Hi,

With ref. to your post -

I have deleted the excess def folders in here, and modified the conf.properties file in "Symantec\Symantec Endpoint Protection Manager\tomcat\etc" to add the line scm.lucontentcleanup.threshold=1. Restarted the SPEM service but this had NO effect.

Add the line scm.lucontentcleanup.threshold=x (preferably between 1 to 5, since 10 is the default value).

Add this line to the END if the conf.properties file, and not anywhere in between. I know this sounds stupid, but adding this line at the end of the conf.properties file has worked for me on 5 cases in the last few days.

Sometimes, simply restarting the SEPM service does not help.

Please follow the following steps to resolve the issue - Stop the SEPM service. Navigate to the content folder, and then from each of the folders present under the CONTENT folder, go in and delete ALL the sub-folders with names in DIGITS.

Then RESTART the Server which has the SEPM installed, and then start the SEPM service again. This will resolve the issue.

@ Scott

I'll definately try to get this article updated when I get back to work on Monday.

@ DJ

I'll also post the relevent KB article on this thread for all to use.

Also, could you please give your E-mail address here so I can mail you the KB article personally.

If you DO decide to give your E-mail address :smileyvery-happy: , give it in the following format - e.g. scott(at)example.com .

DO NOT put the @ sign in your E-mail address, cuz if any bots come across our ID, you'll end up getting more spam.....:smileywink:

cheers.....

There are two threads on this board covering the same topic.  Here is a link to the other thread.

https://forums.symantec.com/syment/board/message?board.id=endpoint_protection11&thread.id=1490

We are currently experiencing this issue in our production network.  We are on MR1 build and are still experiencing the issue.  The only oddity of our installation is that we have a 16gig C: drive and a 50gig E: drive.  SEPM is installed ot the E: drive.  I don't know if this affects the situation any other than it severly limits our disk space for the LU content.  We have been in a server down situation since Friday.  I've followed the advice in both threads as well as 3 hours of troubleshooting with a support engineer.  Any advice would be helpful.

Is there a option to set the drive\directory location of where the updates download to?  Having 22GB of updates/defs download to the default installation directory is an absurd idea.  Why isn't there a simple option to change the directory where LiveUpdate downloads to?  Unless I'm missing something I would think that's a very reasonable option to have.

Message Edited by doutingtomas on 01-15-2008 09:03 AM

I guess on a positive note, when the C drive fills up, SEP will kill itself too.  :smileyhappy:

I am going to have to see if it is possible to deploy an install that will allow me to install somewhere other than C:

If there is even a potential risk of this product running rampant with corrupted temp files, then it cannot be installed on the system drive of a production server.

 This is resolved with MR1

Message Edited by austria on 01-22-2008 04:52 PM

Message Edited by Scott Klassen on 01-22-2008 10:35 PM

@ All,


sorry for the delay in responding to some PM's but was a bit too busy lately.

With specific regard to this topic, I found out the following -

Even after editing the content folder properties, if the issue still persists, it has something (dont know exactly what as yet) to do with your LiveUpdate settings.

After editing the conf.properties file and resetting IIS, rebooting the server, etc....log into the SEPM and click on the Admin Tab to the left side. Then click on the Servers tab, select Lolal Site in the tree, and click on EDIT SITE PROPERTIES.

Then click on the LiveUpdate Tab, and select DAILY instead of the regular "Every 4 Hours" setting, and click on OK

Then Click on the POLICIES Tab to the left hand side, and select the LiveUpdate Policy and click on the Policy in the rt. hand window, and edit it. Again, change the LiveUpdate settings from "Every 4 hours", to "DAILY", and then assign this policy to ALL THE GROUPS that you may have.....

The again, log out of the SEPM, and restart the IIS Admin service, and click on the OK button on the prompt when you see it.

