Symantec definition files causing large incremental images with ShadowProtect
I have a small client who is running Symantec Antivirus Corporate Edition 10.1.9.9000 and Symantec Mail Security for Microsoft Exchange 6.5. They are backing up the server using StorageCraft ShadowProtect and replicating the incremental backups offsite. The problem that I am having is that when Symantec updates it's definition files, the incremental backup that takes place afterwards is approximately 1.5 to 2.5GB in size. This killing the replication.
I spoke with StorageCraft support and verified that there is nothing that can be done about it on their side. They say that it is due to the way Symantec updates it's files and the fact that ShadowProtect backs up all sector changes. (See JWT's post from 6/21/2010 for more information on this.) Their recommendation is that I move the defintion storage locations to another partition or drive but after doing some research here, it appears that this is not a possibility because these locations are basically hardcoded into Symantec's products.
All of this pretty much means that I would have to either install a standalone antivirus server and switch to another mail filtering solution or stop replicating backups offsite.
Right now, it looks like I can work around this issue by manually deleting all virus definition files and installing the latest set. This clears up several gigabytes in space and the incremental backups are normal in size for a few weeks before they start causing issues again. I have read a little about the symdeltemp utility but I'm not very clear on it. Does anyone know if it would be possible use the Windows task scheduler to automatically run symdeltemp and clear out the definition files every couple of weeks? I suppose that I could try to script something myself but I would much rather use a Symantec utility for this.
Let me know if anyone has any experience or suggests with this issue. Thanks!
*I have verified that this issue occurs with other clients who are running StorageCraft and EndPoint instead of Corporate Edition. I don't believe that, even though it needs to be done, upgrading this client to EndPoint will help the issue.