Endpoint Protection

The title pretty much says it all.

Management wants to see if SEPM is choking up small bandwidth sites when either clients are too far out of date and request a large delta or the entire def content, or when a client gets installed or upgraded.

I know about GUPS, we use them when we can, and I have read about the IIS throttling which really won't do the trick.  I also think I read that LUA has some type of throttling feature, but we don't want to implement an LUA setup.  It sure would be nice, if in the group settings, a policy could be set to tell clients, to only consume X amount of bandwidth at any given time.  That would be perfect.

But since this does not exist - How can I track when, how much, and what time, my SEPM is pushing DEF's to clients?

Thanks. 

Hello Nardoni
there is a article created by Prachand about sepuse bandwidth. it is good article
https://www-secure.symantec.com/connect/articles/how-much-bandwidth-used-sep-client-one-day

maybe this is help to your choice gup or lua. I prefer LUA.

Regards.
Fatih

I had this exact issue a 2 years ago with a "competing product line". Although you can get network to rate limit your connection, that typically is very difficult to get as a change, and for every site it could become iimpossible.
  I found a great utility that rate limited the interface on the server. It worked well, and to this day they are still using it. We just put a rule in for the remote subnets and limited the bandwidth.

http://www.softperfect.com/products/bandwidth/
 

Which is the version you are using?
There is some ways to limit the bandwidth used by GUP.
For MR4 (11.0.4) refer below doc

How to configure GUP bandwidth throttling in Symantec Endpoint Protection 11.0 MR4?
For RU5 (11.0.5) you can do this in the liveupdate policy
Refer  second figure in the below article ,you can see this option as the last option there
Configuring Group Update Providers in Symantec Endpoint Protection 11.0 RU5

 

You can also refer below discussion.From this discussion you can get a lot of information reading bandwidth usage controlling
GUP and small WAN bandwidth
 

Hi Nardoni,

You should check out this idea and vote it up if you want to see it implemented https://www-secure.symantec.com/connect/idea/bandwidth-throttling. The more votes it gets the faster it will be implemented. 

Also you said "request a large delta or the entire def content". My thought is that when you are seeing the large amount of bandwidth being used then you MUST be downloading the entire def content. Delta updates are all pretty much the same size and very tiny, so there is no notion of a large delta. So to keep your sites from downloading the full def content then you can increase the number of content revisions to keep in the SEPM. It is number 3 on our best practice guide.

3. Change the number of content revisions stored by the SEPM database to at least 42

• This allows SEP clients which are out of date by approximately 2 weeks to still get incremental content updates.
  
  Note: Increasing the number of content revisions for the Symantec Endpoint Protection Manager will increase disk space usage in the SEPM install directory by approximately 3 GB per 10 content revisions stored. 42 Content Revisions would use about 10-12 GB of storage space on the drive where SEPM is installed to store updates.

Hope this helps,
Grant