Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Symantec DLP endpoint OS space issue

Created: 02 Aug 2012 | 7 comments
MiRzA's picture

Hi,

We are facing space issue on enpoint clients, actually symantec DLP endpoint creating .VEP files in location C:\Program Files\Manufacturer\Endpoint Agent\temp. there is no policy is configured on enforce server.

Kindly any one help us to prevent this.

regards

shoaib latif

Discussion Filed Under:

Comments 7 CommentsJump to latest comment

yang_zhang's picture

DLP agent makes a snapshot of any file that are evaluating for removable storage.  That way, if the file is removed before DLP agent detect, DLP agent can still Monitor the file and create an incident, allowing us to be aware that the copy happened.  Before processing, the files are copied into an .snp files that are stored in the C:\Program Files\Manufacturer\Endpoint Agent\temp directory.

The .snp (snapshot) files are the original copies of the files DLP agent scan. The file is then copied to a .vep (Vontu Endpoint) file, which is used in the detection process.

If a forum post solves your problem, please flag it as a solution. If you like an article, blog post or download vote it up.
kishorilal1986's picture

It make a snapshot of any file that we are evaluating for removable storage.  That way, if the file is removed before we detect, we can still Monitor the file and create an incident, allowing us to be aware that the copy happened.  Before processing, the files are copied into an .snp files that are stored in the C:\Program Files\Manufacturer\Endpoint Agent\temp directory. 

The .snp (snapshot) files are the original copies of the files we scan. The file is then copied to a .vep (Vontu Endpoint) file, which is used in the detection process. 

We keep the last 20 snp files so there should never be more than 20 files in this folder in v10. The .snp files should be removed if the edpa process is restarted. If there are more than 20 files or they are not removed after restarting the edpa process then contact technical support.

VEP File Elimination should be disabled when:

* Two-Tier policies are used on the endpoint, OR
* Data Retention is enabled on the endpoint, OR
* Symantec Endpoint Encryption is used on the endpoint.

Otherwise, VEP File Elimination can be enabled.

kishorilal1986's picture

Hi Mirza,

If you implement any of the above scenarios on your deployment, make sure that VEP file optimization is turned off. Go to System > Servers > Overview > Server Detail > Advanced Endpoint Settings and scroll down for FileSystem.ENABLE_VEP_FILE_ELIMINATION.int. The parameter should be set to 0.

By default, VEP file optimization is disabled.

Danilobessa's picture

Dear,

these files are being generated on the user's machine and we have no policy enabled on the console. Is this normal?

Thanks

stumunro's picture

kishorilat,

thanks i was looking for that and couldnt remeber off th top of muy head where it was at..

DLP Solutions2's picture

f

Please make sure to mark this as a solution

to your problem, when possible.

DLP Solutions2's picture

If this fixed your problem,. Please close the item.

make sure that VEP file optimization is turned off. Go to System > Servers > Overview > Server Detail > Advanced Endpoint Settings and scroll down for FileSystem.ENABLE_VEP_FILE_ELIMINATION.int. The parameter should be set to 0.

Please make sure to mark this as a solution

to your problem, when possible.