Endpoint Protection

Can anyone tell me why i have 3 folders labelled with the last 3 virus defs in the C:\Program Files\Common Files\Symantec Shared\VirusDefs?

I have one SEPM and all my clients and servers get it defs from that but on each of the servers i have these 3 folders.

Do they need to be there and if they dont is there a way to stop it?

I am running Version 11.0.5002.333

Thanks

Minty

By default SEP client will keep 3 revisions of defs .That is why you are seeing 3 folders.Refer this KB
Content Cache Control

Refer this comment also
The SEP client itself is roughly 60MB under C:\Program Files

Then around 25MB under C:\Program Files\Common Files\Symantec Shared

What then takes the space is the AV definitions. By default, the client will store the last 3 sets of definitions to enable it to rollback to an earlier version if there are problems, or if you instruct it to rollback from the SEPM.

Unfortunately, due to the large increase in defintion size over the last year (because of the massive number of variants and signatures that we are adding every day) the average size of an unpacked set of virus definitions is 120MB in size.

In addition, if you are using LiveUpdate, then that itself will be keeping a cache of the files you have downloaded. By default, that is set to around 10% of your total drive size. That cache size can be configured from the LiveUpdate control panel icon.

You can also control the number of revisions of virus definitions that the SEP client keeps by changing the registry entry HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\Content\{C60DC234-65F9-4674-94AE-62158EFCA433}\CacheEntriesEx

(The above assumes 32bit definitions)

Disk space usage for SAV and SEP will be similar at idle, and higher for SAV when it is updating, because SAV copies definitions, whereas SEP moves them, thereby reducing required space for updates and disk I/O during the update process itself.


Ref:The SEP client itself is