I've been noticing that my 40 GB C: drive on the Windows 2008 Server keeps getting filled up. After investigation I found that this is a known issue with SEP described in article TECH180056 on symantec websit: Article URL http://www.symantec.com/docs/TECH180056 Symantec Endpoint Protection 12.1 is holding onto more than one set of definitions at a time, using up additional disk space.As of now definitions folder ballooned to over 9GB and keeps growing slowly with every update. The only way to fix this issue for me is to re-install SEP, but I can't do this since this is a critical server and downtime must be scheduled with great advance. When I'm trying ot remove old definitions it's saying access is denied despite my admin account. And I also can't change Read-only attribute to the folder. Does anyone have any idea how to delete old definitions?
SnapOverflow
This is a known issue in 12.1. You need to edit the \symantec endpoint protection manager\tomcat\etc\conf.properties' or upgrade to post 12.1 MP1. If you want to edit the config the value you want to look for is scm.lucontentcleanup.threshold. So if you only want to keep 5 days the value should look like:
I would recommend checking your SEP Console and determine how many content revisions you are keeping.
http://www.symantec.com/connect/forums/define-number-content-revisions-keep-client-location
As far as deleting them manually, you most likely need to stop all Symantec related services which have handles on the folders. Download a tool like Process Explorer and find the handle / stop the process from running.
http://technet.microsoft.com/en-us/sysinternals/bb795533