Data\EDR\localdatastore folder on a client is growing too large
Last Updated May 17, 2019
%ProgramData%\Symantec\Symantec Endpoint Protection\Current Version\Data\EDR\localdatastore is growing too large. Usually several gig in size
Client recieving errors related to disk size.
No errors are recieved within the Symantec client. Though the operating system may eventually show disk space usage errors.
Expect that an average client sends about 2 events per minute. Less than that (fewer than 10 events per 5 minutes) can back up the clients. More than that (greater than 15 events per 5 minutes) increases the load on your server during peak performance. Ensure that your system isn't already fully loaded if you increase the batch size significantly.
If the issue persist, adjustments to the Event viewer or SIEM monitoring should be made to minimize the amount of logs recorded on the client.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe