Endpoint Protection

 View Only
  • 1.  Daily definition size

    Posted Nov 10, 2011 05:51 AM

    Hi,

    Can some one help me with the below information?

    What is the approximate amount of data received in the form of daily definitions by SEP 11.x client and SAV 10.x (daily definition size)



  • 2.  RE: Daily definition size



  • 3.  RE: Daily definition size
    Best Answer

    Trusted Advisor
    Posted Nov 10, 2011 06:18 AM

    Hello,

    Check this Thread:

    https://www-secure.symantec.com/connect/forums/endpoint-protection-11-definition-update-size

    Again, you can also check this Article:

    http://www.symantec.com/docs/TECH102211

    It states as below:

     

    What are the sizes of the various packages that are sent between the Symantec Endpoint Protection client and manager?
    The following are estimates of the size of packages that are sent between the Symantec Endpoint Protection client and manager:

    • Heartbeat (with no updates to be exchanged) - When there is no traffic to be exchanged (i.e. no profile to download and no logs to update) then the heartbeat is between 2 KB/s and 3 KB/s.
    • Policies (i.e. AV/AS, Firewall, OS Protection, Host Integrity) - Typically varies between 20 KB and 80 KB, but can increase if detailed rules are included, or OS protection templates are used. Generally, after you set your policies to suit your network needs, you do not modify them on a regular basis.
    • IPS Signature Updates - Files range between 50 KB and 100 KB. Symantec supplies updates approximately every quarter unless a specific threat or vulnerability needs to be addressed.
    • AV Signatures - 50 KB to 100 KB daily for clients, if you assume that the signatures are updated successfully every day.
    • Logs - Logs are compressed at the client before they are uploaded to the Symantec Endpoint Protection Manager. Approximately, 800 log entries take up 1KB of file space.

     

     

    Hope that helps!!



  • 4.  RE: Daily definition size

    Posted Nov 11, 2011 06:11 AM

    Thanks for the information.

    Are the Daily AV signatures 50 KB to 100 KB (approximately) even for SAV 10.x client?? As the main detail I'm looking for, here, is the difference of Daily Defn size in SAV 10.x client and SEP 11.0...



  • 5.  RE: Daily definition size

    Trusted Advisor
    Posted Nov 14, 2011 07:45 AM

    Hello,

    Yes. Even for SAV 10.x clients Daily AV signatures 50 KB to 100 KB (approximately).

    Now, please MARK, it's AntiVirus definitions only.



  • 6.  RE: Daily definition size

    Posted Nov 14, 2011 08:57 AM

    The key point here is that SAV10 clients can take a daily update for maybe 10 maximum (I'd have to check, but it may be less than that now).  Wheras a SEP client can take deltas from its management server for as long as you need, dependent on having the right amount of storage on the SEPM.

    The SAV limit is hardcoded, as we supply deltas to the server for distribution.. With SEP, the server builds the deltas itself, so you have more flexibility.



  • 7.  RE: Daily definition size

    Posted Nov 16, 2011 07:19 AM

    Thanks for the additional Information shared... It was informative and worth noting..