Hello,
To answer your Question above, it is important to understand HOW are virus definitions distributed from the Symantec Endpoint Protection Manager? Check this Article: http://www.symantec.com/docs/HOWTO53175
Check these Articles below which would assist you on HOW to prevent the clients to download the Full definitions set from SEPM and limit Bandwidth usability -
Preventing Symantec Endpoint Protection (SEP) Clients from receiving FULL Antivirus/Antispyware definition packages from a patched Symantec Endpoint Protection Manager (SEPM)
http://www.symantec.com/docs/TECH98453
With default LiveUpdate content revision settings configured within the Symantec Endpoint Protection Manager, clients are downloading full definition updates instead of delta updates
http://www.symantec.com/docs/TECH94916
SEPM & SEP Client bandwidth troubleshooting
https://www-secure.symantec.com/connect/articles/sepm-sep-client-bandwidth-troubleshooting
Hope that helps!!