SEP Clients retaining 5+ revisions of Defs, large disk space used
We are running into the issue where some of our servers are requiring 2GB+ for Symantec files.
Across hundreds of servers, this can be quite a bit of disk space growth over our previous AV software which wouldn't take more than 500mb on each server. I have noticed, some servers are fine. They have ~500-600mb used. However some are not, using anywhere between 1-2gb+ for definitions files.
I have dug into servers with lots of disk space usage, and it seems to come from this directory: C:\Users\All Users\Symantec\Symantec Endpoint Protection\12.1.x.x.x\Data\Definitions\VirusDefs or the analog on a 2k3 server.
On servers with low disk space usage, there are usually 1-3 folders here with definitions in them from multiple dates/revisions. On servers with higher disk usage, there may be 5-6+ folders here, sometimes with very old definition revisions (2-3 months old and older) still stored here.
How do we solve this issue? Keep in mind manual deletion does not work for us as we have far too many servers to nanny these folders by hand.
Comments
Can you tell us the version
Can you tell us the version of AV client running in your servers?
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
12.1.671
12.1.671
Hello , Please check out the
Hello ,
Please check out the below link,
How to change the number of downloaded content revisions that are retained by the Symantec Endpoint Protection Manager versions 11.0. or 12.1
http://www.symantec.com/business/support/index?page=content&id=TECH104845
Hi, As we have 5000
Hi,
As we have 5000 endpoints, this is set to 30. I was told not to change this in order to allow for more granularity in microdefs to reduce LAN/WAN traffic.
Am I to understand that the clients too will store 30 revisions? That doesn't seem to make any sense.
only SEPM will store 30
only SEPM will store 30 definition, not the client.
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
The SEP12 client is
The SEP12 client is preconfigured to keep one revision of each content set.
Please run SEP support tool .
You can download it from the below link
The Symantec Endpoint Protection Support Tool
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
If you find your virus defs
If you find your virus defs corrupted you may follow below KB to clear it once.
How to clear out definitions for a Symantec Endpoint Protection 12.1 client manually
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
by default
By default SEP 12 retains only 1 definition.
But for earlir versions see the below link which will guide you to reduce the number on the client.
http://www.symantec.com/business/support/index?pag...
It is possible that there was a problem during migration. you can run the SEP support tool log.
Download tool
Hi,
If you want to remove corrupted definitions you can use Rx4Defs.exe
For more information:
http://service1.symantec.com/SUPPORT/ent-security.nsf/dbe87fe9662c16ef8825734100634940/67b45d576111b98888257459005f74d0?OpenDocument
So this is a bug, then? This
So this is a bug, then? This isn't isolated, there are many servers in my environment doing this behavior.
Running the support tool is all well and good if this were one single instance, but we are seeing this on multiple machines.
can you check the registry
can you check the registry entry for 32 bit definition , if the cache setting has been enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\Content
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
We too are seeing a large
We too are seeing a large number of clients retaining virus definitions. Furthermore, Rx4Defs seems, at the link above, to be for 32-bit clients only. What do we do when we have a mixed environment of 32b and 64b?
Best regards,
Sune Mølgaard
Incidentally, at least for
Incidentally, at least for the machine that I tried to run the support tool on now, it would seem that definitions are *not* corrupted, but the support tool indicates that the client needs to be rebooted in order to delete the old definition dir.
This is highly inconvenient, and what might cause this?
Best regards,
Sune Mølgaard
There is currently a known
There is currently a known issue regarding clients not deleting definition sets until a reboot is performed. The issue has been presented to Development.
If you are experiencing this issue I would recommend calling into support and opening up a case and reference the following KB document.
http://www.symantec.com/docs/TECH180056
You will also want to provide a SEP support tool from a affected client showing that the definitions are waiting to be deleted upon reboot. Below is a link on how to download and run this tool.
http://www.symantec.com/techsupp/home_homeoffice/p...
Providing this information will be able to advance the case and have it attached to the issue. The more cases attached the more visibility this will gain with development.
If I was able to help resolve your issue please mark my post as solution.
Would you like to reply?
Login or Register to post your comment.