We'd love to hear about it! Click here to go to the product suggestion community
Greetings, I am a recent hire at my company and new to Sophos. I have been asked to investigate why files are piling up in the C:\Windows\Cryptoguard folder. They have consumed 20GB on our c drive which nearly out of space.
Our environment is:
Related Software Versions (Operating System, Outlook, etc.): Windows 2016 DataCenterAmazon EC2 r5.4xlarge
SophosRAM 126.54c drive 5gb free out of 74.9!!!!Core agent 2.2.5Server AV 10.8.4.227Server Intercept X 2.0.8Last update signature update 7/10,7/16
We do have Sophos central, though I haven't seen it yet.
Based on searches it seems that this folder is used to hold files suspected of being ransomware, is that correct? Last night the Sophos was updated, and this morning there were 844 files added to the folder after reboot, where there had only been 6 since June.
Can someone please get me up to speed on what is going on and how to fix it?
I would open a support case for this, you could have malware or it could be a false positive or have something to do with (if) how you are encrypting files on this server at rest or in motion that is causing Sophos to flag them. Whatever the reason I would open a support case to get some help quicker than you may or may not get in here.
Hi Steven Robinson1
Cryptoguard monitors all files and creates a backup of them in the folder in c:\windows \cryptoguard\. We do not recommend to delete these files. I would request you to create a support case and PM me the details of the case so that I can have a close look.
In reply to Shweta:
I would like to update this query: why files are piling up in the C:\Windows\Cryptoguard folder
The latest version of Intercept-X has resolved the issue.
You can find more details on the below article