Symantec Endpoint Protection (SEP) client generates many folders in the C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\ErrMgmt\Queue\Incoming. These files and folders use a large amount of disk space.
When installing SEP, SymQual and Windows Error Reporting debug settings are added to the Windows registry. Whenever an application or process crashes, files and folders are generated. The application or process crashes may not be SEP related. If the client is unable to transmit this data to Symantec, these files and folders will stay on disk use disk space.
Investigate the application or process that is crashing and implement a fix. This will stop the creation of files and folders.
Additionally, ensure that the clients are able to access all required URLs. See Required exclusions for proxy servers to allow Endpoint Protection to connect to reputation and licensing servers
Once the SEP clients are able to submit the data to Symantec, client will delete the data on disk.
If you wish to disable submissions fully to prevent data accumulation, turn off the following option:
- In the Symantec Endpoint Protection Manager, go to Admin -> Servers -> Local Site -> Edit Site Properties -> Data Collection
- Uncheck "Let clients send troubleshooting information to Symantec to resolve product issues faster."
You can disable SymQual's monitor for specific applications or processes by following these steps:
- Disable Tamper Protection and disable SEP with
- Delete the growing files under the C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\ErrMgmt\Queue\Incoming folder.
- Open the Windows registry, and create a backup.
- Then navigate to the following key:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps
- Delete any unnecessary subkeys.
- Note: Any subkeys that have a 'DumpFolder' value of "C:\ProgramData\Symantec\Data\LocalDumps" are the processes that we monitor.
- Restart SEP with
- Re-enable Tamper Protection.