Video Screencast Help

What is SEP client definition update behavior

Created: 17 Oct 2012 | 6 comments
MiRzA's picture



Suppose sep client disconnected from corporate network on 10 Oct 2012 and reconnect on 17 oct 2012,

what dates difinition sep client downloads i mean definition of 11 oct , 12 oct to 17 oct or only download last definition of 17 oct ?

is sep client download delta values or , SEPM is configured with keep 42 revions.



Discussion Filed Under:

Comments 6 CommentsJump to latest comment

Ashish-Sharma's picture


It's update Latest Virus defination

Managing content updates

How client computers receive content updates

if the deltas aren't available then SEP client downloads full defintions and it's goign to be ""

Refer the below article which might help!

Thanks In Advance

Ashish Sharma

MiRzA's picture

Hi all,

what size of definition SEP client downloads from SEPM for all features and delta ?

Ashish-Sharma's picture

What are the sizes of the various packages that are sent between the Symantec Endpoint Protection client and manager?

The following are estimates of the size of packages that are sent between the Symantec Endpoint Protection client and manager:

Heartbeat (with no updates to be exchanged) - When there is no traffic to be exchanged (i.e. no profile to download and no logs to update) then the heartbeat is between 2 KB/s and 3 KB/s.

Policies (i.e. AV/AS, Firewall, OS Protection, Host Integrity) - Typically varies between 20 KB and 80 KB, but can increase if detailed rules are included, or OS protection templates are used. Generally, after you set your policies to suit your network needs, you do not modify them on a regular basis.

IPS Signature Updates - Files range between 50 KB and 100 KB. Symantec supplies updates approximately every quarter unless a specific threat or vulnerability needs to be addressed.

AV Signatures - 50 KB to 100 KB daily for clients, if you assume that the signatures are updated successfully every day.
Logs - Logs are compressed at the client before they are uploaded to the Symantec Endpoint Protection Manager.

Approximately, 800 log entries take up 1KB of file space.


Secondly, The Virusdef folder for Symantec Endpoint v12.1 would be under following Locations: -

Win XP - C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Definitions\VirusDefs

Win 7 - C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Definitions\VirusDefs

Server 2003 - C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Definitions\VirusDefs

Server 2008/R2 - C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Definitions\VirusDefs

Secondly, In reference to the Question "approx. size for the Symantec Endpoint v12.1 Virus Defs folder", check this Article:

Drive Space used by Virus Definitions Updates

Check this thread

Thanks In Advance

Ashish Sharma

Chetan Savade's picture

Hi Mirza,

SEP will update it's definitions with delta updates.

As per given scenario SEPM is keeping 42 revisions.(Around past 15 days definitions because Symantec releases 3 definitions per day on weekdays )

Even though client is offline for Seven days & on next day when client requests an update it will be delta update only. 

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

pete_4u2002's picture

the delta definition size keeps on growingdepending on number of days the clients are offline and not updated.