Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SEPM Unbelieveably Excessive Disk Usage

Created: 04 Jan 2008 • Updated: 29 Aug 2010 | 65 comments
I have a number of small business customers that I have recently upgraded to SEP 11. (from SAV10.2)
 
I have just had to diagnose why their tape backups are failing.... the issue? The c:\Program Files/Symantec folder + C:\Program Files\Common Files\Symantec Shared folder is 22GB !!!  Are you friggin kidding me !!!   22 Gigabytes !!
 
The Symantec folder is Larger than Windows + Exchange + All of the companies data COMBINED!!
 
This is a serious issue which needs rectifying.
 
1) The \Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content folder is OBSCENELY LARGE! in particular
Symantec Endpoint Protection Manager\Inetpub\content\{1CD85198-26C6-4bac-8C72-5D34B025DE35}
&
Symantec Endpoint Protection Manager\Inetpub\content\{C60DC234-65F9-4674-94AE-62158EFCA433}
 
I have deleted the excess def folders in here, and modified the conf.properties file in "Symantec\Symantec Endpoint Protection Manager\tomcat\etc" to add the line scm.lucontentcleanup.threshold=1. Restarted the SPEM service but this had NO effect. Within hours the deleted items are back and the folder is back to it's obscene size
 
2) The Program Files\Common Files\Symantec Shared is also oversized (2-3Gb) with old defs and a shed load of temporary folders. COME ON PEOPLE you never heard of %temp%? What is the point of remapping the temp folder if you people just stick your temp stuff where you want AND dont clean it up after you have finished?!  (In this case on the system volume affecting the backup)
 
I need some urgent action on this to vastly reduce the disk usage of this product.
 
This is having a serious impact on all of my clients, in one case their free disk space on their system volume is becoming critical.
 
 
 
 

Comments 65 CommentsJump to latest comment

Abhishek Pradhan's picture

Hi,

With ref. to your post -

I have deleted the excess def folders in here, and modified the conf.properties file in "Symantec\Symantec Endpoint Protection Manager\tomcat\etc" to add the line scm.lucontentcleanup.threshold=1. Restarted the SPEM service but this had NO effect.

Add the line scm.lucontentcleanup.threshold=x (preferably between 1 to 5, since 10 is the default value).

Add this line to the END if the conf.properties file, and not anywhere in between. I know this sounds stupid, but adding this line at the end of the conf.properties file has worked for me on 5 cases in the last few days.

Sometimes, simply restarting the SEPM service does not help.

Please follow the following steps to resolve the issue - Stop the SEPM service. Navigate to the content folder, and then from each of the folders present under the CONTENT folder, go in and delete ALL the sub-folders with names in DIGITS.

Then RESTART the Server which has the SEPM installed, and then start the SEPM service again. This will resolve the issue.

Abhishek Pradhan, PMP, MCT
Blog: http://blog.abhishekpradhan.net | SIG Lead - Pune IT Pro (Microsoft Pune User Group) | http://www.puneusergroup.org

SKlassen's picture
Abhishek, please do what you can to get your important additions to the instructions added to the kb article about this issue to assist others in future.
 
 
Thanks.
djmarkm's picture
Hi Abhishek
 
Thanks for your reply.
 
One small question..
 
If the default value of scm.lucontentcleanup.threshold is 10 why are there 76 folders in \content\{1CD85198-26C6-4bac-8C72-5D34B025DE35} & {C60DC234-65F9-4674-94AE-62158EFCA433}  ??
 
I had seen the KB article had already added the scm.lucontentcleanup.threshold property to the end of conf.properties. and restarted the SPEM service. I had even rebooted the server inbetween config changes. I first used the value 5 as suggested in the KB then the value of 1 when I saw this making no difference.
 
The only step I didnt do is delete the folders with the GUID names (Digits) which I am doing now.
 
I'm currently in the process of rebooting the customers server after these changes so will update my post later today with the results.
 
 
regards
 
 
Mark
djmarkm's picture
Hi Abhishek
 
Your additional steps seem to have worked for the inetpub/content folder problems.
 
Many Thanks
 
Now how about tackling the junk that appears in Pogram Files\Common Files\Symanetc Shared ??
 
