Solved: Re: AMP for Windows endpoints clamav folder 35GB

soup_dragon · ‎07-15-2020

Before logging a case wanted to check if anyone had a quick answer to this one. I have a device, server running 2012 that has in C:\Program Files\Cisco\AMP\clamav 3 directories totally nearly 35GB.

This does not seem right. The majority of the files are .txt files with the name format clamav-20200627_232958 of around 100KB and seems to be looping with

Sat Jun 27 20:23:16 2020 -> Created new instance 0000007A82B375A1
Sat Jun 27 20:23:16 2020 -> Scan_GetFileType: Scan_ScanObjectByHandle returned 0, type 00000000000000000000000000000002
Sat Jun 27 20:23:16 2020 -> in Scan_DestroyInstance: Instance 0000007A82B375A1 destroyed

Tempted to uninstall AMP and reinstall but would ideally would like to know whats going on here and check other systems.

Matthew Franks · ‎07-15-2020

Is this connector 7.2.5 or 7.2.7? We recently fixed an issue that seems to match, CSCvu65043 , so if you're on one of those versions, please upgrade to 7.2.11.

Thanks,

Matt

View solution in original post

Matthew Franks · ‎07-15-2020

Is this connector 7.2.5 or 7.2.7? We recently fixed an issue that seems to match, CSCvu65043 , so if you're on one of those versions, please upgrade to 7.2.11.

Thanks,

Matt

soup_dragon · ‎07-15-2020

@matthew, thanks for quick reply, checking the connector version, yes it is on 7.2.7.11687 so will push through an update and see if that helps.

Will post update if it resolves the issue.

soup_dragon · ‎07-17-2020

Sorted, installing Connector 7.2.11.11084 resolved the issue.

Not only has it stopped any new instances of this occurring but also cleaned up old entries. Happy with this.