Hi!
We have been using Symantec Endpoint protection in our organization for quite a while now. But everyday new surprises are thrown to us by the traffic utilizations of clients. At times , we have observed that the individual client is downloading 50 Mb of data even if the latest virus definition is stale by 1 or 2 days. We have had lot of discussion in our team regarding the traffic utilization by our clients but always it happens that we are proved wrong.
Based on our understanding, I'm posting a table regarding our traffic data analysis under SEP.
Content type
|
Size of Package
|
Comments
|
Deliverable via Group Update Provider (GUP)
|
Heartbeat (with no updates to be exchanged)
|
Between 2 KB and 3 KB per heartbeat
|
|
The GUP does not directly manage clients; it delivers content to clients on its local network segment.
|
Policies (i.e. AV/AS, Firewall, OS Protection, Host Integrity)
|
Typically varies between 20 KB and 80 KB.
|
|
No. The policies must come from a Symantec Endpoint Protection Manager.
|
IPS Signature Updates
|
50 KB and 100 KB
|
|
Yes. The client receives information from the Symantec Endpoint Protection Manager when to download content from the GUP.
|
AV Signatures
|
50 KB to 200 KB (daily)
|
If We assume that the signatures are updated successfully every day
|
Logs
|
Varies
|
|
Logs are forwarded from the client to the Manager.
|
Heartbeat for Major Location
|
2 Hours
|
|
|
Total Approximate Size of SEP data if Client is Fully Updated (during 8 Hours) à 300 KB
If Definition is older than 10 Days à 3 MB
If Definition is older than 20 Days à 6 MB
If def ignition is older than 30 days à 9 MB
We would be pleased to hear comments on our analysis if this is correct or wrong. We welcome any kind of inputs/data/information/conclusion regarding networl level traffic utilization by Symantec Clients.
Thank you