 
Regards
 
Mark
 
 
dfhbac0's picture
Yes, I agree.  The junk that is in Common Files/Symantec Shared is OBSCENELY large.  This needs urgent attention as this is on the C: drive.
Abhishek Pradhan's picture

@ Scott

I'll definately try to get this article updated when I get back to work on Monday.

@ DJ

I'll also post the relevent KB article on this thread for all to use.

Also, could you please give your E-mail address here so I can mail you the KB article personally.

If you DO decide to give your E-mail address :smileyvery-happy: , give it in the following format - e.g. scott(at)example.com .

DO NOT put the @ sign in your E-mail address, cuz if any bots come across our ID, you'll end up getting more spam.....:smileywink:

cheers.....

Abhishek Pradhan, PMP, MCT
Blog: http://blog.abhishekpradhan.net | SIG Lead - Pune IT Pro (Microsoft Pune User Group) | http://www.puneusergroup.org

djmarkm's picture
Hi Abhishek
 
the e-mail address is mark(dot)moran(at)4-it(dot)co(dot)uk
 
Thanks for your help with this. It's now been a week since implementing your fixes and things do seem to have settled down.
 
Regards
 
Mark
Markej76's picture
Hi Abhishek Pradhan
 
Sorry because my English is not so good.
 

We have the same problem on 3 of our SBS 2003 servers that we administrate.

I follow the instructions and change the conf.properties file as you suggested. At the end I inserted scm.lucontentcleanup.threshold=5 and restarted the SEPM service.

The content folder still have the size of 10GB, free space on system disk is now 250KB.

 

I cannot fulfill the second part of your instructions since I don’t have any DIGITS folders under content folder.

 
What should I do?
 
Thnx four your help in advance.
 
By M.
Matt Pierce's picture

There are two threads on this board covering the same topic.  Here is a link to the other thread.

https://forums.symantec.com/syment/board/message?board.id=endpoint_protection11&thread.id=1490

We are currently experiencing this issue in our production network.  We are on MR1 build and are still experiencing the issue.  The only oddity of our installation is that we have a 16gig C: drive and a 50gig E: drive.  SEPM is installed ot the E: drive.  I don't know if this affects the situation any other than it severly limits our disk space for the LU content.  We have been in a server down situation since Friday.  I've followed the advice in both threads as well as 3 hours of troubleshooting with a support engineer.  Any advice would be helpful.

DJcart's picture

Is there a option to set the drive\directory location of where the updates download to?  Having 22GB of updates/defs download to the default installation directory is an absurd idea.  Why isn't there a simple option to change the directory where LiveUpdate downloads to?  Unless I'm missing something I would think that's a very reasonable option to have.

djmarkm's picture
 
The folder isn't called "Digits" they ARE digits. GIUD's actually
 
They should look something like this
 
{1CD85198-26C6-4bac-8C72-5D34B025DE35}
{42B17E5E-4E9D-4157-88CB-966FB4985928}
{4F889C4A-784D-40de-8539-6A29BAA43139}
{812CD25E-1049-4086-9DDD-A4FAE649FBDF}
{C25CEA47-63E5-447b-8D95-C79CAE13FF79}
{C60DC234-65F9-4674-94AE-62158EFCA433}
{CC40C428-1830-44ef-B8B2-920A0B761793}
{D3769926-05B7-4ad1-9DCF-23051EEE78E3}
{E1A6B4FF-6873-4200-B6F6-04C13BF38CF3}
{E5A3EBEE-D580-421e-86DF-54C0B3739522}
 
 
Regards
 
Mark
 
(The folder names may not be 100% accurate as the message board interpreted some as invalid html content and removed them)
doutingtomas's picture
HI Abhishek
I followed suggested steps and it helped to clean up the /content folder
server gets updates without any problem so thank you so much
but clients stoped getting virus defs updates
I called symantec first level support and they suggested me "...

You may need to uninstall the manager with a utility, then reinstall.

After reinstalling, redeploy the clients with a new deployment package..."

which means completely remove SEP from the server then reinstall it and start redeploying clients all over again 

Is that the right attitude in Symantec corporation to problem resolutions?

