C:\ProgramData\Sophos\Clean\Dumps sehr groß

Hallo,

ich habe auf einem Server, auf dem der Sophos Endpoint Agent installiert ist, einen Ordner, der größer als 25 GB ist. Der Ordner lautet: C:\ProgramData\Sophos\Clean\Dumps. Dieser Ordner enthält .mdmp-Dateien, auch sehr alte.

 

Ist das normal? Kann man diese Dateien löschen?

  • Hi  

    No, this is not normal. Can you please open any of the *.JSON files from C:\ProgramData\Sophos\Clean\Dumps (you can use a text editor such as Notepad++), to see if there is a file that is persistently getting scanned. You can then clear the files from the Dumps folder to free up space on the drive. 

    Once you have identified the file(s) that are persistently being scanned, please check to see if there are any detections for that file in Sophos Central. You might want to look into these to see if these are unknown and could be malicious, or something that you know could be a false-positive. I wouldn't recommend just whitelisting unless you are sure that those are legitimate applications.

  • In reply to DianneY:

    Hi DianneY,

    there are no .json files inside this folder. The .mdmp files can not be deleted because of missing permissions.

  • In reply to Carsten Voß:

    Hi  

    Do you see any specific files under that folder, which is getting scanned? Are you able to clear that folder? 

  • In reply to Shweta:

    No, there are no specific files exept the .mdmp files. An no the folder can not be cleared.

  • In reply to Carsten Voß:

    Hi  

    You might need local administrator rights to delete those file or may need to stop Sophos clean service after disabling the tamper protection.

    Please let us know whether you are able to see exception in the Sophos clean logs under C:\programdata\Sophos\clean\logs. Then you can go and check the .json file in the drop folder under clean folder in program data.

  • In reply to Jasmin:

    Hi @ all,

    i was able to delete the dump files after disabeling the tamper protection.

    Thank you for your replies.

  • In reply to Carsten Voß:

    Hi  

    Glad to know that you were able to delete the files.