Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

Suggestion require on Default Compliance Settings of Symantec

Created: 04 Sep 2013 | 3 comments

Hello All;

My organization is using around 7000 endpoints across PAN locations.Locations are connected of 128 kbs -2 Mbps bandwidth. Average clinets at locations are around 20-30, However some Major Head Offices are having 300-500 Machines .

We have installed GUP server in Major Head Office locations only and maintaining 90% Compliance with Default settings of that Out of Definition update  trigger of 10 days.

My question is why Symantec default setting for out of Virus definition time is 10 Days ? Is there any standard in defining compliance?

What should be Ideal Setting for Organization of around 7000-10000 client in consideration of few clients are Mobile Clients.



Operating Systems:

Comments 3 CommentsJump to latest comment

Rafeeq's picture

For machines in LAN you have set the compliance to lower rate, however for mobile client you can set them to get update from liveudpate. however the report will only be sent to sepm when they are on LAN.

It depends on what compliance rate you company is ready to accept.  I worked on few projects where its ok to be on 80%. they did not want to put more money in 24/7 maintenance...

pawan.bpcl's picture

Thanks Rafeeq;

Our Complinace rate at Major location is around 95% but remote complinace rate is less and around 60% when i put signature not acceptable than 5 days.

I want to refer some standard industry practice or recommendation on same .

for example 90% Compliance if having 10 days

80% compliance if 5 days

or say 50% compliance rate if 2 days.

Please guide on same .

Jeshrel's picture


50% for two days is too bad, i administrator a bigger network than your and we have standard of about

90% - 95% for 1 day

85% - 90 % for 3 days

The reason for this is if at all you have a threat on you network and symantec has a defintions released for it within a dayin that case you will only have 25 % - 50% on your systems clean what about the remaining?

I deal with a only 64Kbps, if i can do in mine you definetly can do in yours.

Antivirus software protects  us based on definitions if we have the older it gets the bad its for your environment.

Hope this helps, keep us updated.