cancel
Showing results for 
Search instead for 
Did you mean: 
jagray
Level 7

Purge Old Evidence files automatically

Is there a way for the evidence files to be purged automatically after 2 months?  I have tasks to clearl the incident log and database after an events reaches 2 months in age, But our evidence folder just continues to grow.  And there is no easy way to figure out which ones are evidence from wihtin 2 months.

Thanks,

0 Kudos
5 Replies
vimalnavis
Level 13

Re: Purge Old Evidence files automatically

There is not a way to automate this using ePO/DLPe currently. You will need to create a script that triggers on Date Modified that is more than 2 months old.

The script can be run on the server hosting the Evidence Share using Scheduled Tasks (if it is a Windows Server).

0 Kudos
jagray
Level 7

Re: Purge Old Evidence files automatically

Do you have any scripts or batch files preconfigured for this?   Currently our evidence container is filling up so fast that its causing serious disruptions to the console and other aspects.  

0 Kudos
vimalnavis
Level 13

Re: Purge Old Evidence files automatically

I do not. You should be able to use Windows Powershell or something similar to create one.

Or you could work with someone who knows scripting in your company.

Evidence filling up, have you tried to understand why? Are they false positives or valid matches?

0 Kudos
jagray
Level 7

Re: Purge Old Evidence files automatically

They are valid matches. And even with the device agent police set to only store up to 75% of free space, it continueally fills up the entire drive.

0 Kudos
vimalnavis
Level 13

Re: Purge Old Evidence files automatically

The setting you are referring to applies to the Evidence buffer (used if Evidence Share is not reachable) on the local machine.

That setting does not affect the Evidence Share in any way.

If those are all valid matches, based on your company's Data Retention Policy, you will need to plan for additional storage.

If you have not already done it, ensure that you plan for future Evidence growth and setup Evidence share in a scalable solution like SAN.

0 Kudos