Endpoint Protection

I understand that I can change the number of content revisions that I keep.  It is currently at 10.  I’ve heard from another Symantec tech in the past that the current recommendation for this is 42, which should cover 2 weeks, at 3 revs per day.

My question is, currently we have our main server connect to Symantec once per day for the antivirus updates.  The other servers pull from that main server and do not go to Symantec.  I believe that means that even if Symantec release 3 updates in a day, we only download 1 of them.  (Correct me if I’m wrong.)

Does that mean that my content revisions settings at 10 is holding 10 days worth right now?  Or is it holding approximately 3 1/3 days worth (assuming 3 revs per day…I understand that the revs per day is not a constant and 3 is just an average). 

Basically, I’m asking if our server is holding 1 content rev per day, or more like 3 per day?  We check every morning, so we might only be pushing the morning definitions out, but we do have some remote users that go directly to Symantec.com for their updates.  I guess there is a chance that they could get a definition in the afternoon, resulting in a different definition that our main server has, resulting in our main server needing to account for that….which may mean that the server has to compute all of the revs for each day.

There is a definition date and revisions added to that, I think this is minor when new signature is added.

Making your server to run Automatic liveudpate every 8 hours, u should alll get it.

since there will be more traffic running in the network wehenever there is new defs available on the server, we prefer it to running only once in a day, 

when latest virus revision has significant signature for some new virus then we force a liveudpate or run intelligent udpater.

yes, 10 revisions is around to 4 days ( 3 /day).

Hi,

As per your comment "My question is, currently we have our main server connect to Symantec once per day for the antivirus updates.  The other servers pull from that main server and do not go to Symantec.  I believe that means that even if Symantec release 3 updates in a day, we only download 1 of them.  (Correct me if I’m wrong.) "

Ans : You are correct & 10 revision is around to 4 days not 10 days.

Check this thread as well to check timings

https://www-secure.symantec.com/connect/forums/lag-signature-definations-date

So even my SEP server only downloads definitions 1 time per day, it will still keep approxmately 3 revisions per day?

Yes, if it downloads say at  7pm, then all the three are downloaded.

You can see them in the Liveupdate policy, live update content settings, if u click edit, u will get a drop down menu of revisions..

Definitions are most of the time released during US daytime, thus you can find time difference between definition revision and today's date.

As an exemple, here is what is usually  in EMEA:

   - 1st definition at 01:00PM-03:00PM

   - 2nd definition at 05:00PM-07:00PM

   - 3rd definition at 05:00AM-07:00AM

(all with one day difference regarding current day).

How about GUP servers? will they keep the same number of revisions as the SEPM?

I mean, do we need the same amount of disk space in our GUP servers comparing to our SEPM (assuming we decided to keep 15 days, aprox 60GB)? How about our SEPM load balance or SEPM in a replication site?