I am using ePO for VSE & SC application control management on SQL 2014 R2 Express. THe DB is growing very quick, what steps can I take to prevent it from raching its maximum limit of 10GB?
I have already purged threat events.
The following may help:
Review/Create an automated server task to delete all events in the database that are older and no longer
needed - Page 192
How to identify why the ePolicy Orchestrator database is very large Technical Articles ID: KB76720 Last Modified: 11/7/2016
How to find the top 10 events and purge events from the ePO database based on the event ID Technical Articles ID: KB83652 Last Modified: 11/4/2016
How to remove old events and shrink the ePolicy Orchestrator database Technical Articles ID: KB68961 Last Modified: 2/22/2017
, Do you have anything in learning mode such as HIPS? They tend to fill up database fairly quickly. In addition to links tao provided earlier, you may also want to look at ePO settings and decide what client events you want to retain or forward to database. This can be changed here:
ePO Server Settings \ Event Filtering
, You will need to edit your HIPS policy. Typically you enable learning/adaptive mode temporarily to get an assessment of your network and applications for a brief period of time. This can be done on a select few systems for a week or so without putting a strain on database.
Host Intrusion Prevention 8.0:IPS > IPS Options (Windows, Linux, Solaris) > Your applied policy :
De-select Adaptive mode enabled (rules are learned automatically) option.
you could also install the McAfee Performance optimizer module into your epo. this tool will execute many assements each day on your SAL server and your epo. It will help you greatly to identify wha't wrong in your database. I use it since it's first beta and it's a precious tool.