Then perform a LiveUpdate thru the SEPM manually, and check how many folders are created under the content folder subfolders. This step, in effect actually has helped to resolve the issue for several people I knwo many times over. Dont know the exact cause for this, but am researching on the same.....till then, feel free to implement this and get that much needed drive space back where it belongs.....:smileyvery-happy:

@ ALL,

The Content Folder issue, and the LiveUpdate Def'ns issue have been completely resolved in MR2.

Its (MR2) been tested and proven to resolve the issue.....wait till it becomes available and then Deploy Deploy Deploy.....:smileyvery-happy:

if you have migrated from previous versions and are using the embedded database, you should also run the dbunload utility on your DB to shrink it down.

See here for details: http://service1.symantec.com/support/ent-security....

I have a problem. I followed all of these steps to delete the content. I have also upgraded SEPM and all of our clients to MR2. Now none of our clients now are getting updated virus definitions!

This is a big security risk for our company. Please help.

I, too, have the same problem, and it has occured at least on 2 of my company's clients. This is really shaking my faith with Symantec. Previously I had to do a fresh reinstallation of SEPM and reinstall the package on all clients. Is there a solution to this problem?

Followup on this and the above post would be appreciated.

Just the same problem - after deleting GUID folders, clients won't update (MR2 MP1).

IS THERE ANY SOLUTION OTHER THEN REINSTALL????? 

I am having the exact same issues. I was getting an error during the install, so I called support and went through it with the guy there. Seemed fine, but now there is no communication. I spend hours on the phone with support this morning and their answer is to uninstall SEPM and reinstall. Yes, that means recreate policies, groups, etc etc etc. Considering how well (do you sense sarcasm) these installs went in the first place, I dread this process more than a root canal. My mind tracks back through all the little tweaks (conf.properties) and things I've had to do over the last 7 months since I installed it.

By the way, while I was on the phone with them last week, I mentioned our 46gb content directory and he told me to delete the GUID named directories. I specifically said "I thought I read that you shouldn't delete these directories, but how do I reduce the size?" and he told me to do it and watched me do it on a Webex. Think that is what broke communication? Can I bill Symantec for my time?

Someone? Anyone? The Symantec employees on this forum have helped many in the past (including me) and I soooo appreciate them. Any brilliance for us on this one?

Cheers-

Kristina

I know it's not much, but sometimes running the Management Server Configuration Wizard and selecting to reconfigure the management server will jumpstart things again. Deleting the GUID named directories was probably not a good idea and may have contributed to the downfall, but without knowing the background prior to this I can't really comment.

At the very least you can save your policies by Exporting them out of the SEPM so they can be re-imported if a reinstall is the route you have to end up going.

PS: I've PM'd you for followup on this.

Hope that helps!

@ All,

It'd be best if you follow the given semi-workaround steps as then are given, and not their interpretation thereof.

The number of content updates stored in the \Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content folder can be reduced by creating the setting called "scm.lucontentcleanup.threshold" to the conf.properties file. This setting controls how many revisions that Symantec Endpoint Protection Manager retains in content (Virus Definitions, etc) for distribution and deltas (microdefs). Reducing this value reduces the amount of disk space and database space that is used, but increases the likelihood that clients that are not connected to the Symantec Endpoint Protection Manager for extended periods of times (such as laptops) will download a full virus definition set as opposed to microdefs, potentially increasing network utilization. Increasing the value of "scm.lucontentcleanup.threshold" will increase the disk and database space used, but clients that are not connecting to the Symantec Endpoint Protection Manager can stay offline for longer period and still receive microdef content, decreasing network utilization.


To adjust the number of content updates stored by Symantec Endpoint Protection Manager
Open the \Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\etc\conf.properties file.
Add the following setting to the file, (the example uses a value of 5, adjust the value as necessary, the default value is 10 if no entry is present)

scm.lucontentcleanup.threshold=5

Close the conf.properties file and click Yes to save your changes.
Click Start > Run.
Type services.msc and click OK.
Right-click on Symantec Endpoint Protection Manager, and click Restart.
Close Services.

