Just a follow up: The performance issues subsided with the prescribed solutions in here but we are still receiving alerts from endpoints that have had their logs deleted. I'm receiving alerts today from a workstation that has been off for 2 weeks now. These logs have to be stored somewhere else we are unaware of... I've cleared the log tables in the database multiple times and these alerts can't be generated from the endpoints. Where are they coming from? Any tips?
After the issue this past weekend our MBAM management console has been unresponsive and almost unusable. I've done a little DB cleanup by deleting entries in the Security Log table (we recieved millions of alerts, and they are still coming in), which reduced our DB quite a bit but it hasnt helped the speed at all. Any tips?