Video Screencast Help

VirusDefs folder fills up to 40GB of definitions

Created: 22 Apr 2013 • Updated: 22 Apr 2013 | 7 comments
This issue has been solved. See solution.

I have SEP 11.06 client installed in more than 60 PCs. Recently two PCs showed "Low Disk Space" message. I noticed the folder in C:\Program Files\Common Files\Symantec Shared\VirusDefs  had more than 40 GB of definitions. I went through the support site and found http://www.symantec.com/business/support/index?page=content&id=TECH103176 mentioning how to safely remove the virus definitions. After much browsing in the support site I also noticed that for the virus definitions to be corrupt, it should appear as a folder named with *.tmp extension. But the virus definitions in the above mentioned PCs has no folder ending with *.tmp. All virus definitions end with a number. I would like to know if SEPM is capable of enabling some housekeeping on the clients to clear the unwanted virus definitions. Thanks.

Operating Systems:

Comments 7 CommentsJump to latest comment

Ambesh_444's picture

Hello,

Please check with below given steps.

The cause of the problem is that virus definitions may be corrupted.

To solve this issue, follow the steps below:

1. Stop the Symantec Management Client service:

  • http://blog.itstuff.ca/images/tictac_blue.gif); background-position: 0% 6px; background-repeat: no-repeat no-repeat;">Start -> Run
  • http://blog.itstuff.ca/images/tictac_blue.gif); background-position: 0% 6px; background-repeat: no-repeat no-repeat;">Type "smc –stop" (without qoutes) and click OK

2. Stop the Symantec Endpoint protection Service in services snap-in

3. Go to "Virusdefs" folder. Delete all ".tmp" files and folders ANDany numbered folders (such as "20070820.048", "20080115.021" etc.)

4. Install new definitions manually using the Intelligent Updater:

  • http://blog.itstuff.ca/images/tictac_blue.gif); background-position: 0% 6px; background-repeat: no-repeat no-repeat;">Follow this link:http://www.symantec.com/avcenter/defs.download.html
  • http://blog.itstuff.ca/images/tictac_blue.gif); background-position: 0% 6px; background-repeat: no-repeat no-repeat;">Select the language and for the product, select Symantec Endpoint Protection
  • http://blog.itstuff.ca/images/tictac_blue.gif); background-position: 0% 6px; background-repeat: no-repeat no-repeat;">Click "Download Updates" button
  • http://blog.itstuff.ca/images/tictac_blue.gif); background-position: 0% 6px; background-repeat: no-repeat no-repeat;">Select the correct file to download for Symantec Endpoint Protection 11 depending on whether it is for 32-bit or 64-bit OS
  • http://blog.itstuff.ca/images/tictac_blue.gif); background-position: 0% 6px; background-repeat: no-repeat no-repeat;">Click the ".exe" file specified for Symantec Endpoint Protection 11, download to your hard drive and run it

5. Start the Symantec Endpoint Protection Service

6. Start the Symantec Management Client service:

  • http://blog.itstuff.ca/images/tictac_blue.gif); background-position: 0% 6px; background-repeat: no-repeat no-repeat;">Start -> Run
  • http://blog.itstuff.ca/images/tictac_blue.gif); background-position: 0% 6px; background-repeat: no-repeat no-repeat;">Type "smc –start" (without qoutes) and click OK
  •  

And If you have this issue with SEPM BD then follow the below article.

http://www.symantec.com/business/support/index?page=content&id=TECH178718

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

vxchacko's picture

Thanks Ambesh for your immediate response. Shall I make it clear that I have performed the  activity you have mentioned. I wanna know how to avoid this from happening. Coz if this continues I will have perform the same activity on all 60 machines which are scattered throughout the region which is not feasible.

W007's picture
Hello, How to determine if virus definitions of Symantec Endpoint Protection client (SEP) 11 or 12 Small Business Edition, are corrupted
padding: 1px;padding-bottom: 3px ;font: 12px Arial; text-align: left;">Article:TECH97677 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 0px;font: 12px Arial; text-align: left;">Created: 2009-01-23 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 1px;font: 12px Arial; text-align: left;">Updated: 2012-07-02 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 1px;font: 12px Arial; text-align: left;">Article URL http://www.symantec.com/docs/TECH97677

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

vxchacko's picture

Thanks for the reply. It does not look corrupted because the folders are not named as .tmp.

consoleadmin's picture

Hello,

Configure the Disk space Management for Virus Def.

To configure the disk space used for LiveUpdate downloads

    In the console, click Admin.

    Click Servers and select the site that you want to configure.

    Under Tasks, click Edit Site Properties, and then click LiveUpdate.

    Under Disk Space Management for Downloads, type the number of content downloads that you want to store.

    If you want to reduce the amount of disk space used, uncheck the Store client packages unzipped to provide better network performance for upgrades option. Note: Disabling this option also disables the ability of Symantec Endpoint Protection Manager to construct deltas between content revisions and may adversely affect network performance for updates.

    Click OK.

Disk Space Management procedures for the Symantec Endpoint Protection Manager

http://www.symantec.com/docs/TECH96214

Drive Space used by Virus Definitions Updates

http://www.symantec.com/docs/TECH141811

Thread

https://www-secure.symantec.com/connect/forums/ver...

Thanks.

SOLUTION
vxchacko's picture

Thanks for your reply. The current value for "number of content revisions to keep=20". I guess this was the reason. Do you recommend any ideal value for this?

W007's picture

hello,

You can reduse Content

Configuring the number of content revisions kept by the SEP client 11.x

http://www.symantec.com/business/support/index?pag...

Look this discussion

https://www-secure.symantec.com/connect/forums/red...

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.