SEPM Taking Over 30 GB Drive Space?

Created: 28 Nov 2012 | Updated: 14 Dec 2012 | 7 comments

dsmith1954

This issue has been solved. See solution.

Had a Server Health report waiting on me this morning - no disk space on the D: drive. So I went looking for the culprit, and D:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager is taking almost 38 GB of drive space. The Inetput directory takes over 31 GB, and the Content folder takes about 30 GB. Under the Content folder are 22 folders named with those gawd-awful GUID names. Some of those are only a few MBs, most are around 650 MB, but two are over 13 GB!

The ContentInfo.txt file shows those folders to be the Win32 and Win64 virus definitions folders. Those folders have 21 folders each, with each one of those being about 650MB. They show 21 versions of AV definitions, which is what best practice recommended when we installed the SEPM. Each folder is storing a zip file of the full definitions, a folder with the full definitions, and several xdelta definitions. If I reduce the number of definitions, will that automatically remove the older folders?

There is also a Client Packages folder under Inetpub that is over 1GB, with what seems to be the similar content. There are 5 folders, each about 300MB with zipped up and delta files. Opening the full.zip file, I see that those are yet another copy of the SEP installer packages. Do we really need that many copies of the SEP installer packages. They are all over the SEPM directory.

The data\inbox has a log folder with almost 2GB. Under there is a log folder with 1.9 GB of log files. Almost all of the folders under that have a lot of .ERR files, some of which date back to 2010. The packets and traffic folders are the biggest offenders with over 1 GB of files dating back to 2010. These are all text files with a bunch of GUID-looking entries and some computer information. A .ERR extension indicates error messages to me, can I safely delete those? At least delete the ones from 12/2011 and older?

The data\replication folder is almost 4GB, and I don't have replication turned on. I only have one SEPM server. Can I delete that data.zip file? It is dated 10/31/2011.

Discussion Filed Under:

Security, Endpoint Protection (AntiVirus) - 12.x, Endpoint Protection (AntiVirus), Best Practice, Troubleshooting

Comments RSS Feed

Comments 7 Comments • Jump to latest comment

pete_4u2002 Symantec Employee

SEPM Taking Over 30 GB Drive Space? - Comment:28 Nov 2012 : Link

Disk Space Management procedures for the SEPM

http://www.symantec.com/business/support/index?pag...

hope this is helpful.

Cheers!
Pete

Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619

Brian81 Trusted Advisor

SEPM Taking Over 30 GB Drive Space? - Comment:28 Nov 2012 : Link

How many content revisions are you keeping?

SEP Knowledge Base

Endpoint SWAT

greg12

SEPM Taking Over 30 GB Drive Space? - Comment:28 Nov 2012 : Link

If I reduce the number of definitions, will that automatically remove the older folders?

Yes. But keep in mind that reducing the number of content revisions may mean more full content downloads by the clients.

Do we really need that many copies of the SEP installer packages.

Yes, but you can disable the option "Store client packages unzipped" under Admin > Servers > Local Site > LiveUpdate > Disk Space Management. Then the client packages will only be saved as zipped. The unzipped folders will be removed immediately. However, after that clients cannot be upgraded with delta packages.

The packets and traffic folders are the biggest offenders with over 1 GB of files dating back to 2010. These are all text files with a bunch of GUID-looking entries and some computer information. A .ERR extension indicates error messages to me, can I safely delete those? At least delete the ones from 12/2011 and older?

I would stop the SEPM and delete them; they seem to be artefacts caused by temporary SEPM issues to write client logs into the database. See this thread:

https://www-secure.symantec.com/connect/forums/sepmdatainboxlog-many-err-files

A. Wesker Symantec Employee

SEPM Taking Over 30 GB Drive Space? - Comment:02 Dec 2012 : Link

You're keeping the equivalence of a full week of definitions which is good.

It's a "small" (I used quotes for the small lol ^^) inconvenience on the SEPM server because it uses a lot of disk space but on the other hand it's a great benefit for your managed SEP clients that might be offline for few days simply because the users do not use their machines and it permits the creation of smaller delta and then to keep under control the network bandwidth used when your clients are updating from your SEPM server.

At least with your current LU content kept on your SEPM server, a machine offline for 5 days for example, when this machine will be back online, it will still be able to retrieve definitions from the SEPM and not requesting a full (and heavy ^^) package of definitions.

If you have a data.zip file on the replication folder, it didn't create itself alone like that. It means at least a replication has been done on 10/31/2011 with another SEPM server and I highly suspect it was a migration of a SEPM Console from a server to this more recent server which is a good thing as it's clearly the easiest method to use and it's clearly less annoying than the Disaster Recovery method

If you confirm that last information regarding replication, then you can delete the data.zip populated on the replication folder without any worries as you're using only one SEPM after the unique and only one replication has been done for the server migration