If there is any way to work out my issue without total reinstall of the product?

Thank you again  Abhishek

 



Message Edited by doutingtomas on 01-15-2008 09:03 AM

Markej76's picture

@djmarkm

Thanks djmarkm. I have deleted those folders now and restart the server. Now I have 10GB of free space. I will check the server again tomorrow. Tomorrow I will all so upgrade to version released in December.

I will report results tomorrow.

Greg.Hooper's picture

I guess on a positive note, when the C drive fills up, SEP will kill itself too.  :smileyhappy:

I am going to have to see if it is possible to deploy an install that will allow me to install somewhere other than C:

If there is even a potential risk of this product running rampant with corrupted temp files, then it cannot be installed on the system drive of a production server.

danwilli's picture
I am seeing in this thread talking about setting the threshold to 1 -5, but as far as I know, it will only work if it is set to 5+
 
I have had no success with a threshold below 5.
SKlassen's picture
Works for me set to 3.  Did you restart the SEP Manager service after setting/changing the numberr?
 
Abhishek:  The kb article still hasn't been updates.
Abhishek Pradhan's picture
Hi Scott,
 
sorry for the late reply. I've already sent another request for the KB to be updated. We'll just hae to wait a few more days for it to be updated.

Abhishek Pradhan, PMP, MCT
Blog: http://blog.abhishekpradhan.net | SIG Lead - Pune IT Pro (Microsoft Pune User Group) | http://www.puneusergroup.org

SKlassen's picture
Thanks.  Try beating on Paul Mergatroyd.  He seems to have the pull to get KB articles updated quickly.  :)
Abhishek Pradhan's picture
@ Scott -
 
Beat as in ????? :smileysurprised:
 
Literally or figuratively ????? :smileywink: or Beat as in Bet in the race to publish / update KB articles in a jiffy ?:smileyhappy:
 
 
I don't think Paul will like that.....:smileyvery-happy:

Abhishek Pradhan, PMP, MCT
Blog: http://blog.abhishekpradhan.net | SIG Lead - Pune IT Pro (Microsoft Pune User Group) | http://www.puneusergroup.org

SKlassen's picture
Lol.  Beat as in a joking expression.  Seriously though, you probably have some means to contact him directly such as his company email address and can ask him to give the kb article update a little speed boost.
 
Closely related to this and the pending article/articles for the Home, Monitors screen show empty framed boxes  thread.  I've noticed that the KB gets really unwieldy to use once it gets above a few dozen articles for a product.  Last I checked, there were close to 300 for SEP.  Previously I put in a request to the web people for an advanced search to find new or recently updated articles.  An even easier solution would be RSS feeds set up by product.  That way, proactive customers like myself could stay up to date on problems and their solutions fairly easily.  Feel free to pass this along to the powers that be.  :) 
guidoelia's picture
I hate to be obliged to go and change registry settings for everything.
Couldn't be a GUI based option to limit database to 1 months -six monthes or similar ?
Neerajw1's picture
Abhishek can you please share the KB artical with me as we are also facing the same issue,Like my home ,reporter and monitor tabs are empty.
 
Regards
Neeraj
austria's picture
Hi
 
I had the same iusse a view weeks ago.  I have updated a KB article in a thread at this forum. Since i have done all this settings and had fix database all work fine :smileyhappy: Communitation with client, disk space ....
 
Look at the article :
 
Post 7



Message Edited by austria on 01-22-2008 04:52 PM

Joe T's picture
Abhishek,
I have read this thread a few times but I'm still not clear on something.  Is this problem (excessive disk space usage in the Content folder) fixed in MR1?  I installed MR1 last week and want to know if I need to edit the conf.properties file, etc...
 
Thanks.
SKlassen's picture
It's not a bug, that behavior is in the program by design.  The concept being that the more microdefinition sets stored on the SEPM server, the less chance that clients which have been disconnected for a time will need a full definition set.
 
Just so happens that you, myself, and quite a few others are running ancient or anemic servers without "modern" drives with 100's of GB to spare.
 
