So - "\ProgramData\Vulscan\" is the place where the following gets stored / saved:
- Agent Behaviour XML's (these are by and large tiny - a few 100 KB at most).
- Vulnerability definitions (these CAN get quite huge - but "all of Windows 7 OS vulnerability information" for instance is around 300 MB.
Now you CAN bloat this stuff potentially by having a large number of custom vulnerability groups with Ooodles of stuff in them could do it.
You'd need to see ... (order by filesize).
Not so much a "quick fix" but something of a temporary triage -- if you run "vulscan /reset", that'll delete all of the local vulnerability data -- that'll all get (re-)downloaded as the vulnerability scanner runs & is told to scan against stuff. So you don't hurt the client at all ... that might be OK if "stuff doesn't come back" (and you can run the command on just a single device to "see how it goes").
But by and large, you should get a feel for "what the XML's are" by looking inside them -- that would help give you an idea of "what you scan for' and thus, why they're so big, potentially.
Does that make sense? .
Yes, that makes sense.... I'm super sad now that I have to syphon through XML files
I do have one "preliminary" custom scan group with 625 definitions, but that should only be scanned once a month. I think I'll try the vulscan /reset and see how that goes while I grab a Netflix and parse the XML's on another machine!
Thanks for the help!
Yeah - it's possible that you've got stuff there from "5 years ago" (well - not quite THAT bad, as we flush that thing whenever you upgrade the agent, but you get the point) ... so without looking at your box, no idea what's in there .
Could be all legitimate ... could just be overdue an upgrade.