Hi!
We have been using Symantec Endpoint protection in our organization for quite a while now. But everyday new surprises are thrown to us by the traffic utilizations of clients. At times , we have observed that the individual client is downloading 50 Mb of data even if the latest virus definition is stale by 1 or 2 days. We have had lot of discussion in our team regarding the traffic utilization by our clients but always it happens that we are proved wrong.
Based on our understanding, I'm posting a table regarding our traffic data analysis under SEP.
Content type | Size of Package | Comments | Deliverable via Group Update Provider (GUP) |
Heartbeat (with no updates to be exchanged) | Between 2 KB and 3 KB per heartbeat |
| The GUP does not directly manage clients; it delivers content to clients on its local network segment. |
Policies (i.e. AV/AS, Firewall, OS Protection, Host Integrity) | Typically varies between 20 KB and 80 KB. |
| No. The policies must come from a Symantec Endpoint Protection Manager. |
IPS Signature Updates | 50 KB and 100 KB |
| Yes. The client receives information from the Symantec Endpoint Protection Manager when to download content from the GUP. |
AV Signatures | 50 KB to 200 KB (daily) | If We assume that the signatures are updated successfully every day | |
Logs | Varies |
| Logs are forwarded from the client to the Manager. |
Heartbeat for Major Location | 2 Hours |
|
|
Total Approximate Size of SEP data if Client is Fully Updated (during 8 Hours) à 300 KB
If Definition is older than 10 Days à 3 MB
If Definition is older than 20 Days à 6 MB
If def ignition is older than 30 days à 9 MB
We would be pleased to hear comments on our analysis if this is correct or wrong. We welcome any kind of inputs/data/information/conclusion regarding networl level traffic utilization by Symantec Clients.
Thank you