The goof on the part of the designers/programmers wasn't necessarily having the program behave in this manner, but in hiding the way to change it by making the control an undocumented manual edit to a conf file, instead of incorporating it into the SEPM console GUI.
 
Yes, you will have to edit the conf. file in MR1.  You'll also want to do the IIS tweak if your strapped for space.
 



Message Edited by Scott Klassen on 01-22-2008 10:35 PM

Joe T's picture
Scott,
Thanks for the explanation.  I did the conf steps as outlined in the second post of this thread.  What is the IIS tweak that you speak of? 
SKlassen's picture
In a nutshell, the SEPM component of IIS logs everything.  Take a look at your IIS logs and see how much space is being sucked up.  By default, these are going to be in a folder within %windir%\system32\LogFiles.  In a very short time, these begin using up space like mad because they are never deleted.  To resolve this issue, open up the IIS Manager, find the secars virtual directory,  right-click on it and choose properties, then uncheck "Log Visits".  You'll also want to delete the logs that already exist to reclaim the space used.
Jerry Tan's picture
Thank you, Scott,
Very useful information!
 
Jerry
lautamas's picture
@scott: Can I delete everything in c:\Windows\System32\LogFiles ?
 
@everybody: Can you please post how big the C:\Program Files\Symantec\Symantec Endpoint Protection Manager folder now after tweaking the conf.properties? Mine is still showing 2.64gb
 
I tweaked the conf.properties and deleted everything in C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content.
By the way, my content folder, after deleting and rebooting is now 640mb. Is this normal?
djmarkm's picture
Hi All
 
Right, I started this thread so I thought it about time I threw  a spanner in the works :smileywink:
 
My findings after running this fix for the last 2-3 weeks are not all that good.
 
I updated my customers server with scm.lucontentcleanup.threshold=1 (see 1st few messages in this post). (This server is NOT running the MR1 release)
 
Initially the situation did improve and we managed to claw back about 20Gb, but after about 2 - 3 weeks the content folder had grown to 6Gb. And there were over 25 date subfolders under {1CD85198-26C6-4bac-8C72-5D34B025DE35} & {C60DC234-65F9-4674-94AE-62158EFCA433} covering the past 2-3 weeks.
 
The threshold config property doesn't seem to be having much affect, and I'm sure if I had left this longer the amount of space being used would continue to grow.
 
However on the up side...
 
I have also been testing MR1 on our own servers for a similar period (2-3 weeks) and the contect folder is still only 850Mb so it looks like this is resolved in MR1.
 
Looks like I should have waited to upgrade my customers to SEP11 as I'm now going to have to go out and do it all again !!!!!!
 
 
Mark
GrahamA's picture
Hi all,
 
Just to quickly mention, we, Symantec have been listening to our customers since the product launched re disk space utilisation and as well as the configuration changes which are possible today and the updates made in MR1, we are working diligently to further improve the situation with future MRs.

GrahamA Product Management, Symantec Security Solutions

ANONYM0US's picture
Hi Symantec!
 
 
Just to quickly mention, we, Symantec's customers, have been listening to Symantec since the product launched re: disk space utilisation and as well as the configuration changes which are possible today and the updates made in MR1, we are wondering if you are working diligently to further improve the situation with future MRs.

Quite frankly, we are curious as to why none of these issues showed themselves prior to this fiasco being unleashed on the unsuspecting users!  We rely on your products to keep our systems running, our networks secure, our backups reliable and our sanity intact. Now, our systems are not running (since they are being DOS'ed with excessive disk usage), they are less secure (since we have to struggle to get this crapware to run and even to uninstall it), our backups are unreliable (since SEP is crashing BERemote) and we are slowly going insane (since we trusted Symantec not to release BUGGY software!)
 
We don't want excuses, work-arounds, slapped together "removal tools" or feel-good messages, (see GrahamA's message above) we just want software that works!
 
Are we asking too much?
 
How much business is being lost by release this software before it's ready?
How much new business and continued goodwill would be gained by delaying the release until the product was stable?
 
