Endpoint Protection

Hi Guys,

We are encountering problems, regarding the SEP virus definition stored on the client's workstation where the SEP is installed.

First, i would like to verify if the purging on SEP 11 is not automatic (unlike version 12). If it's not automatic, how long does Symantec will retain virus definition? What is the maximum number of virus definitions does SEP 11 will be having before it purged?

Also, i have read in one of the KB article that up to 3 definitions stored on the workstation is normal, does this mean that 4 above number of definitions stred on the SEP client means that the definition is corrupted? 

Please advise.

Thanking you in advance. 

Kat

Hello,

The SEP client "purges" the definitions automatically. Incase, if the definitions are corrupt, they may not automatically purging properly. 

By default, 3 definitions stored on the workstation is normal in SEP 11.x. However, I would suggest you to check this article which would help - 

How to determine if virus definitions of Symantec Endpoint Protection client (SEP) 11 or 12 Small Business Edition, are corrupted

http://www.symantec.com/docs/TECH97677

The Virusdef folder for Symantec Endpoint Protection would be under following Locations: -

Win XP - C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Definitions\VirusDefs

Win 7 - C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Definitions\VirusDefs

Server 2003 - C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Definitions\VirusDefs

Server 2008/R2 - C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Definitions\VirusDefs

Again, in reference to the Question "approx. size for the Symantec Endpoint v12.1 Virus Defs folder", check this Article:

Drive Space used by Virus Definitions Updates

http://www.symantec.com/docs/TECH141811

Disk Space Management procedures for the Symantec Endpoint Protection Manager

http://www.symantec.com/docs/TECH96214

Hope that helps!!

Hi KAT,

The SEP 11 client should retain 3 sets of definitions in case one set becomes corrupted.  (SEP 12.1 just keeps one.)  This should be automatically managed by the SEP client: when a new set is downloaded and applied, the oldest one it keeps will be deleted.

(The SEPM can be configured to retain any number of past defintion sets, but that is different entirely.) 

How many sets are your SEP 11 clients keeping?  Please supply more details, when time allows. 

Hi,

Your research is correct SEP 11 stores 3 definitions & SEP 12.1 stores 1defintion & It's by design.

Q. Also, i have read in one of the KB article that up to 3 definitions stored on the workstation is normal, does this mean that 4 above number of definitions stred on the SEP client means that the definition is corrupted?

--> If there are up to 3 numbered folders, this is the normal behavior of a SEP client.

Also, having more than 3 folders is not always a cause for concern, though if there is a high number of virus defs folders retained for a long period of time, it may indicate underlying virus definition corruption.

To remove corrupted defintions we have a tool by name "Rx4defsSEP".

You wil have to contact Symantec Support to receive credentials to download this tool.

How to create a new case in MySupport

http://www.symantec.com/docs/TECH58873

How to Create and Validate a SymAccount for using Symantec's MySupport

http://www.symantec.com/docs/HOWTO31127

How to update a support case and upload diagnostic files with MySupport

http://www.symantec.com/docs/TECH71023