Harmony Endpoint Posture files cleanup

Hakan_Alpat — Fri, 16 Jan 2026 14:17:42 GMT

Hi,

Harmony Endpoint can't clean old patch files.

Because it can't delete old patch files, it takes up a lot of disk space.

Is there a way to delete old patch files? These files are located in C:\ProgramData\CheckPoint\Endpoint Security\Compliance\PatchManagement\Packages\ this directory.

Has anyone used this script?

Remove-Item -Path "C:\ProgramData\CheckPoint\Endpoint Security\Compliance\PatchManagement\*" -Recurse -Force

Or how can we delete multiple files using Push Operation?

Re: Harmony Endpoint Posture files cleanup

PhoneBoy — Fri, 16 Jan 2026 19:17:56 GMT

Moving this to the correct space.

Re: Harmony Endpoint Posture files cleanup

the_rock — Sat, 17 Jan 2026 03:20:40 GMT

Might be worth TAC case, but in the meantime, here is an AI response.

*******************

You’re running into two common realities with Harmony Endpoint Posture / Patch Management on Windows:

Those “Packages” are a local cache used by the Patch Management blade, and
Harmony Endpoint self‑protection can block deletes under C:\ProgramData\CheckPoint\... while the agent is running, which is why “old patch files” sometimes never get cleaned. [community….kpoint.com]

Below are practical (and safer) ways to clean up without breaking the agent, plus how to do it at scale with Push Operations.

⚠️ First: Don’t nuke the whole folder blindly

This command is effective, but it’s the “scorched earth” option:

Remove-Item -Path "C:\ProgramData\CheckPoint\Endpoint Security\Compliance\PatchManagement*" -Recurse -Force

Why it’s risky:

It will delete everything, including packages that might still be needed for remediation/rollback or pending deployments.
If Patch Mgmt still expects those files, endpoints may re-download them later (network hit) or show temporary errors.

Also, Remove-Item with -Recurse -Force really will delete folders/files aggressively (no recycle bin), so you want guardrails like -WhatIf during testing. [learn.microsoft.com]

✅ Recommended approach (safer): delete only old package files

A common pattern is “delete cache content older than X days”.

1) Test locally with -WhatIf first

$Root = "C:\ProgramData\CheckPoint\Endpoint Security\Compliance\PatchManagement\Packages"

$Days = 60

$Cutoff = (Get-Date).AddDays(-$Days)

Get-ChildItem -Path $Root -Recurse -File |

Where-Object { $_.LastWriteTime -lt $Cutoff } |

Remove-Item -Force -WhatIf

-WhatIf shows what would be deleted without actually deleting it. [learn.microsoft.com]

2) Then run for real (remove `-WhatIf`)

$Root = "C:\ProgramData\CheckPoint\Endpoint Security\Compliance\PatchManagement\Packages"

$Days = 60

$Cutoff = (Get-Date).AddDays(-$Days)

Get-ChildItem -Path $Root -Recurse -File |

Where-Object { $_.LastWriteTime -lt $Cutoff } |

Remove-Item -Force -ErrorAction SilentlyContinue

3) Optional: remove empty directories afterward

Get-ChildItem -Path $Root -Recurse -Directory |

Where-Object { @(Get-ChildItem $_.FullName -Force -ErrorAction SilentlyContinue).Count -eq 0 } |

Remove-Item -Force -Recurse -ErrorAction SilentlyContinue

🔒 The catch: Self‑Protection may block deletion

As you already observed, Harmony Endpoint can deny write/delete access in ProgramData while active due to self‑protection. [community….kpoint.com]

So the reliable workflow is:

Temporarily Disable Self Protection (centrally)
Delete cache files
Re-enable Self Protection

Harmony Endpoint supports push operations including Enable/Disable Self Protection, Remote Command, and File Actions. [sc1.checkpoint.com]

🚀 How to delete across many endpoints using Push Operation

Option A (cleanest if available): File Actions push operation

If your tenant/version exposes it, use:

Asset Management → Push Operations → Create operation
Choose File Actions (available push operation) [sc1.checkpoint.com]
Pick Delete
Target path:\ C:\ProgramData\CheckPoint\Endpoint Security\Compliance\PatchManagement\Packages\
Enable recursive deletion (if the UI offers it)

Pros: no PowerShell quoting issues, no script signing/execution policy hassles.\ Cons: may not support “older than X days” filtering—often it’s path-based delete only.