Remember Symantec, we are the people who install it, run it, and recommend it. We are also the ones who will uninstall it (if we can :smileywink: ) and recommend another product if we can't get satisfaction from you.
SKlassen's picture
Lautamas:  Your sizes aren't too far out of whack.  The big problem was the content directory growing to 10-20GB.  As far as deleting all log files, other services besides IIS store log files in the LogFiles directory.  You can delete any that you so choose, but make certain that you don't need anything that your going to wipe out.
 
djmarkm:  Just want to double check that you followed the proper procedure on your clients system.
1)  Turn off SEPM service
2)  Edit conf file.  The new entry MUST be at the end of the list.
3)  Delete the GUID named directories in the Contents folder.
4)  Turn on SEPM service.
 
The first time I put this fix in place, I didn't delete the existing directories and ones older than a few days weren't deleted automatically when I turned the SEPM service back on.  I found that step number 3 was really necessary to start fresh and fully enforce the content limit I had set in the conf file.
Sharbel's picture
Hi Guys,
 
I am having this problem on all my clients servers and need help in coming up with a plan to tackle the problem, can someone please post instructions on the best solution in this circumstance.
 
 
JOPEC's picture
I have the same problem. I´ve installed MR1 and followed the instructions in this thread but as soon as the SEPM-service is started or the server is restarted the content-folder is growing, after about an hour its over 15 GB and still growing.
 
Actions taken:
- Installed MR1
- Restarted the server
No change
- Stopped SEPM-service
- Added scm.lucontentcleanup.threshold=3 to the end of the conf.properties file
- Deleted the GUID named directories in the Contents folder
- Started SEPM-service and also tried to restart the server
No change
 
Antoher question: If I´ve set the threshold to 3, should my Content-folder include 3 GUID-folders?
 
Any ideas?
 
 
 
Sharbel's picture

Symantec,

 

I am getting extremely frustrated with your products, and don’t enjoy having to manually delete your crap off my clients servers so please give me a simple effective solution to my problem or I will be forced to switch to a new product.

 

I installed SEP on Widows 2003 Servers and HDD space is quickly diminishing.

 

Regards

Claiby's picture
Well, i think im at the point where i need the solution for this problem instantly, or very soon... symantec content folder is at 18 GB and no space to grow any larger. Earlyer i evacuated everything from the system drive, so only endpoint protection died when it hit the max cap (im unable to use the console anymore). Tryed the "lucontentcleanup" option also with no luck at all.
 
Content folder moving is not an option (there is less free space on other volumes, than the above mentioned size of content folder), nor the "add a new 300 GB disk to your server..." kind of solution (no more HDD can be added to the server).
 
The endpoint on this server was migrated to MR1 from the original release... so, do i need to completely reinstall the whole management server (and redeploy clients, reconfigure server...) to get rid of this problem? Actually the question is: will the reinstallation solve this problem?
Mike T's picture
............... the sound of crickets is deafening ...........................:smileymad: now at 3gb and growing.
Scurvy's picture
Jopec - to answer your second question, if you look in the content folder for a file called contentinfo.txt, you will see it references up to 11 GUID folders, corresponding to what you have selected to download and update. The threshold value affects the number of updates (previous versions) within each of those folders.
Abhishek Pradhan's picture

@ All,


sorry for the delay in responding to some PM's but was a bit too busy lately.

With specific regard to this topic, I found out the following -

Even after editing the content folder properties, if the issue still persists, it has something (dont know exactly what as yet) to do with your LiveUpdate settings.

After editing the conf.properties file and resetting IIS, rebooting the server, etc....log into the SEPM and click on the Admin Tab to the left side. Then click on the Servers tab, select Lolal Site in the tree, and click on EDIT SITE PROPERTIES.

Then click on the LiveUpdate Tab, and select DAILY instead of the regular "Every 4 Hours" setting, and click on OK

Then Click on the POLICIES Tab to the left hand side, and select the LiveUpdate Policy and click on the Policy in the rt. hand window, and edit it. Again, change the LiveUpdate settings from "Every 4 hours", to "DAILY", and then assign this policy to ALL THE GROUPS that you may have.....

The again, log out of the SEPM, and restart the IIS Admin service, and click on the OK button on the prompt when you see it.

