C:\ProgramData\Cyvera\Prevention folder piling up after installing cortex XDR

Showing results for 
Show  only  | Search instead for 
Did you mean: 

C:\ProgramData\Cyvera\Prevention folder piling up after installing cortex XDR

L4 Transporter

Hi Team,


After installing cortex XDR, I can see C:\ProgramData\Cyvera\Prevention folder is getting filled up fast in one of the servers. There are a lot of activities on this server and Traps is catching some malicious activities often. This will definitely create logs, but i have below queries if anybody can help.

is there any way to restrict the disk usage ?. Will the disk usage pile up if there is no cloud connectivity or wildfire access ?. Will it be deleted once the data is presented to Cortex?

Is it recommended to have disk restriction by agent settings profile ?.

I am having XDR 7.2 agent


Thanks in advance.


L4 Transporter

Hi @Abdul_Razaq-


You can set the quota allowance within the agent profile.  Once the quota is reached, it is first in - first out.




David Falcon 
Senior Solutions Architect, Cortex
Palo Alto Networks® 

L1 Bithead

Same issue, I can see ~40GB is full with xdr logs. But, rather limiting quota; should be technical reason why there are filling so fast.


L2 Linker



same issue happened to me, the file size attempt 40Go, but le size is limited to 5Go 

L3 Networker

Im gonna recommend open a TAC case for this. Default quota is 5 Gigabyte (Max 10) and should not spend more than this. Should be investigated by TAC engineer. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!