Endpoint Protection

I made some modification on my SEPM server, and now my SEP clients are retaining 9GB of Definitions. 

c:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs on the client (NOT SERVER, CLIENT) has 20 revisions.

What control this?   I enabled GUP.   If I tell the GUP server to retain 2500MB worth of revisions on SEPM LiveUpdate settings policy, is the result that the SEP clients that are not GUP servers continue to retain 2500MB worth of content revisions as well?   Or does something else control this?

Hi,

SEP 12.1, by default, is limited to keeping 1 revision of definitions. In your case it's 20 so probably definitions are corrupted.

GUP has nothing to do with clients definitions storage.

How to determine if virus definitions of Symantec Endpoint Protection client (SEP) 11 or 12 Small Business Edition, are corrupted

http://www.symantec.com/docs/TECH97677 

How to clear out definitions for a Symantec Endpoint Protection 12.1 client manually

http://www.symantec.com/docs/HOWTO59193 

OR

Try running utility "Rx4DefsSEP" on 2-3 affected machines & check.

http://www.symantec.com/business/support/index?page=content&id=TECH93036&locale=en_US

Thank you.

I am hoping that the problem is a setting in SEPM, as there are too many PCs for me to manually fix or run Rx4DefsSEP.

Hi,

Remove SEPM existing definitions & run liveupdate again.

Can refer article: How to clear corrupt Virus Definitions from SEPM

https://www-secure.symantec.com/connect/articles/how-clear-corrupt-virus-definitions-sepm

If not helped, try running Rx4Defs tool or manual removal on 2-3 affected machines to isolate the issue.

How often do these machines reboot? There is a issue currently if a machine is not rebooted it may hold onto additional content revisions. Below is documentation on this and some workarounds you can perform.

http://www.symantec.com/docs/TECH180056

This will be resolved in our next release but that is not scheduled until later this year.