Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1282
  • Last Modified:

Citrix shadowing with trend micros deep security policy applied

can anyone help please.

i have recently installed Trend micros Deep Security Anti-malware, i am confident everything is setup and configured correctly.  my users work within a citrix / terminal server environment.

after installation and after applying the deep security anti-malware security policy i have noticed that it is not possible  to shadow a users session again within citrix.  if the deep security policy is removed everything works ok and shadowing works as normal, if the policy is re-applied shadowing again fails, if the policy is removed again it works, i have done this many times and it is consistant.

what happens when the policy is applied and shadowing is attempted is that a command prompt screen pops up and the session appears to be locked, at this point the only way to continue is to reset the citrix session.

i have purchased Deep security only for the anti-malware option and i do have a full license for this, i do not have a requirement for any other aspect of this product like firewall, however, my deep security manager does still have a trial license still running for all options.

i have spoken to Trend about this and they do say to make sure all options (other than anti-malware) are disabled, i have done this and i can confirm that all options other than anti-malware are disabled but shadwing still fails when the anti-malware security policy is applied.

has anyone experienced this problem, could someone help please.

any help would be appreciated.

one last thing thing, my citrix servers are running on VMware esxi 4.1 but i dont think this has any bearing on the problem, just thought i would mention it.

thanks
Phil
0
winterp
Asked:
winterp
  • 3
  • 2
1 Solution
 
Tony JLead Technical ArchitectCommented:
It sounds like there is a firewall component.

It may not be enough to just disable this module as that tends nowadays to put them into lockdown mode. I would set up a rule to allow the shadowing ports through.

From memory, the shadowing uses the file sharing ports - when you're unable to shadow, can you access share on/from the Citrix servers?
0
 
winterpAuthor Commented:
Hi Tony
thanks for you reply.
like you i still believe its a firewall problem and yes i can access the file shares.
its interesting to note (sorry i forgot to mention this in my original post) that, its possible to shadow a user session if your on the same server but not from two different severs when they have the policy applied.
i will see if i can find the port and setup a policy to allow that port.
0
 
Tony JLead Technical ArchitectCommented:
Hmm in that case, it may well be that Trend is actually applying a policy at the hypervisor firewall.

Here's some info:

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1021779
0
 
winterpAuthor Commented:
Bingo problem solved.
Here are the details
The Problem appears to be with EPSEC driver from VMware and that vShieldManager has a problem scanning SMB shares.
Follow these instructions from Trend Micro and it should work, it did for me.
http://esupport.trendmicro.com/solution/en-us/1059280.aspx
Thanks for everyone’s help.
Phil
0
 
winterpAuthor Commented:
thanks for everyone's help problem now fixed, while the last post from the expert did not solve the problem it did help
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now