Hi,
I have a SQL cluster server that is running Windows Server 2008 SP2 x64 now. SEP client version is 11.0.5002.333.
My Server will generated a this temp folder (folder size = 498GB) and there is a temp file (12GB and growing) and taken up all my C: drive disk space during the weekly schedule scan job.
Because of this issue, my server has hang for 2 times which caused by C: drive is 0 byte.
For your information that my C: drive has 12GB free diskspace only and we don't know why the system is allow to create a folder that will hold content for 500GB. Any idea?
Error Log from SEP:
---------------------------------------------------------------------------------------------------------------
2B03090A251A,14,2,8,CORAL,SYSTEM,,,,,,,16777216,"Symantec Endpoint Protection services startup was successful.",0,,0,,,,,0,,,,,,,,,,,{00000000-0000-0000-0000-000000000000},,,,ESILK,02:26:9E:B5:C9:CC,11.0.5002.290,,,,,,,,,,,,,,,,0,,,,,
2B03090A2706,21,2,9,CORAL,admin_coral,,,,,,,16777216,"Scan Failure: Not enough free disk space to perform a scan",1365475142,,0,,,,,0,,,,,,,,,,,{00000000-0000-0000-0000-000000000000},,,,ESILK,02:26:9E:B5:C9:CC,11.0.5002.290,,,,,,,,,,,,,,,,0,,,,,
2B03090B2511,76,2,16,CORAL,admin_coral,,,,,,,16777216,"TruScan has generated an error: code 15: description: Scan not supported (Invalid OS)",0,,0,,,,,0,,,,,,,,,,,{00000000-0000-0000-0000-000000000000},,,,ESILK,02:26:9E:B5:C9:CC,11.0.5002.290,,,,,,,,,,,,,,,,999,,,,,
2B03090B2817,21,2,9,CORAL,SPFarm.svc,,,,,,,16777216,"Scan Failure: Not enough free disk space to perform a scan",1365478824,,0,,,,,0,,,,,,,,,,,{00000000-0000-0000-0000-000000000000},,,,ESILK,02:26:9E:B5:C9:CC,11.0.5002.290,,,,,,,,,,,,,,,,0,,,,,
2B03090B2B1D,21,2,9,CORAL,admin.sys2,,,,,,,16777216,"Scan Failure: Not enough free disk space to perform a scan",1365479011,,0,,,,,0,,,,,,,,,,,{00000000-0000-0000-0000-000000000000},,,,ESILK,02:26:9E:B5:C9:CC,11.0.5002.290,,,,,,,,,,,,,,,,0,,,,,
2B03090B362F,13,2,8,CORAL,admin.sys2,,,,,,,16777216,"Symantec Endpoint Protection services shutdown was successful.",0,,0,,,,,0,,,,,,,,,,,{00000000-0000-0000-0000-000000000000},,,,ESILK,02:26:9E:B5:C9:CC,11.0.5002.290,,,,,,,,,,,,,,,,0,,,,,
2B03090B3739,14,2,8,CORAL,admin.sys2,,,,,,,16777216,"Symantec Endpoint Protection services startup was successful.",0,,0,,,,,0,,,,,,,,,,,{00000000-0000-0000-0000-000000000000},,,,ESILK,02:26:9E:B5:C9:CC,11.0.5002.290,,,,,,,,,,,,,,,,0,,,,,
2B03090C3802,76,2,16,CORAL,SPFarm.svc,,,,,,,16777216,"TruScan has generated an error: code 15: description: Scan not supported (Invalid OS)",0,,0,,,,,0,,,,,,,,,,,{00000000-0000-0000-0000-000000000000},,,,ESILK,02:26:9E:B5:C9:CC,11.0.5002.290,,,,,,,,,,,,,,,,999,,,,,
----------------------------------------------------------------------------------------------------------------
As I need to find out the root cause, I would like to ask for your help:
1. Is there any way that I can monitor which file that symantec is trying to scan / extract?
2. We do not have a single file that is 500GB, so we want to know what is the cause of this temp folder which required 498GB.
3. Is there a way that we can force to stop the schedule scan if the system is trying to generate large file again?
4. Is there any prevention that we can apply to our server?
5. or any other possibility that may cause the temp folder grow so large?
Appreciate for any helps.
Thank you.
BR,
Kent