Endpoint Protection

Hi guys,

We are in the middle of an upgrade.  The backend has already been upgraded to 12.1 and we are now planning the client rollout.

We have noticed that traffic between the SEPM > GUP at some sites, during def upgrades is well voer 100MB (approximately 112MB)

I seem to remember the full def package is something like 60MB and deltas are 100KB (ish) each - is this still the case?

 

Would there be anything in this mixed configuation that would generate extra traffic, as it seems quite high or is this the full package size?

 

Regards

full definition is around ~200 MB.

Sounds about right, I've seen it range anywhere from 130-200MB for a full defintion.

Thank Yuo guys, after full package, should clients just get deltas from SEPM or only deltas from GUP?

Hi,

If you are sending package with latest definitions then clients just get deltas from SEPM or only deltas from GUP.

If client requested delta is not available on the SEPM then full.zip will be requested.

a-ha!  Thank you!

 

Last oine - are v11 and v12 def sizes different or the same (approx?)

Yes, they should still be about same size.

Hello,

Yes, the def. updates size for SEP v. 11 and SEP 12.1 are different and so the revision numbers.

I would say delta's may not have much of a difference.

Check these sites - 

For SEP 12.1 RU2

http://www.symantec.com/security_response/definitions.jsp?pid=sep1212

For SEP 12.1

http://www.symantec.com/security_response/definitions.jsp?pid=sep12

For SEP 11.x (32 bit)

http://www.symantec.com/security_response/definitions.jsp?pid=sep11_32

For SEP 11.x (64 bit)

http://www.symantec.com/security_response/definitions.jsp?pid=sep11_64

Hope that helps!!

you can enable sylink log and check the size of the definition download.

Hello,

Could you check the Log.liveupdate (incase of SEP 11.x) and Log.lue (incase of SEP 12.1)

Log.liveupdate could be found under -

Windows 2003: C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate
Windows 2008: C:\ProgramData\Symantec\LiveUpdate

whereas,

Log.lue could be found under -

On Windows XP and Windows server 2003:
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\<silo_id>\Data\Lue\Logs
On Windows Vista, Windows 7, and Windows Server 2008:
C:\Program Data\Symantec\Symantec Endpoint Protection\<version number>\Data\Lue\Logs

 

Look for "estimated file size" and This file size will indicate the total package size that was requested from the SEPM.

NOTE: The value would in bytes, so if full content update will be around 77 MB (77,000,000 bytes).

Hope that helps!!

We are seeing a situation that if the GUP is down for whatever reason the clients will get the full package from SEPM. I am narrowing this down, if it happens all the time, but where are the retention settings configured? In the LU policies?

SEPM contnet revision retention should be increased if the clients are getting full definition.

check the SEPM revision content retention

You can find this setting under Admin --> Servers --> (Local Site) --> Edit Site Properties -> LiveUpdate --> Disk Space Management for Downloads

Thanks, so its actually around 77MB - not 100-200MB!! arrggh :-) Will check the logs you suggest. Thank Yoo Very much.