Then perform a LiveUpdate thru the SEPM manually, and check how many folders are created under the content folder subfolders. This step, in effect actually has helped to resolve the issue for several people I knwo many times over. Dont know the exact cause for this, but am researching on the same.....till then, feel free to implement this and get that much needed drive space back where it belongs.....:smileyvery-happy:

Abhishek Pradhan, PMP, MCT
Blog: http://blog.abhishekpradhan.net | SIG Lead - Pune IT Pro (Microsoft Pune User Group) | http://www.puneusergroup.org

boe's picture
Has a full patch for this been released yet?
SKlassen's picture
Much of the space usage problem was fixed in MR1.  It should be fully resolved with MR2 to my understanding. 
 
Some of it will still rely on administrators properly tuning SEPM to match their environments though.  An example is that many large corporations and businesses in certain sectors are required by law or regulation to keep logs ad-infinitum.  The default settings in SEPM would work well for these cases.  At my work, the database was getting too large for my tastes, so in SEPM I tweaked the number of log entries and the retention periods down to a more acceptable level for me which drastically reduced the DB size.
Abhishek Pradhan's picture

@ ALL,

The Content Folder issue, and the LiveUpdate Def'ns issue have been completely resolved in MR2.

Its (MR2) been tested and proven to resolve the issue.....wait till it becomes available and then Deploy Deploy Deploy.....:smileyvery-happy:

Abhishek Pradhan, PMP, MCT
Blog: http://blog.abhishekpradhan.net | SIG Lead - Pune IT Pro (Microsoft Pune User Group) | http://www.puneusergroup.org

djmarkm's picture
Hi All
As the original poster of this thread I thought I'd pop up again and say my bit.
 
We migrated to MR2 on Sunday and my findings so far are ALL GOOD !! :smileyvery-happy:
 
The database has dropped from 3Gb to 300Mb - That's a 10 fold improvement people !!
 
Once I removed my old ClientInstall packages (11.1000) my InetPub folder is around 800Mb - BLISS !!!
 
Thanks for Symantec crew for listening to it's customers and getting this sorted, and for all the feed back on this thread...
 
... however slapped legs for all the Symantec Software Designers and Testers for thinking the original release configuration was acceptible.  Lets hope they've learnt a valuable lesson here.
dfhbac0's picture
"... however slapped legs for all the Symantec Software Designers and Testers for thinking the original release configuration was acceptible.  Lets hope they've learnt a valuable lesson here."
 
Hmmmm. I work as a developer for a software vendor (and several others in the past).  In my experience the Software Designers and Testers are usually not responsible for these fiascos, usually it is some MBA in an Ivory Tower who suddenly decides on a Rush To Market date.  Unfortunately those people never learn their lesson, and history repeats.
Maggots's picture
Ok so now my MR2 migration is done from the original version 11.0.0... But I still have my Inetpub content at 32go and my Database at 4.3go. Should I worry? I though installing MR2 would fix this but I guess it doesn't for me. It's still growing and the obsolete Content is still there after 2 days.
 
Can I just delete the content folder ?? I don't want to scrap that out since everything else is finally working fine.
 
Thanks
djmarkm's picture
@ Maggots...
Follow the instructions elsewhere on this thread for deleting the guid folders in inetpub/content, then keep and eye on them.
 
Also follow the instructions iin this thread about making sure your schedule is set to daily and not every 4 hours.
 
 
Mark
Paul Murgatroyd's picture

if you have migrated from previous versions and are using the embedded database, you should also run the dbunload utility on your DB to shrink it down.

See here for details: http://service1.symantec.com/support/ent-security....

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint

Maggots's picture
**bleep** !!! I've done what it says to delete some stuff in InetPub Content.. and now my clients are stucked at the yesterday definition and won't update. My SEPM is up to date and working well but all my clients do not seem to update anymore. That's exactly what I wanted to avoid.
 
Someone have the solution ?
Big Mike's picture

I have a problem. I followed all of these steps to delete the content. I have also upgraded SEPM and all of our clients to MR2. Now none of our clients now are getting updated virus definitions!

This is a big security risk for our company. Please help.

