Hi Jwardell,
"Thumbs up" to the advice, above. Very good information on the size of full AV defs and average deltas that are sent to clients.
>content update for SEP 12.1 that is pulled down to the SEPM via liveupdate?
Due to the millions of threats and variants in circulation today, the AV definitions are the largest component that the SEPM needs. However, there are also IDS signature definitions, whitelists, client packages, etc that the SEPM will need to download, too. For a full list of what a SEPM is downloading and the sizes of the files, do check out the log.liveupdate from the SEPM.
Both the SEPM and the LiveUpdate Administrator 2.x server generally connect to Internet LU sources, and can keep the SEP endpoint up-to-date with the latest contents. In most circumstances it is best for the SEPM to handle this job, as the technology that it uses to generate delta defs for the clients results in smaller custom-built differential delta files being sent to each endpoint client. The SEP clients get exactly what they need, and no larger. The LUA server just stores and passes on the same larger incremental "current defs" that are on the Internet. This keeps them up-to-date just as effectively, but may use more network bandwidth.
The following article has a little more info on LUA AND SEP:
When is it Recommended to Use LiveUpdate Administrator 2.x with Symantec Endpoint Protection?
Article: TECH154896 | Created: 2011-03-07 | Updated: 2011-08-17 |
Article URL http://www.symantec.com/docs/TECH154896
Hope this helps! Do update the thread if there is any more infromation you need, Jwardell, or mark it solved for the benefit of future admins who have the same question.
Thanks and best regards,
Mick