All users application data symantec symantec endpoint protection

You want to know where, in the file system, Symantec Endpoint Protection (SEP) stores its definitions for each component.

Resolution

In all current Windows SEP clients, the definitions are kept in the following folders, depending on OS:

C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Definitions (Windows Vista/Server 2008 and newer)
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Definitions (WinXP & Server 2003)

In the folder is a structure of subfolders which hold the definitions used for the various components. This structure varies slightly by version, as follows:

For SEP 12.1 clients:

BASHDefs - SEPC Behavior And Security Heuristics 12.1 - MicroDefsB.CurDefs
ccSubSDK_SCD_Defs - SEPC Submission Control Data - 12.1
EfaVTDefs - SEPC Extended File Attributes and Signatures 12.1 - MicroDefsB.CurDefs
HIDefs - SEPC HI Policy Contents Windows - 12.1
IPSDefs - CIDS Signatures 12.1 - MicroDefsB.CurDefs
IronRevocationDefs - SEPC Iron Revocation List 12.1 - MicroDefsB.CurDefs
IronSettingsDefs - SEPC Iron Settings 12.1 - MicroDefsB.CurDefs
IronWhitelistDefs - SEPC Iron Whitelist 12.1 - MicroDefsB.CurDefs
SMRDefs - SEPC SMR Definitions 12.1 - MicroDefsB.CurDefs
SRTSPSettingsDefs - SEPC SRTSP Settings - 12.1
VirusDefs - SEPC Virus Definitions 12.1 - MicroDefsB.CurDefs

For SEP 14 clients:

BASHDefs - SEPC Behavior And Security Heuristics 14.0 - MicroDefsB.CurDefs
ccSubSDK_SCD_Defs - SEPC Submission Control Data - 14.0
EDRDefs - SEPC EDR - 14.0
EfaVTDefs - SEPC Extended File Attributes and Signatures 14.0 - MicroDefsB.CurDefs
HIDefs - SEPC HI Policy Contents Windows - 14.0
IPSDefs - CIDS Signatures 14.0 - MicroDefsB.CurDefs
IronRevocationDefs - SEPC Iron Revocation List 14.0 - MicroDefsB.CurDefs
IronSettingsDefs - SEPC Iron Settings 14.0 - MicroDefsB.CurDefs
IronWhitelistDefs - SEPC Iron Whitelist 14.0 - MicroDefsB.CurDefs
SDSDefs - SEPC Virus Definitions SDS 14.0 - MicroDefsB.CurDefs
SEPDefs - EMPTY
SMRDefs - SEPC SMR Definitions 14.0 - MicroDefsB.CurDefs
SRTSPSettingsDefs - SEPC SRTSP Settings - 14.0
STICDefs - SEPC STIC - 14.0
VirusDefs - EMPTY