Hi,
Thank you for posting in Symantec community.
I would be glad to answer your query.
Its vacation time and most of the offices are shut down, therefore the computers in these offices are most likely to be turned OFF. When we return back from vacation and turn our computers ON, it’s quite likely that the installed software’s on the computers would reach out to the internet or a designated source to get its updates. Symantec products are no exception and they would try and fetch their respective updates. As far as SEPM & SEP client computers are concerned the below mentioned actions should help reduce the traffic and the bandwidth congestion in the network.
When you power on the machine after a gap of 1 or 2 weeks it’s possible that the SEPM console does not have the latest virus definitions and thereby the clients won’t have it too. The best strategy in such cases would be to upgrade the SEPM console with the latest virus definitions first. As far as the SEP clients are concerned the latest rapid release definitions should help. The rapid release definitions can be downloaded and kept at a centrally shared location so that the clients can download that exe file(If possible may be create a script file so that the exe file is installed when the computer starts and thereby the AV/AS definitions which consume bandwidth can be updated before they contact their respective SEPM) and update their definitions, by doing so it would reduce the traffic in the network between the SEP clients and the SEPM, because when the SEP clients contact the SEPM, the SEPM checks with its own database for the version of definitions available and if the SEP client has the latest or a day old definitions, it distributes the updates which are a few KB’s in size, however if the SEP client has definitions which are a week or two old, then the SEPM will dispatch the FULL.ZIP file and the size can be around 50 to 70 MB’s(Approximate value, it may vary) which will consume a lot of bandwidth.
A client will download a full definition any time its SEPM is not able to build a delta for the content it is requesting. In order for the SEPM to be able to build a delta, the following conditions must be met:
The SEPM must have a copy of the definition revision that the client is currently at.
The SEPM must have a copy of the content being requested by the client.
If both conditions are met, then the SEPM will build a delta for the requested content.
In most cases, if a client is requesting a full.zip, it is because its definitions are farther out of date than the number of content revisions being kept on the SEPM. If a client is requesting a full.zip because of this condition, the product is working as designed.
Reference: http://www.symantec.com/business/support/index?page=content&id=TECH131528">http://www.symantec.com/business/support/index?page=content&id=TECH131528">http://www.symantec.com/business/support/index?page=content&id=TECH131528
Refer this article as well: https://www-secure.symantec.com/connect/articles/managing-sepm-sep-after-vacation