Video Screencast Help

What controls SEPM managed clients definition revision count?

Created: 13 Jun 2012 • Updated: 13 Jun 2012 | 4 comments
This issue has been solved. See solution.

I made some modification on my SEPM server, and now my SEP clients are retaining 9GB of Definitions. 

 

c:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs on the client (NOT SERVER, CLIENT) has 20 revisions.

What control this?   I enabled GUP.   If I tell the GUP server to retain 2500MB worth of revisions on SEPM LiveUpdate settings policy, is the result that the SEP clients that are not GUP servers continue to retain 2500MB worth of content revisions as well?   Or does something else control this?

Comments 4 CommentsJump to latest comment

Chetan Savade's picture

Hi,

SEP 12.1, by default, is limited to keeping 1 revision of definitions. In your case it's 20 so probably definitions are corrupted.

GUP has nothing to do with clients definitions storage.

How to determine if virus definitions of Symantec Endpoint Protection client (SEP) 11 or 12 Small Business Edition, are corrupted

http://www.symantec.com/docs/TECH97677 

How to clear out definitions for a Symantec Endpoint Protection 12.1 client manually

http://www.symantec.com/docs/HOWTO59193 

OR

Try running utility "Rx4DefsSEP" on 2-3 affected machines & check.

http://www.symantec.com/business/support/index?page=content&id=TECH93036&locale=en_US

 

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

PrimeInc's picture

Thank you.

I am hoping that the problem is a setting in SEPM, as there are too many PCs for me to manually fix or run Rx4DefsSEP.

 

Chetan Savade's picture

Hi,

Remove SEPM existing definitions & run liveupdate again.

Can refer article: How to clear corrupt Virus Definitions from SEPM

https://www-secure.symantec.com/connect/articles/h...

If not helped, try running Rx4Defs tool or manual removal on 2-3 affected machines to isolate the issue.

 

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Cameron_W's picture

How often do these machines reboot? There is a issue currently if a machine is not rebooted it may hold onto additional content revisions. Below is documentation on this and some workarounds you can perform.

http://www.symantec.com/docs/TECH180056

This will be resolved in our next release but that is not scheduled until later this year.

If I was able to help resolve your issue please mark my post as solution.

SOLUTION