
   DEL /F /Q "C:\Users\<NAMEOFUSER>\AppData\Local\Temp"

2. Deleting the contents of the temp folder at the root of C:\

• Type the following command in Command Prompt:

  DEL /F /Q C:\temp

3. Deleting the contents of the Windows Temp folder

• Type the following command in Command Prompt:

  DEL /F /Q C:\WINDOWS\Temp

4. Deleting the contents of the xfer and/or xfer_temp directories

• Type the following command in Command Prompt:
  • • Windows 2000/XP/2003
      DEL /F /Q "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\xfer_tmp\"

      DEL /F /Q "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\xfer\"

    • Windows Vista/7/2008
      DEL /F /Q "C:\ProgramData\Symantec\Symantec Endpoint Protection\xfer_tmp\"

      DEL /F /Q "C:\ProgramData\Symantec\Symantec Endpoint Protection\xfer\"

The Quarantine Folder

NOTE: The following instructions are to be done from the Command Prompt as attempting to open the Quarantine folder in the Windows user interface may result in delays and Windows Explorer application hangs due to the large amount of files that can reside there.

Delete the Quarantine Folder

Type the following commands in the Command Prompt:

• Windows 2000/XP/2003
  DEL /F /S /Q "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine"

  RD /S /Q "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine"

• Windows Vista/7/2008
  DEL /F /S /Q "C:\ProgramData\Symantec\Symantec Endpoint Protection\Quarantine"

  RD /S /Q "C:\ProgramData\Symantec\Symantec Endpoint Protection\Quarantine"

Recreate the Quarantine Folder

Type the following command in Command Prompt:

• Windows 2000/XP/2003
  MD "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine"
• Windows Vista/7/2008
  MD "C:\ProgramData\Symantec\Symantec Endpoint Protection\Quarantine"

Start the Symantec service

• Click Start, then Run
• Type: smc -start
• Click OK

 In the case of the Symantec Endpoint Protection Manager (SEPM) using large amounts of disk space:

The catalina.out file can grow quite large, possible to 1 GB or more in size

 The most typical cause is not disabling the debugging mode of the SEPM, which can lead to large log files building up, including Catalina.out.  This situation can be remedied as follows:

• Stop the Symantec Endpoint Protection Manager service. Browse to C:\ProgramFiles\Symantec\Symantec Endpoint Protection Manager\tomcat\etc\
• Open the conf.properties file and delete the line that says: scm.log.loglevel=(FINEST, FULL...)
• Save and close the conf.properties file
• While the SEPM service is stopped you can delete or archive all the log files located in \Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\logs folder (be sure to only move or delete the contents of the logs folder, not the logs folder itself)
• Start the SEPM service.

Retaining a large amount of definition content can lead to folder growth under \Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\Content

To adjust the amount of content retained by the SEPM go to the Admin page of the SEPM Console, Servers section, then select Local Site and click Edit Site Properties.  From here go to the LiveUpdate tab, then see the section labeled 'Disk Space Management for Downloads'. 

 Please see the following article for additional information on managing the number of Content revisions retained by a SEPM, as well as other useful information:

http://www.symantec.com/business/support/index?page=content&id=TECH96214&locale=en_US

NOTE: According to the product system requirements, the SEP client requires at least 600 MB of free hard disk space.

Note: the LiveUpdate component is always installed on the C: drive, regardless of any custom installation path selected for the SEP client. LiveUpdate requires at least 130 MB of free space on C:.

Check to make sure enough disk space is available

It is recommended to utilize the following articles for additional information:

1) Disk Space Management procedures for the Symantec Endpoint Protection Manager

http://www.symantec.com/docs/TECH96214

2) Symantec Endpoint Protection virus definition folder consumes a large amount of disk space

http://www.symantec.com/docs/TECH102927

3) Incase, you we want to Monitoring Server Health from Symantec Endpoint Protection Manager and Receive Notification, follow the Article below:

http://www.symantec.com/docs/TECH122731

Regards