Option B (most flexible): Remote Command push operation (PowerShell)

Harmony includes a Remote Command push operation. [sc1.checkpoint.com]

Best practice here is to run PowerShell inline (so you avoid “-File path with spaces” issues).

Suggested Remote Command (inline)

Run this as the remote command:

powershell.exe -NoProfile -ExecutionPolicy Bypass -Command ^

"$Root='C:\ProgramData\CheckPoint\Endpoint Security\Compliance\PatchManagement\Packages'; ^

$Cutoff=(Get-Date).AddDays(-60); ^

Get-ChildItem $Root -Recurse -File | ? LastWriteTime -lt $Cutoff | Remove-Item -Force -ErrorAction SilentlyContinue"

Notes:

-ExecutionPolicy Bypass is commonly used to prevent script execution policy blocks in automation contexts. (Also frequently discussed by admins using Harmony PushOps.) [community….kpoint.com]
Inline -Command avoids the quoting/space problems that happen when the portal auto-builds a -File "C:\Program Files (x86)\..." call. That exact pain shows up in the community thread. [community….kpoint.com]

✅ Recommended end-to-end runbook (at scale)

Pilot on 1–3 endpoints (different OS builds if possible)
PushOp: Disable Self Protection [sc1.checkpoint.com]
PushOp: Remote Command (or File Actions) to delete cache
PushOp: Enable Self Protection again [sc1.checkpoint.com]
Monitor endpoints for:
- Patch Mgmt health (does it re-download packages?)
- Disk freed vs. disk re-consumed over time

A couple of quick questions (so I can tailor the safest cleanup)

Are you using EPMaaS (Infinity Portal) or on‑prem SmartEndpoint/R81.x for Posture/Patch Management?
Roughly how big is ...\Packages\ per endpoint (GB), and are files actively locked (Access Denied) when you try manually?

If you tell me that + your Harmony Endpoint client version (E87/E88/E89 etc.), I can suggest:

the best retention window (30/60/90 days),
whether “File Actions” is sufficient or Remote Command is necessary,
and a version-specific workflow that minimizes re-download churn.

Re: Harmony Endpoint Posture files cleanup

lluner — Sat, 17 Jan 2026 21:26:33 GMT

@Hakan_Alpat

This doesn't happen in version E89.10.

Re: Harmony Endpoint Posture files cleanup

the_rock — Sat, 17 Jan 2026 22:52:34 GMT

Good to know!

topic Re: Harmony Endpoint Posture files cleanup in Endpoint

Harmony Endpoint Posture files cleanup

Re: Harmony Endpoint Posture files cleanup

Re: Harmony Endpoint Posture files cleanup

⚠️ First: Don’t nuke the whole folder blindly

✅ Recommended approach (safer): delete only old package files

1) Test locally with -WhatIf first

2) Then run for real (remove -WhatIf)

3) Optional: remove empty directories afterward

🔒 The catch: Self‑Protection may block deletion

🚀 How to delete across many endpoints using Push Operation

Option A (cleanest if available): File Actions push operation

Option B (most flexible): Remote Command push operation (PowerShell)

Suggested Remote Command (inline)

✅ Recommended end-to-end runbook (at scale)

A couple of quick questions (so I can tailor the safest cleanup)

Re: Harmony Endpoint Posture files cleanup

Re: Harmony Endpoint Posture files cleanup

2) Then run for real (remove `-WhatIf`)