I have a serious issue where all of a sudden my 300 Gb hard drive is full on .PKG files in ..McAfee\ePO\3.6.1\DB\Events. I don't know what is causing this but it has been growing at an alarming rate since September 27, 2008. The only way to free space was to use a command prompt to delete 8.pkg. It took all night but freed up 294 GB. Does anyone know how to correct this?
Thanks for the reply. It turns out that VirusScan 8.5i on-access scanning was preventing the event parser from deleting the .pkg file. once I created an exception the files started to decrease immediately. The weird thing is this just became an issue. Nothing has changed on the VS side for a year aside from updates and .dat files.
I don't believe it was the cause in my case. Though, I am not sure that I did exactly what you did in your exclusions. I excluded EventParser.exe in the Access Protection policy to the three that affect McAfee files and settings under Common Standard Protection. I also excluded the 3.6.1 folder and all subdirectories from on-access scanning.
At this time, here is my best theory as to what is going on: I have noticed decreased performance from my ePO server that correalates to when I started the deployment of 8.5i. I have approximately 55K+ client machines. Couple that with the fact that I had the CMA policy to upload events immediately with a "Major" severity. I have just cut that down to "Critical" events. I believe I am just overloading the EventParser and sqlserver services and it took it this long to fill up my drive with the PKG files (I had over 2 million files in the Events directory. I called platinum support and he had me rename the old Events directory and create a new one (restarted the ePO services) so that we could verify that events were coming in, getting processed, and then being deleted (which they were).
I am still trying to sift through my documentation to see what has changed between 8.0i and 8.5i in the event severity ratings. I never had issues like this when the clients were running 8.0i.
I still need to talk with Platinum support and if any type of new epiphany happens that changes my opinion of what is happening, I will post another message about it.
i have the same problem, this folder C:\Program Files\McAfee\ePO\3.6.1\DB\Events is getting fill up with PKG file and the eventpaser.ese process are get higher which it slow my server. also, mcshield is scan this folder and also slowing the server down...
can you explain in step what should i do to exclude folder in Antivirus and Access protection..
also if you can tell me how to limit the event to critical only..
I'm sorry. We have upgraded to ePO 4.0 and AV 8.7. I don't think it's an issue anymore. Anyway, I believe you just have to create a policy for your ePO server for ON-Access Scanning. I'm not sure if it's in general or default but you need to exclude eventparser.exe from being scanned by script scans and on access scanning. I hope this helps.