Endpoint Protection

 View Only

  • 1.  Current defintion size?

    Posted Sep 26, 2012 07:53 AM

    When any defintion has been download by SEPM Server, What the size of that definition?

    Is it in KB/MB/GB?

    Pls reply.



  • 2.  RE: Current defintion size?

    Trusted Advisor
    Posted Sep 26, 2012 07:57 AM

    Hello,

    What are the sizes of the various packages that are sent between the Symantec Endpoint Protection client and manager?

    The following are estimates of the size of packages that are sent between the Symantec Endpoint Protection client and manager:

    Heartbeat (with no updates to be exchanged) - When there is no traffic to be exchanged (i.e. no profile to download and no logs to update) then the heartbeat is between 2 KB/s and 3 KB/s.

    Policies (i.e. AV/AS, Firewall, OS Protection, Host Integrity) - Typically varies between 20 KB and 80 KB, but can increase if detailed rules are included, or OS protection templates are used. Generally, after you set your policies to suit your network needs, you do not modify them on a regular basis.

    IPS Signature Updates - Files range between 50 KB and 100 KB. Symantec supplies updates approximately every quarter unless a specific threat or vulnerability needs to be addressed.

    AV Signatures - 50 KB to 100 KB daily for clients, if you assume that the signatures are updated successfully every day.
    Logs - Logs are compressed at the client before they are uploaded to the Symantec Endpoint Protection Manager.

    Approximately, 800 log entries take up 1KB of file space.

    Reference: http://www.symantec.com/docs/TECH102211

    https://www-secure.symantec.com/connect/forums/daily-definition-size

    Secondly, The Virusdef folder for Symantec Endpoint v12.1 would be under following Locations: -

    Win XP - C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Definitions\VirusDefs

    Win 7 - C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Definitions\VirusDefs

    Server 2003 - C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Definitions\VirusDefs

    Server 2008/R2 - C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Definitions\VirusDefs

    Secondly, In reference to the Question "approx. size for the Symantec Endpoint v12.1 Virus Defs folder", check this Article:

    Drive Space used by Virus Definitions Updates

    http://www.symantec.com/docs/TECH141811

    Hope that helps!!



  • 3.  RE: Current defintion size?

    Posted Sep 26, 2012 08:02 AM

    Find the attach article.

    http://www.symantec.com/connect/articles/how-big-are-current-symantec-endpoint-protection-definitions

    Find the attach forum

    https://www-secure.symantec.com/connect/forums/where-find-exact-definition-file-size-sepm#comment-4827341

    http://www.symantec.com/business/support/index?page=content&id=TECH141811

    https://www-secure.symantec.com/connect/forums/endpoint-protection-11-definition-update-size
     



  • 4.  RE: Current defintion size?

    Posted Sep 26, 2012 08:13 AM

    Is their any tool available which can able to monitoring the same. Actually I have set the defintion uploading at non peak hour. My boss required to confirm the actual size. As the above commented it not able to find easliy.

    So request you pls send anyo the link or detail

     



  • 5.  RE: Current defintion size?

    Posted Sep 26, 2012 08:16 AM

    you can enable the sylink log on client to know the size of definition downloaded.



  • 6.  RE: Current defintion size?

    Trusted Advisor
    Posted Sep 26, 2012 08:22 AM

    Hello,

    There is no tool which specifies te download of definitions on SEPM, however incase, you need to check the  GUP updates, then you check the SEP Content Distributor Monitor Tool - 

    SEP Content Distribution Monitor / GUP monitoring tool. http://www.symantec.com/docs/TECH156558

    and 

    Incase you want to check the size of virus definition that user's computer update from SEPM ?

    then check this Thread: 

    http://community.spiceworks.com/topic/255289-how-to-check-the-size-of-virus-definition-daily

    Hope that helps!!



  • 7.  RE: Current defintion size?

    Posted Sep 28, 2012 03:28 PM

    How to enable the sylink log?



  • 8.  RE: Current defintion size?

    Posted Sep 28, 2012 03:31 PM

    Hi Mithun

    I have read the attach link and as per your attched link defintion size is approx 80 MB

    http://community.spiceworks.com/topic/255289-how-to-check-the-size-of-virus-definition-daily

    So why manually patch(.jdb) size is approx 200 MB.

    any idea..



  • 9.  RE: Current defintion size?

    Posted Sep 28, 2012 03:42 PM

    There is no easy way to find out how much its downloading

    coz everyday symantec would relase updates based on number of variants.

    Here is the link to enable sylink

    http://www.symantec.com/business/support/index?page=content&id=TECH104758



  • 10.  RE: Current defintion size?
    Best Answer

    Trusted Advisor
    Posted Sep 28, 2012 05:23 PM

    Hello,

    .JDB consists of Full Updates for the SEPM and SEP clients. This *.jdb file can be used to update the virus definitions for SEPM.

    Please note that the .jdb file only contains antivirus/antispyware definitions and will not provide updated content for the firewall and other features for the Symantec Endpoint Protection (SEP) clients.

    Use the .jdb certified definitions or the .jdb Rapid Release definitions to update SEPM content.

    Once these updates are installed on the SEPM, it would then send down the delta's to it's SEP clients.

    You could also check this Thread where Paul explains more on Delta definitions and Full Definitions: 

    https://www-secure.symantec.com/connect/forums/endpoint-protection-11-definition-update-size

    Hope that helps!!