Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

SentinelOne agent is consuming a lot of diskpace

Hi,

It looks like the SentinelOne agent is consuming a lot of diskpace.

After investigation we found a large number of "log" / .sst files under C:\Programdata\Sentinel\data\prdb

Is anyone else facing the same problem? And is it save to delete the .sst files??

Category: Capture Client
Reply
Tagged:

Answers

  • BWCBWC Cybersecurity Overlord ✭✭✭
    edited February 25

    @Eddy77 I checked my remaining one or two CC installations and do not have this amount of files. These Files are used for tracking threats, related processes and actions.

    According to the SentinelOne KB if this endpoint is a server it should be purged after a reboot, this does not apply to non-server OS.

    In the SentinelOne Management Console there is an Action called "Purge Database", but it is not available in the Capture Client Management.

    SentinelOne says:
    It also holds the data model for the behavioral AI engines and the functionality for 
    remediation and rollback. Do not delete the files in this folder. Let the Agent clear 
    the PRDB based on triggers, or clear it with a manual Purge command.
    

    I'am afraid (literally) you need to open a Support Ticket to get this resolved or uninstall the agent and re-install again. There is another KB article in the S1 KB for solving that kind of issue on infected Endpoints, but I'am not sure if this applies here.

    --Michael@BWC

Sign In or Register to comment.