Endpoint Protection

Hello all,

I saw several posts related to my problem, but never found a satisfactory answer.

My C:\Program Files\Common Files\Symantec Shared\VirusDefs folder has now reached a size of 972 Mb. I'm attaching a screenshot of its content:

20061013.032 is only 25.7 Mb large, TextHub only 32 bytes large, and incoming is empty

but 20120301.001, 20120302.002 and BinHub are all around 310 Mb large

Here are some screenshots of the products I'm using:

Note that the version shown in the Virus Definition File pane has always shown the 2006 virus definition, even though I've been updating my virus definitions from time to time...

Anyone has an idea?

Thanks,

Romain

Hi- You can delete the old defintion folders and resatrt the Symantec SMCSERVICE.

 It will help to change the latest defintion status.

Latest defintion size is approx -170 MB.

Greetings,

The definition package that is usually pulled down through a liveupdate or rapid release is compressed down to about 160-170MB in size.  Once extracted the 300+ MB you are seeing is normal.  The SAV will store multiple copies of definitions just in case it has to roll back to a know good working set.

Typically definition size is not an issue unless the server is an older server with a 10 GB C:\ partition.  Due to how permissions are handled Symantec uses a folder called \program files\common file\symantec shared.  Microsoft has created folder call \program files\common files.  This allows applications to access data without having issues with GPOs that may be applied to accounts.  The downside is this folder resides on the same partition drive that the OS has been installed to.

Moving to Endpoint/AV forum.

can you run intelligent updater just in case definition are corrupted

http://www.symantec.com/business/support/index?page=content&id=TECH102391

you should think of upgrading to SEP as SAV is going to EOL

http://www.symantec.com/business/support/index?page=content&id=TECH178551

This is absolutely normal. It is only storing 2 day's definition. Stop symantec services, delete the old files manually, start the service again. You can use the tool symdeltmps. that will help you get rid of old definitions. You can also create a batch script to run this tool at regular interval to clear up space.

Unfortunately, you have to get this tools from tech support only.

http://www.symantec.com/business/support/index?page=content&id=TECH105050

let us know if this helps.

Kindly note as mentioned above that SAV is reaching EOL. You may not get definition updates after some time. Should consider migrating to SEP.

you can consider by reducing the days of keeping the virus definitions

Hello all, many thanks for your replies,

- I've read many times in other posts, or here in sumitgupta786 and NRaj replies, that I should stop and restart the Symantec Service. Now the way to do this according to that article, is to:

1. Stop the Symantec Management Client service by following these directions:
   1. Go to Start > Run
   2. Type smc –stop
   3. Click OK.
      
      
2. Stop the Symantec Endpoint Protection service in services by following these directions:
   1. Go to Start > Run
   2. Type services.msc
   3. Right-click on Symantec Endpoint Protection service and select Stop.

However, when I enter "smc -stop" in Run, I've got a "Windows cannot find 'smc'." error message, and in my list of services I can't see "Symantec Endpoint Protection service" anywhere.

- what do you mean exactly by "delete the old files manually", should I delete my three numbered folders altogether? What about BinHub?

- "reducing the days of keeping the virus definitions" -> how do I do that?

- finally, about the intelligent updater solution: I've downloaded 20120305-002-x86.exe from that page (hope that's the correct one). I ran it, and:

• it didn't change anything at all to my C:\Program Files\Common Files\Symantec Shared\VirusDefs folder
• it created a new large file in C:\Program Files\Symantec AntiVirus such as vd38ca02.vdb (165 Mb), so I end up with even more space taken up by SAV on my hard drive.

Any idea anyone?

Thanks again for your help,

Romain

Romain83 you will not see symantec endpoint under services, you are running SAV, it is an earlier version which is a lot different. Check for symantec antivirus. for SAV try http://www.symantec.com/business/support/index?page=content&id=TECH141811

To stop the services

1. On the Windows Taskbar, click Start > Run.
2. In the Open box, type the following text:
   
   services.msc
3. Click OK.
4. For each of the following services, right-click Symantec AntiVirus, and click Stop:

what do you mean exactly by "delete the old files manually", should I delete my three numbered folders altogether? What about BinHub?

Running intelligent updater is suggested only after running rx4defs i.e clearing all old defs and then updating the defs manually.

Contact tech support for Rx4defs, run it on your computer, then intelligent updater.

If the above solution does not work, ou can manually force the definition on the machine.

1. Stop the SAV services (as mentioned above)

2.Delete the old definition file 20061013.032 from virusdefs folder.

3. Open the Definfo.dat file from virusdefs folder in a plain-text editor, such as Notepad. The contents will be similar to the following:

[DefDates]

CurDefs=20021016.002

LastDefs=20021010.002

4. Change the value of the CurDefs and LastDefs lines to match the folder name to match the latest folders you have in virusdesf folder For example:

[DefDates]

CurDefs=20021010.002

LastDefs=20021010.002

Save and close the Definfo.dat file.

5. Open the Usage.dat file in a plain-text editor, such as Notepad.
Confirm that the numbered folder heading inside the square brackets [ ] matches the folder referenced by the "CurDefs" line in the Definfo.dat file.

On a computer that runs only Symantec AntiVirus Corporate Edition, the Usage.dat file should look like this

[20021016.002]
DEFWATCH_10=1
NAVCORP_70=1

6. Save and close the Usage.dat file.

7. Start the services.

let us know how this goes.

Hello NRaj, many thanks for your detailed answer,

- I stopped all my symantec services.

- I deleted the 20061013.032 folder.

- The content of my usage.dat file was:

[20061013.032]
NAVCORP_70_2=1
[20120302.002]
DEFWATCH_10=1
NAVCORP_70=1

So I removed the first two lines.

- The content of definfo.dat was :

[DefDates]
CurDefs=20120302.002
LastDefs=20120301.001

so I replaced the last line with 20120302.002

- Then I restarted all my Symantec services.

After a little while, here are now the folders I have:

and all the numbered folders are approximately 320Mb large. So from that perspective, it's taking even more space than before. But at least, when I open Symantec Antivirus:

it's finally showing the current virus definition version, so that seems to be fixed.

Another good point is that my C:\Program Files\Symantec AntiVirus is now a lot smaller (12Mb).

But why is it keeping three versions, why are they all so large, what is this BinHub folder (309Mb)?

Thanks,

Romain

Hi Romain,

The issue was the definitions not showing in the SAV GUI. that is fixed. The size of the definitions is not something we can fix entirely. I would suggest you delete the 2 old files corresponding to March 1st & 2nd leaving only the 5th. Later when the next revision is downloaded, you will again see older definition stored. 

There are unsupported registry tweaks to reduce this which cannot be recommended. What you can try is symdeltmps. This will delete all the obsolete definition files. You have to get it from tech support though :)

The BinHub folder (C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\) is part of the Virus Definitions structure. Few definition files are also stored here.

N.Ra