Symantec Endpoint Protection AV definitions consuming disk space

6:29 PM

Symantec Endpoint Protection AV definitions consuming disk space Version 11

Symantec AV definitions consuming too much space on version 11 in C:\programdata\Symantec (1GB+)
This is the default destination for Symantec AV definitions and can not be changed.

Remedy

Here are some steps that can be taken to help reduce the number of AV Definition revisions from 3 to 1
1) To correct the disk space issue first install the latest client Version 12 on the affected server if possible. (currently only ASH/CLoud is using the new version)
This automatically reduces the AV definition directory to 1 instead of 3 which is found on version 11 thus consuming less space.
2) For Version 11, here is a link to perform a registry edit that will force clients to only keep 1 Definition instead of the default 3 http://www.symantec.com/business/support/index?page=content&id=TECH103956
Problem
 
How can the number of content revisions stored on the Symantec Endpoint Protection (SEP) client be configured?
 
  
 
 
Solution
 
SEP 12.1
 
In SEP 12.1, IPS content will cache 3 revisions and other content types will have 1 revision only.  The number of revisions cannot be configured for SEP 12.1.
 
  
 
SEP 11.x
 
The default number of content revisions kept by a SEP 11.x client is 3 revisions per content type and the number of revisions can be customized.  Symantec recommends maintaining the default content revisions of 3 to ensure acceptable performance, stability and security of the SEP client.  SEP clients keep multiple revisions of content to allow the client to quickly roll back, or remediate content.
 
Note: In certain instances a SEP client may keep more than the minimum number of revisions of a particular type of content. This can occur when different content revisions are being used by multiple Symantec products, when a client is currently processing a content update, or the client is in the process of remediating definitions, or has failed to remediate definitions.
 
  
 
To configure the minimum number of content revisions in SEP 11.x:
 
Ensure the following registry DWORD exists:
HKEY_LOCAL_MACHINE\Software\Symantec\Symantec Endpoint Protection\Content\{<moniker>}
CacheEntriesEx
Modify the registry value to correspond to the number of revisions required.
These settings will take effect the next time that content type is updated on the system.
The <moniker> key for 32-bit AV definitions is "{C60DC234-65F9-4674-94AE-62158EFCA433}".
For 64-bit use "{1CD85198-26C6-4bac-8C72-5D34B025DE35}".
 
  
 
Note: The registry DWORD was named CacheEntries prior to SEP 11.0 Maintenance Release 2 (MR2).
 
  
 
 
 
Legacy ID
 
2008021510024348
 
 
Article URL http://www.symantec.com/docs/TECH103956

You Might Also Like

0 comments

Contact Form

Name

Email *

Message *

Translate

Wikipedia

Search results