Endpoint Protection

I have a server running 2008 R2 with Symantec SEP on it and the Symantec Endpoint Protection Manager folder in Program Files (x86) is 17.1 GB in size. This is the second largest folder on the C: drive. The Windows folder is 22GB which is only 5GB larger. Somehow I think the SEP folder is way too large and there is a problem causing it to be so.

How can I reduce the size of this folder?

Jonathan

Can You Please check which folder taking more space?

share the folder Name and which version of SEPM do you have ?

What version of SEP and are you using embedded DB or SQL DB?

Also, what folder and which file is it?

First of all, what is your SEP version?

In most cases, the folder <SEPM directory>\Inetpub\content, in which the content revisions (virus definitions) are saved, is the biggest culprit. 1 content revision takes almost 600 MB. Double it (for both 32 and 64 bit OS), and it's 1.2 GB. 3 content revisions are the minimum and Symantec's default for small environments.

Now if you save for example 10 content revisions, you have already 12 GB. Add the embedded database (<SEPM>\db), the database backups (<SEPM>\data\backup) and the client packages (<SEPM>\Inetpub\ClientPackages), 17 GB are normal. Even with a lower content revision number, 17 GB don't sound excessive.

See these articles:

Symantec Endpoint Protection Manager 12.1 database using a high amount of Hard drive space

https://www-secure.symantec.com/connect/articles/symantec-endpoint-protection-manager-121-database-using-high-amount-hard-drive-space

Disk Space Management procedures for the Symantec Endpoint Protection Manager

http://www.symantec.com/docs/TECH96214

Tip: Get a free file size visualization tool such as TreeSize or WinDirStat for examining the SEPM installation folder.

HTH!

Agree with Greg12. In additon, Client Packages are quite large. Every time you upgrade SEPM, you get 2 to 3 new client packages. If you've ever upgraded SEPM, you may want to check if you have old client packages. An old client package allows SEPM to update clients from that version to the latest version (technically any version) by sending a Delta instead of the full package size -- it's the same technology used in the content deltas.

You can reduce the number of content revisions your SEPM retains. However, if SEPM can only create content delta's for SEP clients if it has the old version that the client is currently on.

If you have a small network, and your computers are turned on everyday, you might be able to reduce this (remember, the biggest delta usually from Friday to Monday. At about 3 revisions a day, 10 delta's is usually a safe number to get you through the weekend).

If you reduce the number of contents revisions that SEPM retains, you run the risk of needing to send clients a "Full.zip" definition -- which is very large. Most companies want to avoid this at all cost. But you may be able to modify depending on your needs. But do use caution.

You may also want to check the "inbox" folder too. If the inbox folders are accumulating several gigabytes, your server may not be able to keep up with the incomming logs from the clients.

Hi Jonathan,

Could you please provide the following information to us?

1. SEPM version? Number of SEPM's ? Is there any replication or failover/load balancing?

2. Number of SEP clients in the network managed by SEPM?

3. Size of database i.e.sem5.db?

4. Total diskspace allocated to C drive?

5. If it's SEP 12.1 version then have you enabled database maintenance options?

Above questions answer can help to narrow down the correct answer.

Please go through following articles also.

Changing the log settings to reduce the size of the database

http://www.symantec.com/docs/TECH105238

Article for references:

Best Practices for configuring the number of content revisions to keep in Symantec Endpoint Protection Manager:

http://www.symantec.com/business/support/index?page=content&id=TECH92225

SEPM server running out of disk space

https://www-secure.symantec.com/connect/forums/sepm-server-running-out-free-disk-space

Symantec Endpoint Protection Manager 12.1 database using a high amount of Hard drive space

https://www-secure.symantec.com/connect/articles/symantec-endpoint-protection-manager-121-database-using-high-amount-hard-drive-space

Any update on this

Disk Space Management procedures for the Symantec Endpoint Protection Manager

http://www.symantec.com/business/support/index?page=content&id=TECH96214

Issue Related to Low disk space.