Black_Knight84's picture

I, too, have the same problem, and it has occured at least on 2 of my company's clients. This is really shaking my faith with Symantec. Previously I had to do a fresh reinstallation of SEPM and reinstall the package on all clients. Is there a solution to this problem?

srobak's picture

Followup on this and the above post would be appreciated.

 

 

Zamis's picture

Just the same problem - after deleting GUID folders, clients won't update (MR2 MP1).

IS THERE ANY SOLUTION OTHER THEN REINSTALL????? 

Kristina's picture

I am having the exact same issues. I was getting an error during the install, so I called support and went through it with the guy there. Seemed fine, but now there is no communication. I spend hours on the phone with support this morning and their answer is to uninstall SEPM and reinstall. Yes, that means recreate policies, groups, etc etc etc. Considering how well (do you sense sarcasm) these installs went in the first place, I dread this process more than a root canal. My mind tracks back through all the little tweaks (conf.properties) and things I've had to do over the last 7 months since I installed it.

 

By the way, while I was on the phone with them last week, I mentioned our 46gb content directory and he told me to delete the GUID named directories. I specifically said "I thought I read that you shouldn't delete these directories, but how do I reduce the size?" and he told me to do it and watched me do it on a Webex. Think that is what broke communication? Can I bill Symantec for my time?

 

Someone? Anyone? The Symantec employees on this forum have helped many in the past (including me) and I soooo appreciate them. Any brilliance for us on this one?

 

Cheers-

Kristina

David-Z's picture

I know it's not much, but sometimes running the Management Server Configuration Wizard and selecting to reconfigure the management server will jumpstart things again. Deleting the GUID named directories was probably not a good idea and may have contributed to the downfall, but without knowing the background prior to this I can't really comment.

 

At the very least you can save your policies by Exporting them out of the SEPM so they can be re-imported if a reinstall is the route you have to end up going.

 

PS: I've PM'd you for followup on this.

 

Hope that helps!

David Z.

Senior Principal Technical Support Engineer, Symantec Corporation

Enterprise Security, Mobility and Management

Abhishek Pradhan's picture

@ All,

 

It'd be best if you follow the given semi-workaround steps as then are given, and not their interpretation thereof.

 

The number of content updates stored in the \Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content folder can be reduced by creating the setting called "scm.lucontentcleanup.threshold" to the conf.properties file. This setting controls how many revisions that Symantec Endpoint Protection Manager retains in content (Virus Definitions, etc) for distribution and deltas (microdefs). Reducing this value reduces the amount of disk space and database space that is used, but increases the likelihood that clients that are not connected to the Symantec Endpoint Protection Manager for extended periods of times (such as laptops) will download a full virus definition set as opposed to microdefs, potentially increasing network utilization. Increasing the value of "scm.lucontentcleanup.threshold" will increase the disk and database space used, but clients that are not connecting to the Symantec Endpoint Protection Manager can stay offline for longer period and still receive microdef content, decreasing network utilization.


To adjust the number of content updates stored by Symantec Endpoint Protection Manager
Open the \Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\etc\conf.properties file.
Add the following setting to the file, (the example uses a value of 5, adjust the value as necessary, the default value is 10 if no entry is present)

scm.lucontentcleanup.threshold=5

Close the conf.properties file and click Yes to save your changes.
Click Start > Run.
Type services.msc and click OK.
Right-click on Symantec Endpoint Protection Manager, and click Restart.
Close Services.

Within a short period of time the numbered content folders should adjusted to the value that you selected, the example below is based on a value of 5:

\Program Files\Symantec Endpoint Protection Manager\Inetpub\content\{C60DC234-65F9-4674-94AE-62158EFCA433}\
71016009
71019009
71020006
71021005
71022017 ==>> These folders with the Numbers as names are the ones that need to be deleted, and not the higher level folders with Alphanumeric names.

 

Hope this helps.

 

BTW, running the Mgmt. Server config wizard  wont help much, since the SEPM content download locations are gone. The best option here is to run a repair (using a higher SEPM build), and work around the corruption issue.

 

 Hope this helps.

 

Cheers..... 

