Absolutely shocking! We've had a major blowout with SEP about this same issue. No decent resolution has been provided.
Try dealing 8000+ clients that had filled disk drives. Can you image how many hours this would take to clean up....
To help you:
1) make sure Tamper Protection is disabled on the CLIENT (i.e. even if you changed the policy on the SEPM this will take time to propagate) - you can scipt this as well with something like:
===================================================================
start smc.exe -p YourSEPPass -stop
ping 1.1.1.1 -n 1 -w 15000 > null
start smc.exe -start
ping 1.1.1.1 -n 1 -w 30000 > null
if "%PROCESSOR_ARCHITECTURE%"=="AMD64" (
REG ADD "HKLM\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion\Common Client\Debug\CrashHandler" /v DumpOnNew /t REG_DWORD /d 0 /f
REG ADD "HKLM\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion\Common Client\Debug\CrashHandler" /v DumpOnException /t REG_DWORD /d 0 /f
REG ADD "HKLM\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion\Common Client\Debug\CrashHandler" /v DumpOnPurecall /t REG_DWORD /d 0 /f
REG ADD "HKLM\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion\Common Client\Debug\CrashHandler" /v DumpOnSecurity /t REG_DWORD /d 0 /f
REG ADD "HKLM\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion\Common Client\Debug\CrashHandler" /v DumpOnInvalidParameter /t REG_DWORD /d 0 /f
) else (
REG ADD "HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Common Client\Debug\CrashHandler" /v DumpOnNew /t REG_DWORD /d 0 /f
REG ADD "HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Common Client\Debug\CrashHandler" /v DumpOnException /t REG_DWORD /d 0 /f
REG ADD "HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Common Client\Debug\CrashHandler" /v DumpOnPurecall /t REG_DWORD /d 0 /f
REG ADD "HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Common Client\Debug\CrashHandler" /v DumpOnSecurity /t REG_DWORD /d 0 /f
REG ADD "HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Common Client\Debug\CrashHandler" /v DumpOnInvalidParameter /t REG_DWORD /d 0 /f
)
===================================================================
2) set up a script to delete the folders as SEP will recreate them anyway
Im using the below script delete.cmd
==========================
fsutil behavior set DisableDeleteNotify 1
rmdir /s/q "c:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\CmnClnt\ccSubSDK"
rmdir /s/q "c:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Install\Logs"
REG ADD "HKLM\SOFTWARE\Standard Client" /v SEPDumpsDeleted /t REG_SZ /d 2 /f
fsutil behavior set DisableDeleteNotify 0
sc start sepmasterservice
==========================
I hope this helps. This is the best i've been able to come up with so far. And unfortunately I have to follow up with plenty of manual fixes.