KBI 311080 Issue Addressed: TMP_*.GZ Files Accumulated In The Temporary Folder Of Argent for Compliance Service Account
Version
Argent Advanced Technology 3.1A-1407-A or earlier
Date
Wednesday, 17 Sep 2014
Summary
If Argent for Compliance is configured to monitor or archive Windows Security Event Log, large amount of small temporary files may accumulate in temporary folder of service account
The file names are in the format of TMP_*_*.GZ
The issue has been addressed in Argent AT 3.1A-1407-T5
Technical Background
Windows Security Event Log can generate huge volume of Events
It is especially true for Domain Controllers with audit turned On
Argent AT usually compresses the data first before sending it back to Engines
The third party library employed for the compression might generate such small intermediate TMP files and not completely clean them up when it is done
As a result, TMP files could accumulate over time in the temporary folder (%TEMP%)
Argent AT 3.1A-1407-T5 and later have been enhanced to clean up any leftover intermediate files after compression API call
Resolution
Upgrade to Argent AT 3.1A-1407-T5 or later after manually cleaning up the TMP files
For customer who cannot upgrade immediately, he can deploy COMPLIANCE_MAINTENANCE.BAT in Argent for Compliance home directory
The batch file contains single line ‘del %TEMP%\TMP_*_*.GZ /Q‘
Then he can configure the product housekeeping to run the script periodically
As for manually removal of the TMP files, Windows explorer might experience difficulty in loading all the accumulated files due to the sheer amount
Instead, customer can open DOS prompt, and do following commands at command line:
- CD %TEMP%
- DEL TMP_*_*.GZ /Q