03-30-2023 06:30 AM
Hey all,
We have AMP SE doing a full scan on our file server. It takes about 18 hours to do a full scan. But the real issue is that it's filling up C:\Windows\Temp with 70+ GB of files and doesn't seem to clear them.
If we manually clear the temp files it starts to fill up again until we actually shut down the AMP SE service.
Version: 8.1.5.21322
also tried an older version with no change.
Solved! Go to Solution.
03-30-2023 06:45 AM
Hey @itguy1024
I have found that there´s a related behavior as you have mentioned here, it refers to this Bug: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe72888
In the information, it refers to a ClamAV taking some time to delete the temp files, and these are generated by macros files existing on endpoints, I´m curious if in this file server, you may store files with this purpose. If so, then you´re hitting this bug, and the immediate workaround is to install v8.1.3.
Now, moving forward, since this issue has been documented and investigated, it will be fixed on the v8.1.7 version which tentatively is scheduled to be released Mid-April.
Hope this information is helpful to you.
Greetings.
-
Pedro M.
03-30-2023 06:35 AM
The issue you're experiencing may be related to a bug in the Cisco AMP for Endpoints software. To resolve this issue, you can try the following steps:
Stop the Cisco AMP for Endpoints Connector service on the affected endpoint.
Navigate to the C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\AMP folder.
Delete the entire contents of the folder.
Start the Cisco AMP for Endpoints Connector service.
This should resolve the issue with the temp files filling up the C:\Windows\Temp folder. If the issue persists, you may need to contact Cisco TAC
03-30-2023 06:43 AM
Thanks. That folder path doesn't exist on our endpoint. I'll open a TAC case.
03-30-2023 06:45 AM
Hey @itguy1024
I have found that there´s a related behavior as you have mentioned here, it refers to this Bug: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe72888
In the information, it refers to a ClamAV taking some time to delete the temp files, and these are generated by macros files existing on endpoints, I´m curious if in this file server, you may store files with this purpose. If so, then you´re hitting this bug, and the immediate workaround is to install v8.1.3.
Now, moving forward, since this issue has been documented and investigated, it will be fixed on the v8.1.7 version which tentatively is scheduled to be released Mid-April.
Hope this information is helpful to you.
Greetings.
-
Pedro M.
03-30-2023 06:59 AM
Thanks. I created a new policy with the 8.1.3 version and moved the endpoint to it. This was some time ago and it doesn't seem like the endpoint has rolled back. If the release next month has a fix we can wait it out.
03-30-2023 07:16 AM - edited 03-30-2023 07:25 AM
Hey.
Actually, the process you may follow is to perform a fresh install of the v8.1.3. By moving the endpoint on your console, from v8.1.5-group to v8.1.3-group won´t perform a downgrade, since this feature is not available... yet...
So I suggest you perform the manual installation or as you have mentioned, wait for v8.1.7.
In case you may have some other questions, don´t hesitate to ask.
--
Pedro M.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide