I tried to reproduce this with 7.16.2 but was not able to. I tested on Windows 10. After installing Agent and adding the Endpoint Security integration I set Agent's log level to debug (to speed up how fast that target directory filled up) then disabled networking for the host. I observed that the endpoint-*.log files properly aged off, unlike what you saw.
Are you positive the Agent and Endpoint Security versions were 7.16? Could you check the you check the output from "c:\Program Files\Elastic\Endpoint\elastic-endpoint.exe" version to be sure.
Can you able to reproduce this? If so, could you share the output from dir /S "c:\Program Files\Elastic\Endpoint" then depending on what that shows we can dig in more? You should never see more than about 300MB of files in c:\Program Files\Elastic\Endpoint\state\log. If you see more than that then you've reproduced it.