mdatp growing /Library/SystemExtensions/.staging

Michael Acosta 11 Reputation points
2022-11-17T00:30:36.15+00:00

We are currently experiencing an issue with mdatp growing the .staging file located in the following path:
/Library/SystemExtensions/.staging

So far we have had the issue with macOS from version 12.4 - 12.6.1.

We did not deploy using script, but following all of the Jamf documentation provided by Microsoft:
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mac-jamfpro-policies?source=recommendations&view=o365-worldwide

All configuration profiles have been reviewed and created from A-Z as documented in that article.
macOS devices are being onboarded without issues and all diagnostic uploads, engine, definition updates and other features are working properly.

Rebooting the device will shrink it back again but the problem is that designers and other users can't afford to be randomly rebooting while losing work hours re-creating assets when the internal hard drive is filled up causing applications like Photoshop or After Effect to crash since the cache/scratch disk is filled up.

Here a summary of the version and health from mdatp health:

healthy : true
health_issues : []
licensed : true
engine_version : "1.1.19700.3"
app_version : "101.87.30"
cloud_enabled : true [managed]
cloud_automatic_sample_submission_consent : "safe" [managed]
cloud_diagnostic_enabled : true [managed]
passive_mode_enabled : false [managed]
real_time_protection_enabled : true [managed]
real_time_protection_available : true
real_time_protection_subsystem : "endpoint_security_extension"
network_events_subsystem : "network_filter_extension"
device_control_enforcement_level : "audit"
tamper_protection : "audit" [managed]
automatic_definition_update_enabled : true [managed]
definitions_version : "1.379.466.0"

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,837 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. sknbnshw 0 Reputation points
    2023-09-13T19:45:21.5766667+00:00

    Hi Michael, did you find a solution to this problem? If so, please can you share it, as I am struggling with exactly the same issue.

    Thank you :)

    Ben

    0 comments No comments