[Windows] Symantec Endpoint Protection log files become bloated


Hello!This time it is Symantec security softwareSymantec Endpoint Protection:Less thanSEP I had a problem with thatEvent and solutionI'd like to introduce_______


To the following path on the local diskSQ_ {########-####-####-####-############}(# Is probably a unique string)Folder createdIs done.

% ProgramData% \ Symantec \ Symantec Endpoint Protection \ CurrentVersion \ Data \ ErrMgmt \ Queue \ Incoming

In the folder".Dmp" ".etl" ".dlist" ".plist" ".dat"Such asUncommon extensionThere is a file ofDozens to hundreds of MBThere is a size of.

このCreate a large number of filesIt will put pressure on the disc.

* In my caseAbout XNUMXGBI was consuming a disk.


For SEPWhen an error is detectedTo SymantecAbility to send error informationThere is thisFile to reportBut thisStore in IncomingIt seems that it will be done.

Large disk usage under ... \ Data \ ErrMgmt \ Queue \ Incoming by the Endpoint Protection client
The Symantec Endpoint Protection (SEP) client generates many folders in the C: \ ProgramData \ Symantec \ Symantec Endpoint Protection \ CurrentVersion \ Data \ ErrMgmt \ Qu ...

This isAccumulateBy the discConsume free spaceIt will go away.

There are two possible problems that can cause this to happen.

There is a problem that causes an error in Windows (problem other than SEP)

Output from WindowsBe doneError informationTheObtained by SEPdo itGenerate fileIt seems to do.
for that reason,Output to Windows event logThe error that will be made is thisDirectly connected to the problemThere is a possibility that it will come.A common problem isOS corruption-Driver malfunction-Abnormal behavior of softwareAnd so on.To improve each oneNeed to improvethere is.

Data transmission to Symantec fails

OriginallyAfter transmission is completedThisDelete fileTo be discDon't squeeze..For some reasonSending failedWill be mentioned.In other words, in terms of networkSymantecCan't communicateIs a problem.


Identify and repair Windows errors

In the Incoming folder".Dmp"If there is, thatfile nameIf you look at it, you are getting an errorIdentify the applicationI think you can.Of applicable softwareRepair or reinstallI think that is one way.

In addition, Applications included in the driverIn that case,Update driverThere is a possibility of improvement by doing it.

AlternativelyCompare the folder creation time with the Windows event log output timeThen you can guess which error is the cause.

theseRepair to hintLet's try.

* Because this error is wide-ranging,Rarely caused by exactly the same thing.
Please note that the correspondence will vary depending on each case.

Network error

インターネットSurelyCan be connectedPlease check.Proxy settings,Fire wallDepending on the settings etc.can not connectSometimes.Company'sRental PC, etc.Then that kind ofThe case remainsBecause,Talk to the person in charge of the networkI think it's a good idea to try it.

Disable the ability to send SEP error reports

By editing the registryDisable the ability to send Windows errorsCan be

  1. Disable SEP
  2. Delete the files and folders that have accumulated in "% ProgramData% \ Symantec \ Symantec Endpoint Protection \ CurrentVersion \ Data \ ErrMgmt \ Queue \ Incoming"
  3. Back up "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Windows Error Reporting \ LocalDumps"
  4. Delete the subkeys of the applications under it that you do not want to monitor
  5. Enable SEP

ThisOutput errorResulting inAvoid process monitoringcan.


This time, I introduced the cause and explanation for the bloated SEP file.

This issue is caused by the accumulation of error reports of security software, but it is originally caused by something wrong with Windows.Unless you solve it, you will end up in an infinite loop where you delete a file and it accumulates again.

However, Windows errors are not straightforward either.It's fine if it's simple, but since it's a large-scale system, it's often difficult for individuals to solve it.

Unless you have a good reason, it may be faster to ask a professional or perform a clean installation.

Regarding Windows errors, I will write an article if it is resolved, so I would be grateful if you could support me.

I hope it helps you.


Translate »
I copied the title and URL