Within a short period of time the numbered content folders should adjusted to the value that you selected, the example below is based on a value of 5:

\Program Files\Symantec Endpoint Protection Manager\Inetpub\content\{C60DC234-65F9-4674-94AE-62158EFCA433}\
71016009
71019009
71020006
71021005
71022017 ==>> These folders with the Numbers as names are the ones that need to be deleted, and not the higher level folders with Alphanumeric names.

Hope this helps.

BTW, running the Mgmt. Server config wizard  wont help much, since the SEPM content download locations are gone. The best option here is to run a repair (using a higher SEPM build), and work around the corruption issue.

 Hope this helps.

Cheers..... 

Thanks, Abhishek, for the complete explanation and thanks to David for responding. I had not done the cleanout of the content directories previously because I wasn't completely comfortable based on what I had read on the forums, which is why I asked the question of the support tech while I was on the phone. I thought it was the prudent way to go about it. I'm fortunate because SEPM is installed on a large drive (450 gb) and I have not seen the drive fill up, but I did want to clean out the excess that had landed there and avoid a problem down the road. I also cleaned out the IIS logfiles that were taking 6 gb of my 20 gb system partition.

I apologize if I was harsh yesterday. We're a small IT department doing enterprise level system engineering and usually run at an "overwhelmed" pace. To have a product like this absorb so much of my time... its just frustrating and generally unacceptable. I feel like I've taken my time to read the documentation and the kb articles I can find and the forums and still these things happen. If I can't even rely on tech support that we pay for to give me accurate answers, how am I to proceed with any level of confidence in the product? I don't have the resources to set up a full-scale test deployment. I can only test on a few virtuals and put some faith in Symantec to not cause major issues.

I did the uninstall and reinstall yesterday afternoon and it appears to have gone fine. I've only managed to pick up about half of my clients to get them back communicating with the newly installed manager, so I will be spending time with the unmanaged detector in a few minutes. I created 1 group with base policies to pull them all into and will set about recreating my groups and individual policies. I decided to view it as an opportunity to start fresh and do it the way I would have done it months ago if I knew then what I know now.

I will keep posting the wisdom I acquire and learning from all of you as well! Off to follow Abhishek's excellent directions!

Kristina

I think I found the setting we were all looking for. . .  I have maintenance release 3 so I am not sure if it was available in previous versions.

Open Endpoint Protection Manager

Click Admin

Click Servers

Click on Local Site, not your server.

Click edit Site Properties

Click LiveUpdate Tab

At the bottom, Number of content revisions to keep.  Mine was set to 30, I changed it to 10 and now I only have 10 folders worth of content revisions.  Adding that line to the conf.properties didn't do anything for me....I hope this helps somebody.

How can i get Maintenance release 3?

It's different for Symantec Endpoint Protection Manager and Symantec Endpoint Protection.

I just found Client version.

tkx,

wekhine

you can download the full maintenance releases (server and client) from https://fileconnect.symantec.com

You will need the number from your license certificate to access the software.

i read all posts in this topic and i try to edit the conf file .. but nothing, i changed the Liveupdate Settins following this https://forums.symantec.com/syment/board/message?board.id=endpoint_protection11&view=by_date_ascending&message.id=5629#M5629

but nothing ...

now i have 100 Mb free and  115 Gb of Contetn folder !!

my version is the SEP 11 Mr2 and i haven't space for update @ Mr3 !

thanks 

hi everybody,

this one did work for me on release 11.0.4202_MR4_MP2. at least for now. lets see whats coming...

We're running SAVCE and have yet to implement SEP in production.  I see old posts here about how this problem was fixed in previous MR's.  But I recently installed SEP 11.0.5002.333 in a test environment and have still encountered the problem described here.  C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content grows and grows.

Is this normal behavior?  Are those folders specifically related to what MillerTime posted about setting the LiveUpdate number of content revisions to keep?