Monday, July 16, 2012

Symantec Endpoint AV in a Terminal Server/XenApp environment

SEP 12.1
Windows 2008 Server R2
XenApp 6.0 w/rollup 1
AV & Spyware protection engine only

Reference links
http://www.symantec.com/business/support/index?page=content&id=TECH91070
http://www.symantec.com/connect/downloads/symantec-endpoint-protection-121-virtualization-best-practices
http://www.symantec.com/connect/forums/logs-appdata-under-user-profiles

1.  Change auto-protect to scan when file is modified.

 

2.  Exclude pagefile, Citrix program directories, and print spool folder.



3.  Preventing SmcGui from launching in each user's terminal session.  This should improve performance and could help with Symantec licensing if you are not licensed per user.
  • Open regedit
  • Browse to HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC
  • LaunchSmcGui change from 1 to 0


If you receive this error - Cannot edit LaunchSMCGui:  Error writing the value's new contents.  You must disable tamper protection via Change Settings > Client Management menu.



Uncheck then go back and make the change to LaunchSMCGui



Done!


Posted by at
Labels: , , ,

6 comments:

  1. AnonymousOctober 5, 2012 at 6:31 AM

    Thanks! Temporarily turning off Tamper Protection was definitely the clue I needed. Many thanks for posting.

    ReplyDelete
    Replies
    1. mOctober 5, 2012 at 2:48 PM

      No problem, I'm glad this helped someone out.

      Delete
  2. ThomasApril 3, 2013 at 11:55 PM

    Thanks a lot. Had the same problem with changing the value in registry

    ReplyDelete
  3. AnonymousJuly 30, 2013 at 11:21 PM

    This helped me too. Thanks

    ReplyDelete
  4. AnonymousOctober 2, 2013 at 11:20 AM

    Instead of turning of the Tamper Protection it's also possible to use the safe-mode Boot to change the registry value.

    ReplyDelete
  5. AnonymousFebruary 12, 2014 at 6:19 AM

    This was very helpful to me

    ReplyDelete

Subscribe to: Post Comments (Atom)