The Symantec Endpoint Protection (SEP) client generates many folders in the C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\ErrMgmt\Queue\Incoming.
These files and folders consume a large amount of disk space.
The application or process crashes may not be related to SEP.
When SEP is installed, SymQual and Windows Error Reporting debug settings are added to the Windows registry. When an application or process crashes, files and folders are generated, and data is sent to Symantec. If the SEP client is unable to transmit this data to Symantec, these files and folders remain on disk and consume disk space.
Investigate other applications or processes that crash and implement a fix as necessary. This step stops any additional creation of files and folders.
Additionally, ensure that the SEP clients can access all required URLs. See Required exclusions for proxy servers to allow Endpoint Protection to connect to reputation and licensing servers. Once the SEP clients submit the data to Symantec, they delete the data on disk.
To fully disable submissions and prevent data accumulation in SEP 14.2 RU 1 or later:
Please note for SEP client versions earlier than 14.2 RU 1 that even when "Let clients send troubleshooting information to Symantec to resolve product issues faster" is unchecked, logs for app crashes in the "Incoming" directory aforementioned may still continue consuming disk space. In such a case, please ensure to follow the other two resolution options mentioned in this article, including troubleshooting the root cause of application crashes and resolving those crashes, and lastly, if the root cause for application crashes cannot be resolved, disable SymQual (below).
To disable SymQual's monitor for specific applications or processes: