This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Premysl_Vresky
Contributor
‎2018-02-01 02:38 AM

Management dump files

 

In the C: \ Windows \ Internet Logs folder, dump Check Point files are stored.
For example:
EFRService_2nd_2018_01_31_21_08_37_small.dmp
CP_EFR_Crash_860045016_1515599330.dmp

On one computer, I found 7 GB total logs.

Since I have over 1500+ endpoint installs, I do not even know how many computers these dmp files are and how much space they occupy. I need to help with the third party tool for analysis and removal.
Idea:
Put some size limit on this folder, or direct these files to another folder and put there a similar mode as the folder c: \ sendblastbackup .. to delete old files.
Just introduce some management of these files
I have a ticket based on this issue, I write it here to help other administrators if they do not know about it.

0 Kudos
6 Replies
XBensemhoun
Employee
Employee
‎2018-02-01 05:58 AM

Hi, did you try to understand why such dump logs were generated ? Was there generated frequently ? During a specific period of the day/week/month  ?

Do you have the same version deployed on every workstation ? If so : what version (maybe a known issue fixed in later builds) ?

For the deletion of the logs : dis you deploy the package through tools such as Altiris, SCCM, ... ? Because you should include in the package installation process the deletion of such files (and just before : generat a report in order to understand if this issue is at large or for specific computers).

Information Security enthusiast, CISSP, CCSP
0 Kudos
Premysl_Vresky
Contributor
‎2018-02-01 07:39 AM

The principle of this idea is not to solve individual cases, these files are old, on computers we perform regular update of clients.
I'm afraid that the storage of these files is not limited. I'm just starting to analyze the situation, I find that damp files are on hundreds of computers. On laptops we usually have a 128GB SSD HDD and then there is a problem if the dump files occupy, for example, 15GB.
It's a native system solution via Check Point. I could imagine a limit of 2 GB, for example, and gradually remove old files.
I assume that these files did not occur during deployment but during normal operation.

0 Kudos
Amanda_90
Explorer
‎2023-05-03 07:37 AM
In response to Premysl_Vresky

Hi, Guys!

I have the same problem on an endpoint, it is taking up too much space in the ProgramData\CheckPoint\EndPoint Security\Threat Emulation\ folder

They are files with the same .DMP extension, I would like to know if I can delete them and how can I do it?

0 Kudos
toviab
Employee
Employee
‎2023-05-03 11:20 PM
In response to Amanda_90

Hi @Amanda_90 , 
If these files are new it can indicate a problem with the ThreatEmulation service and we would need to investigate why the service is creating these dump files.
If it is old files from older version then these can be deleted.
You can contact TAC to assist in removing these files as they are protected and you will need to remove the protection prior to deleting them.
Regarding the main issue, we will discuss this issue and see how we can address the issue by setting a limit to these files.

0 Kudos
PhoneBoy
Admin
Admin
‎2018-02-01 04:12 PM

It seems like you should be engaging with the Check Point TAC about this.

Contact Support | Check Point Software 

0 Kudos
Premysl_Vresky
Contributor
‎2018-02-01 10:30 PM

Yes, I work together. I wrote the information here because I think it might be of interest to the CheckMate community. It has not occurred to me for several months that there is so much data on computers.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events