Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

VirusDefs folder over 10GB in size on Servers

Created: 13 Nov 2012 | 9 comments

Hi all, I have SEP Small Business installed on a bunch of our servers, and on all that I have checked, the C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs folder is very large. Ranging from 5GB to over 10GB in size. It looks like old definitions are not being removed.

 

How can I fix this?

Comments 9 CommentsJump to latest comment

.Brian's picture

You can clear out the definitions:

 

How to clear out definitions for a Symantec Endpoint Protection 12.1 client manually

https://www.symantec.com/business/support/index?pa...

How many servers is this happening on?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Chetan Savade's picture

Hi,

By default SEP 12.1 stores only 1 definitions & in your case it's more than 5-10 GB.

You can try with the help of article shared by Brian.

Also you should test with latest SEP version i.e. SEP 12.1 RU2.

 

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

pipnz's picture

I get permissions denied when I try to delete the files in the VirusDefs folder when following the directions of that link. I tried deleting the individual folders within and I get this error repeatedly (logged in as domain admin on any of the servers). I have checked 4 servers, and 3 of them are affected by this. We have 8 servers but I havent checked them all yet. Need a solution first.

 

Doesn't LiveUpdate keep the applications up to date to RU2?

 

 

Rafeeq's picture

Liveupdate in the manager does download the product from internet but does not apply automatically. these  defs will be in use by file system autoprotect, so

Stop the service first

click on start

run

smc -stop

and then try to delete the folder or a reboot should help you to delete

 

Mohan Babu's picture

Its a known issue, Upgrade to SEP 12.1.2 for the permanent fix

 

 

Old definitions require a reboot in order to be removed
Fix ID: 2692127
Symptom: Old definitions appear to require a reboot in order to be removed. This is usually due to a scan running at the time of the update.
Solution: Updated the Common Client component to resolve a condition where the scanner held the virus definitions open, which prevented an update.
 
Source:

New fixes and enhancements in Symantec Endpoint Protection 12.1 Release Update 2

http://www.symantec.com/docs/TECH199676

 

 

Mohan Babu

moglie20@gmail.com

+91 9884382160

Your satisfaction is very important to us.If you find above information helpful or it has resolved your issue...please mark it accordingly :)

pipnz's picture

Where do I get the update for SEP? Do I just apply it to the Management server and will it roll out to the other clients?

.Brian's picture

You need to download the upgrade from https://fileconnect.symantec.com

Once you upgrade the SEPM, you can push to all your clients 

https://www.symantec.com/business/support/index?pa...

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Chetan Savade's picture

Hi,

Once you upgrade Symantec Endpoint Protection Manager there are couple of ways to upgrade existing SEP clients.

Most easiest way to upgrade clients is Auto upgrade.

You can refer this article: https://www-secure.symantec.com/connect/articles/s...

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Mohan Babu's picture

AS Brian suggested Go to https://fileconnect.symantec.com

If you dont see the SEP 12.1.2 . You might have a serial number for symantec protection suite product

Call the Licensing team and get the Temporary serial number and download the product.

 

 

Mohan Babu

moglie20@gmail.com

+91 9884382160

Your satisfaction is very important to us.If you find above information helpful or it has resolved your issue...please mark it accordingly :)