www-secure.symantec.com/connect/articles/issue-related-low-disk-space

Disk Space Management procedures for the Symantec Endpoint Protection Manager

http://www.symantec.com/docs/TECH96214

Drive Space used by Virus Definitions Updates

http://www.symantec.com/docs/TECH141811

Symantec Endpoint Protection virus definition folder consumes a large amount of disk space

http://www.symantec.com/docs/TECH102927

Wow, thanks for the replies everyone! I was concerned about the server crashing due to so little free space on C: so I wound up calling Symantec support. We got several gigs cleared out so the crisis is over for now. I learned a lot from a fantastic support tech on the phone, probably the best support call I've had in 14 years of working in IT. My company took over management of this client's IT from another company and we're still scratching our heads trying to figure out why they configured things the way they did. SEP is at the base version of 12, no RU. Since RU2 is coming out soon, I was advised to hold off till then without doing RU1. And because of the version it's at, without RU1, is why certain files have not been getting deleted. The # of instances (not correct term but can't think of it now) kept is 3 so it's as low as we dare go and there are both 32bit and 64bit clients so we have to keep both. The support tech was pretty thorough in going over everything so I'm pretty satisfied with the state of things.

SEP should never have been put on C: but we're not going to try and change that now. We'll just keep an eye on things.

Thanks again everyone for your swift responses. You're a good group. Had I not gotten on with Symantec support, I would have taken you up on your replies.

Jonathan

Hi Jonathan,

Good to see your feedback.

The TSE who recommended you to wait SEP 12.1 RU2 is right and especially for Windows Server 2008 R2 as there are some (not many) known issues affecting this OS which will be fixed on this next release.

Kind Regards,

A. Wesker

cool, I am very keen to wait until SEP 12.1 RU2 is released for everyone, hopefully that the upgrade from MP1 doesn't cause any downtime at all.

Hello,

Here are the Public Documents available for SEP 12.1.2

Symantec™ Endpoint Protection and Symantec Network Access Control 12.1.2 Installation and Administration Guide

https://www.symantec.com/business/support/index?page=content&id=DOC6153

Symantec™ Endpoint Protection and Symantec Network Access Control 12.1.2 Client Guide

https://www.symantec.com/business/support/index?page=content&id=DOC3719

Symantec™ Endpoint Protection 12.1.2 Getting Started Guide

http://www.symantec.com/docs/DOC4322

What's new in Symantec Endpoint Protection 12.1.2

http://www.symantec.com/docs/HOWTO81091

System Requirements for Symantec Endpoint Protection, Enterprise and Small Business Editions, and Network Access Control 12.1.2

http://www.symantec.com/docs/TECH195325

Symantec Endpoint Protection for Macintosh Frequently Asked Questions

http://www.symantec.com/docs/TECH134203

Upgrading or migrating to Symantec Endpoint Protection 12.1.2011 (RU2)

http://www.symantec.com/docs/TECH197426

Hope that helps!!

thank you Mithun

Hi Jonathan,

Please let me if it is solved...? If yes then pls share that what you did..?

Yes please I also curious to know as well.

As I mentioned earlier, I called Symantec support and the tech walked me through clearing out the majority of files from 2 folders. I didn't change any settings as they were already set at optimum and the database was the size the tech expected for the size of the business.

Here is what we did to clean out the 2 folders.

1. Stop SEP Manager service
2. Delete contents of Data folder
3. Delete *.slg from db folder
4. Restart SEP Manager service

Jonathan

Jonathan,

is that onlyworks when you are using build in or embedded DB ?

John, I'm sorry but I don't know the answer to that. I still don't understand BE very well, pretty much only what the support tech showed me since I've never worked with it before and it's not that simple of a program. Had I installed it, I would know the answer to your question.

Ah.. no worries Jonathan,

are you refering to BE as in Backup Exec or that was typo for SEPM (Symantec Endpoint Protection Manager) ?

Sorry, I had both BE and SEP problems at the same time. But my inexperience with both is the same. So you can just substitute SEP for BE.

No worries Jonathan, I also got less experience here as well, but the people in this forum are very helpful :-)