.dmp file accumulation causes low disk space on Endpoint Protection clients

book

Article ID: 161587

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

  • The Symantec Endpoint Protection (SEP) client generates .dmp files in the C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Install\Logs folder
  • These files take up large amounts of disk space
  • How to delete .dmp files
  • .dmp file shows access denied error while deleting

Cause

This problem is caused by debug settings added to the Windows registry by the Symantec Endpoint Protection (SEP) client installer. These debug settings cause the ccSvchst.exe process to generate memory dumps when it encounters handled exceptions. These dumps are not generated by a process crash.

Resolution

This problem is fixed in Symantec Endpoint Protection (SEP) 12.1.6 (RU6). To obtain the latest version of SEP, see Download the latest version of Symantec Endpoint Protection.

To work around this problem until you can upgrade, manually disable SEP clients from generating memory dumps.

  1. Disable Tamper Protection
  2. In the Windows registry, navigate to the following key:

    HKEY_LOCAL_MACHINE\SOFTWARE(\Wow6432Node)\Symantec\Symantec Endpoint Protection\CurrentVersion\Common Client\Debug\CrashHandler (HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Common Client\Debug\CrashHandler on32-bit Operating Systems)

  3. Set the following DWORD values to 0:
    • DumpOnException
    • DumpOnInvalidParameter
    • DumpOnNew
    • DumpOnPurecall
    • DumpOnSecurity
  4. Restart smc.
  5. Enable Tamper Protection.


Note: After migrating or working around the problem, you will need to remove the .dmp files already on the computer.