Showing results for 
Search instead for 
Did you mean: 

Client definition size

Not applicable

We are getting killed on bandwidth because the anti virus clients, about a thousand, are pulling a 48 mb update file from the parent server. Is this normal? I thought that the update files were normally around 2 mb.


We are using version if anyone has any thoughts.


Level 5
Employee Accredited


i guess even 2 MB which you have mentioned is on higher side, ofcourse it varies on daily basis ( based on threat discovered).

How are clients getting definition, if it is VDTM update the server ( parent server) with xdb rather than intelligent updater.

Did you run monitoring tool to come to this value 48 MB?




Level 6
Partner Accredited
The size depends and for the liveupdate we will have to take care of the network bandwidth as well as you can GUP.

Level 4
Yes usually it depends & varry on a daily basis. You can not fix the size in your own. but you can setup your antivirus server to distribute updated defenation once on a daily basis. I think this will freeup your network bandwidth.

Level 3

U can modify/Create the following registry values.


"UpdateClientsByNetOrSubnet" set the value to 1
"IpSubnetMask" set the value to ur subnet mask in hex (for it is ffffff00)
(names are case sensitive)

This reduces one thread per subnet and traffic from one subnet will be less.



Level 3
More information

Update Client based on Network or subnet with Symantec AntiVirus


Not applicable

There is another possible tuning: Increase of the number of incremental updates to clients

As default, SAV10 uses only 5 microdefs incremental virus definition file to deploy to its clients. Many times when U have >45MB files through network, is that the clients are outdated for more than 5 days. So you can expand its capability to get incremental updates to 20. 

'How to change the number of virus definition (.vdb) files that a Symantec AntiVirus Corporate Edition server keeps' have applied both tunings (subnet + microdefs increase) but I still can't tell if they are effective. Does anybody dis these configs already and have results to share (and how to determine if they are effective)


Document ID: 2001120412343448

> Web URL:


Not applicable

We have the same issue, the clients downloaded 45-60MB definations to the folder C:\program files\commonshare\symantecshare\virusdef

I just cannot find a log on SEPM. I checked Moniotrs ---logs --system --cleitn activities but I just cannot see the size of  download files.

Which files are really the download files in that folder?