I have SEP 11.06 client installed in more than 60 PCs. Recently two PCs showed "Low Disk Space" message. I noticed the folder in C:\Program Files\Common Files\Symantec Shared\VirusDefs  had more than 40 GB of definitions. I went through the support site and found http://www.symantec.com/business/support/index?page=content&id=TECH103176 mentioning how to safely remove the virus definitions. After much browsing in the support site I also noticed that for the virus definitions to be corrupt, it should appear as a folder named with *.tmp extension. But the virus definitions in the above mentioned PCs has no folder ending with *.tmp. All virus definitions end with a number. I would like to know if SEPM is capable of enabling some housekeeping on the clients to clear the unwanted virus definitions. Thanks.

Hello,

Please check with below given steps.

The cause of the problem is that virus definitions may be corrupted.

To solve this issue, follow the steps below:

1. Stop the Symantec Management Client service:

• Start -> Run
• Type "smc –stop" (without qoutes) and click OK

2. Stop the Symantec Endpoint protection Service in services snap-in

3. Go to "Virusdefs" folder. Delete all ".tmp" files and folders ANDany numbered folders (such as "20070820.048", "20080115.021" etc.)

4. Install new definitions manually using the Intelligent Updater:

• Follow this link:http://www.symantec.com/avcenter/defs.download.html
• Select the language and for the product, select Symantec Endpoint Protection
• Click "Download Updates" button
• Select the correct file to download for Symantec Endpoint Protection 11 depending on whether it is for 32-bit or 64-bit OS
• Click the ".exe" file specified for Symantec Endpoint Protection 11, download to your hard drive and run it

5. Start the Symantec Endpoint Protection Service

6. Start the Symantec Management Client service:

• Start -> Run
• Type "smc –start" (without qoutes) and click OK
•  

And If you have this issue with SEPM BD then follow the below article.

http://www.symantec.com/business/support/index?page=content&id=TECH178718

Hello,

How to determine if virus definitions of Symantec Endpoint Protection client (SEP) 11 or 12 Small Business Edition, are corrupted

Hello,

Configure the Disk space Management for Virus Def.

To configure the disk space used for LiveUpdate downloads

    In the console, click Admin.

    Click Servers and select the site that you want to configure.

    Under Tasks, click Edit Site Properties, and then click LiveUpdate.

    Under Disk Space Management for Downloads, type the number of content downloads that you want to store.

    If you want to reduce the amount of disk space used, uncheck the Store client packages unzipped to provide better network performance for upgrades option. Note: Disabling this option also disables the ability of Symantec Endpoint Protection Manager to construct deltas between content revisions and may adversely affect network performance for updates.

    Click OK.

Disk Space Management procedures for the Symantec Endpoint Protection Manager

http://www.symantec.com/docs/TECH96214

Drive Space used by Virus Definitions Updates

http://www.symantec.com/docs/TECH141811

Thread

https://www-secure.symantec.com/connect/forums/very-large-virusdefs-folder#comment-6806361

Thanks Ambesh for your immediate response. Shall I make it clear that I have performed the  activity you have mentioned. I wanna know how to avoid this from happening. Coz if this continues I will have perform the same activity on all 60 machines which are scattered throughout the region which is not feasible.

hello,

You can reduse Content

Configuring the number of content revisions kept by the SEP client 11.x

http://www.symantec.com/business/support/index?pag...

Look this discussion

https://www-secure.symantec.com/connect/forums/reducing-size-virus-defination-single-host-sepm-11x

Thanks for your reply. The current value for "number of content revisions to keep=20". I guess this was the reason. Do you recommend any ideal value for this?

Thanks for the reply. It does not look corrupted because the folders are not named as .tmp.