Abhishek Pradhan, PMP, MCT
Blog: http://blog.abhishekpradhan.net | SIG Lead - Pune IT Pro (Microsoft Pune User Group) | http://www.puneusergroup.org

Kristina's picture

Thanks, Abhishek, for the complete explanation and thanks to David for responding. I had not done the cleanout of the content directories previously because I wasn't completely comfortable based on what I had read on the forums, which is why I asked the question of the support tech while I was on the phone. I thought it was the prudent way to go about it. I'm fortunate because SEPM is installed on a large drive (450 gb) and I have not seen the drive fill up, but I did want to clean out the excess that had landed there and avoid a problem down the road. I also cleaned out the IIS logfiles that were taking 6 gb of my 20 gb system partition.

 

I apologize if I was harsh yesterday. We're a small IT department doing enterprise level system engineering and usually run at an "overwhelmed" pace. To have a product like this absorb so much of my time... its just frustrating and generally unacceptable. I feel like I've taken my time to read the documentation and the kb articles I can find and the forums and still these things happen. If I can't even rely on tech support that we pay for to give me accurate answers, how am I to proceed with any level of confidence in the product? I don't have the resources to set up a full-scale test deployment. I can only test on a few virtuals and put some faith in Symantec to not cause major issues.

 

I did the uninstall and reinstall yesterday afternoon and it appears to have gone fine. I've only managed to pick up about half of my clients to get them back communicating with the newly installed manager, so I will be spending time with the unmanaged detector in a few minutes. I created 1 group with base policies to pull them all into and will set about recreating my groups and individual policies. I decided to view it as an opportunity to start fresh and do it the way I would have done it months ago if I knew then what I know now.

 

I will keep posting the wisdom I acquire and learning from all of you as well! Off to follow Abhishek's excellent directions!

 

Kristina

MillerTime's picture

I think I found the setting we were all looking for. . .  I have maintenance release 3 so I am not sure if it was available in previous versions.

 

Open Endpoint Protection Manager

Click Admin

Click Servers

Click on Local Site, not your server.

Click edit Site Properties

Click LiveUpdate Tab

 

At the bottom, Number of content revisions to keep.  Mine was set to 30, I changed it to 10 and now I only have 10 folders worth of content revisions.  Adding that line to the conf.properties didn't do anything for me....I hope this helps somebody.

wekhine's picture

How can i get Maintenance release 3?

It's different for Symantec Endpoint Protection Manager and Symantec Endpoint Protection.

I just found Client version.

 

tkx,

wekhine

Paul Murgatroyd's picture

you can download the full maintenance releases (server and client) from https://fileconnect.symantec.com

 

You will need the number from your license certificate to access the software.

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint

Andrew Soc's picture

i read all posts in this topic and i try to edit the conf file .. but nothing, i changed the Liveupdate Settins following this https://forums.symantec.com/syment/board/message?board.id=endpoint_protection11&view=by_date_ascending&message.id=5629#M5629

 

but nothing ...

 

now i have 100 Mb free and  115 Gb of Contetn folder !!

 

my version is the SEP 11 Mr2 and i haven't space for update @ Mr3 !

thanks 

TheSpidy's picture

hi everybody,

this one did work for me on release 11.0.4202_MR4_MP2. at least for now. lets see whats coming...

MillerTime
45 weeks 2 days ago

 

I think I found the setting we were all looking for. . .  I have maintenance release 3 so I am not sure if it was available in previous versions.

 

Open Endpoint Protection Manager

Click Admin

Click Servers

Click on Local Site, not your server.

Click edit Site Properties

Click LiveUpdate Tab

 

At the bottom, Number of content revisions to keep.  Mine was set to 30, I changed it to 10 and now I only have 10 folders worth of content revisions.  Adding that line to the conf.properties didn't do anything for me....I hope this helps somebody.

thromada's picture

We're running SAVCE and have yet to implement SEP in production.  I see old posts here about how this problem was fixed in previous MR's.  But I recently installed SEP 11.0.5002.333 in a test environment and have still encountered the problem described here.  C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content grows and grows.

Is this normal behavior?  Are those folders specifically related to what MillerTime posted about setting the LiveUpdate number of content revisions to keep?