Endpoint Protection Small Business Edition

 View Only
  • 1.  VirusDefs folder over 10GB in size on Servers

    Posted Nov 13, 2012 07:41 PM

    Hi all, I have SEP Small Business installed on a bunch of our servers, and on all that I have checked, the C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs folder is very large. Ranging from 5GB to over 10GB in size. It looks like old definitions are not being removed.

     

    How can I fix this?



  • 2.  RE: VirusDefs folder over 10GB in size on Servers

    Posted Nov 13, 2012 08:31 PM

    You can clear out the definitions:

     

    How to clear out definitions for a Symantec Endpoint Protection 12.1 client manually

    https://www.symantec.com/business/support/index?page=content&id=HOWTO59193

    How many servers is this happening on?



  • 3.  RE: VirusDefs folder over 10GB in size on Servers

    Broadcom Employee
    Posted Nov 14, 2012 02:04 PM

    Hi,

    By default SEP 12.1 stores only 1 definitions & in your case it's more than 5-10 GB.

    You can try with the help of article shared by Brian.

    Also you should test with latest SEP version i.e. SEP 12.1 RU2.

     



  • 4.  RE: VirusDefs folder over 10GB in size on Servers

    Posted Nov 14, 2012 04:20 PM

    I get permissions denied when I try to delete the files in the VirusDefs folder when following the directions of that link. I tried deleting the individual folders within and I get this error repeatedly (logged in as domain admin on any of the servers). I have checked 4 servers, and 3 of them are affected by this. We have 8 servers but I havent checked them all yet. Need a solution first.

     

    Doesn't LiveUpdate keep the applications up to date to RU2?

     

     



  • 5.  RE: VirusDefs folder over 10GB in size on Servers

    Posted Nov 14, 2012 04:29 PM

    Liveupdate in the manager does download the product from internet but does not apply automatically. these  defs will be in use by file system autoprotect, so

    Stop the service first

    click on start

    run

    smc -stop

    and then try to delete the folder or a reboot should help you to delete

     



  • 6.  RE: VirusDefs folder over 10GB in size on Servers

    Posted Nov 14, 2012 10:09 PM

    Its a known issue, Upgrade to SEP 12.1.2 for the permanent fix

     

     

    Old definitions require a reboot in order to be removed
    Fix ID: 2692127
    Symptom: Old definitions appear to require a reboot in order to be removed. This is usually due to a scan running at the time of the update.
    Solution: Updated the Common Client component to resolve a condition where the scanner held the virus definitions open, which prevented an update.
     
    Source:

    New fixes and enhancements in Symantec Endpoint Protection 12.1 Release Update 2

    http://www.symantec.com/docs/TECH199676

     

     



  • 7.  RE: VirusDefs folder over 10GB in size on Servers

    Posted Nov 18, 2012 06:41 PM

    Where do I get the update for SEP? Do I just apply it to the Management server and will it roll out to the other clients?



  • 8.  RE: VirusDefs folder over 10GB in size on Servers

    Posted Nov 18, 2012 06:52 PM

    You need to download the upgrade from https://fileconnect.symantec.com

    Once you upgrade the SEPM, you can push to all your clients 

    https://www.symantec.com/business/support/index?page=content&id=TECH163700



  • 9.  RE: VirusDefs folder over 10GB in size on Servers

    Posted Nov 19, 2012 09:55 PM

    AS Brian suggested Go to https://fileconnect.symantec.com

    If you dont see the SEP 12.1.2 . You might have a serial number for symantec protection suite product

    Call the Licensing team and get the Temporary serial number and download the product.

     

     



  • 10.  RE: VirusDefs folder over 10GB in size on Servers

    Broadcom Employee
    Posted Nov 20, 2012 09:24 AM

    Hi,

    Once you upgrade Symantec Endpoint Protection Manager there are couple of ways to upgrade existing SEP clients.

    Most easiest way to upgrade clients is Auto upgrade.

    You can refer this article: https://www-secure.symantec.com/connect/articles/sepm-121-auto-upgrade