Solved

Endpoint Loading in Citrix sessions

Posted on 2012-03-14
2
1,144 Views
Last Modified: 2013-12-09
Recently users started seeing an extra Symantec Endpoint icon in their system tray. It's coming down with their Citrix session from the servers (of them). How do I keep this from happening? I'm not sure of the additional bandwidth that this may be using and I don't see a point for it to be running when all machines have AV anyway.
0
Comment
Question by:TSB14883
2 Comments
 
LVL 25

Expert Comment

by:Coralon
ID: 37726925
Are you running a published app in a published desktop? or multiple published apps from different servers?

These are common scenarios that could cause the symptoms you describe.  If it is, check your version of Symantec and see if there is simply a way to hide it.. If it doesn't work, you can look at blocking the systray icons from the published apps, but that could hide important icons.

Coralon
0
 
LVL 1

Accepted Solution

by:
jduell earned 500 total points
ID: 37727609
This is common with Symantec's SMCGUI and terminal services.

There is a regkey to Prevent SmcGui from loading with each user session

HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\LaunchSmcGui=0x0
See Symantec Endpoint Protection 11.0 Terminal Server and Citrix Best Practices http://www.symantec.com/docs/TECH91070

We applied this setting by GPO but you can create a regkey file just the same...

A word of caution... adding this regkey will also prevent Symantec popups from displaying on the console.  Not a real issue unless you have Symantec SEP issues that require the troubleshooting popup... you have to either set the Dword value to 1 just long enough for the SMCGui to launch. Or delete the LaunchSmcGui key all together

Second word of caution: Without the LaunchSmcGui key, if SEP detects a problem, all the existing user sessions will also get the popups and likely click update now... or scan now... causing the server to tank. If not locked down correctly they may also change Symantec Endpoint Protection  settings. This is why we enforce the setting with a GPO... Better Safe than Sorry

This problem has been around for years... Symantec is aware of it but it just isn't a priority to fix it so it only runs on the console... Here is hoping someone at Symantec is listening.

Good Luck
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

UPDATE - 6/15/2011 Added support for Release Update 6 Maintenance Patch 2 Point Patch 1 (RU6 MP2 PP1). Fixed a defect in the username field that was hard-coded to look for a specific domain (left over code from testing). This release will be the …
For those of you actively in the Malware fightling business, we now have available an amazing new tool in the malware wars (first recommended to me by rpggamergirl (http://www.experts-exchange.com/M_3598771.html), the Zone Advisor for the Virus and …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question