Symantec Endpoint Protection 12.1 RU1 and AppV 4.6 2 Comments

Another moment of pure fun with Symantec Endpoint Protection... I liked the version 11 so much and I was missing mysterious Symantec issue so much I decided to update the anti-virus software to 12 on all my customer XenDesktop virtual machines... The version we chose to deploy was Symantec Endpoint Protection 12.1 RU1 (version given by the security administration team), the update went fine, no BSOD, no weirdness and that was weird actually, I was prepare and ready for so much trouble, nothing happened ! the vDisk was updated and the only change this time was SEP, so I pushed the next vDisk into production. Few hours and next day, users were complaining about App-V applications launch issues, that was a known issue because the App-V infrastructure is a bit old (v4.5 on the server-side) and begin to have some weirdness after the weekly reboot (services started but no stream.., next blog post I guess) So we checked everything out around the App-V servers and App-V client (4.6 SP2) and the only things we saw was error in event log but nothing to really think App-V was the root of these issue. Some streamed applications were working some other not.   After searching again and again, I just roll back one vDisk to use the earlier version to check if everything was ok with the earlier version and yes, everything was working fine with App-V applications. So i went to check Symantec knowledge base and I found these two articles : Application Error when launching an App-V virtualized application on a computer with SEP 12.1 client installed. New fixes and enhancements in Symantec Endpoint Protection 12.1 Release Update 2 So you guessed it right, the update to Symantec Endpoint Protection 12.1 RU2 is fixing App-V 4.6 compatibility issues... App-V virtualized applications cannot load with Proactive Threat Protection installed Fix ID: 2689005 Symptom: App-V virtualized applications cannot load with Proactive Threat Protection installed. Solution: Changed Application Control and User Mode Hooking to allow NTDLL image validation. So, one more time thank you Symantec to waste our time and make our life much more complicated !

This blog is what you're looking for if : You are using SEP 11 with PVS and XenDesktop 4 / 5 / 5.5 If your VMs have a "Persona" drive (D: for ex) Windows XP VMs (it should work with Windows 7 as well) If you don't want or you cannot use PVS Personality Strings The SEP11 administrator is becoming crazy because all the XenDesktop VMs are creating new entries at every reboot. Using an antivirus software on a VDI plate form is a discussion often see here and there but this time the question wasn't if I needed to install an antivirus or not, Symantec Endpoint Protection was already installed and running on my customer Citrix XenDesktop 4 / PVS 5.6 sp1 infrastructure. SEP11 (Short name for Symantec EndPoint Protection) was installed and was running well on the PVS distributed pool VMs. Yesterday the SEP administrator came to me and complained about the fact XenDesktop VMs were generating new entry in the SEP11 administration console every time they were rebooted and every morning he was forced to move all the object in the VDI node and delete all the past entries... But everything was working... I guess this administrator might have fund that a bit boring, he just complained and continued to do this tack every day and when he wasn't here, no one was taking care of that manual task. XenDesktop VMs needed to be in the VDI node because the exclusion in place were important for VMs performances : PVS cache file Event logs EdgeSight firebird database etc etc... When no one was doing this task, the Vms were generating new object in the default node where no specific exclusion were done... It did bring some performance issue now and then. First though was to use personality string (PVS feature) but I didn't want to bring another feature in the game as people managing this infrastructure weren't really aware of this PVS feature. All the Symantec technotes (link) about their antivirus and PVS are based on personality string usage so I needed to figure out another way to personalize each VM with their own GUID. After many tests and many solutions found over the Internet, nothing was working well, every time a very was rebooted, a new entry appear in the SEP11 administration console. So decided to go all by myself and try to find out an…