Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Symantec Endpoint Protection 14.0 MP2 prevents graceful Citrix session logoff #87

Closed
matthias-schlimm opened this issue Apr 11, 2019 · 3 comments

Comments

@matthias-schlimm
Copy link
Collaborator

commented Apr 11, 2019

Situation
After installing or upgrading to Symantec Endpoint Protection (SEP) 14.0 MP2 in a Citrix environment, you find that it prevents graceful session logoff.

Cause
Our SymQual error reporting service prevents graceful session logoff due to locked WER folders:

Users%username%\AppData\Local\Microsoft\Windows\WER\ReportArchive
Users%username%\AppData\Local\Microsoft\Windows\WER\ReportQueue

Solution
Symantec is aware of this issue and will update this document when a solution becomes available. It is not necessary to log a support case on this issue. Please subscribe to this article to be notified of any updates.

The following workaround will effectively resolve the issue:

Double-click the Symantec Endpoint Protection notification area icon. In the left-hand column, click Change Settings.
Scroll down to Client Management and click the Configure Settings button.
Navigate to the Tamper Protection tab.
Uncheck the Protect Symantec security software from being tampered with or shut down checkbox and click the OK button.
Browse to the SEP installation path .._.\Symantec Endpoint Protection\14.x\bin_ folder.
Rename sqsvc.dll, sqscr.dll and symerr.exe files to: sqsvc.dll.old, sqscr.dll.old and symerr.exe.old
Click Windows Start > Run and type and run the following: smc -stop, and then followed by smc -start. Return to the Tamper Protection tab and click the Protect Symantec security software from being tampered with or shut down checkbox and click the OK button.

https://support.symantec.com/en_US/article.TECH247167.html

@matthias-schlimm

This comment has been minimized.

Copy link
Collaborator Author

commented Apr 11, 2019

waiting for customer feedback. As described above, the files are renamed

image

get the Hotfix here and replace the file in the BIS-F preparation folder: https://github.com/EUCweb/BIS-F/blob/develop/Framework/SubCall/Preparation/10_PrepBISF_AV-SEP.ps1

@matthias-schlimm matthias-schlimm added this to To do in Bugs Bunny via automation Apr 12, 2019

@matthias-schlimm matthias-schlimm added this to the Bugs Bunny Release milestone Apr 12, 2019

@matthias-schlimm

This comment has been minimized.

Copy link
Collaborator Author

commented Apr 12, 2019

test at customer level, running without issues:

Hotfix available for CR and future BB release

Bugs Bunny automation moved this from To do to Done Apr 12, 2019

@jeremyts

This comment has been minimized.

Copy link

commented Apr 24, 2019

Note that Symantec has confirmed that this issue is also present in 14.2 MP1, so it's not just a 14.0 MP2 issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.