Terminal Server resources are consumed by multiple instances of Symantec Endpoint Protection processes
When SEP (Symantec Endpoint Protection) is installed, Citrix and
other Terminal Servers slow down or become unresponsive. There may be
multiple SEP system tray icons and/or the Task Manager Process List
indicates multiple instances of SEP processes.
Symptoms include one or more of the following, usually increasing as additional clients log onto a Terminal Server
- High CPU utilization
- Multiple instances of the following processes: SmcGui.exe, ccApp.exe, ProtectionUtilSurrogate.exe (64 bit only)
- Duplicate SEP system tray icons (on the server; see Note in Solution below for duplicate icons on a Terminal Server client)
- Hourglass that won't go away on logged in clients (this was
specifically because they don't show the icon as part of their policies)
This problem was fixed in Symantec Endpoint Protection 11.0 Maintenance Release 3.
Upgrade to Symantec Endpoint Protection 11.0 Maintenance Release 3 or newer.
In addition to upgrading, SmcGui must be disabled (to avoid multiple
instances of that process and the SEP tray icon) by adding the following
DWORD registry value on the Terminal Server:
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\LaunchSmcGui = 0
To further optimise memory, you can prevent ccApp from loading: Browse
to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (for 64bit servers
the ccApp entry and delete it
When disabling SmcGui, the following functionality is also disabled:
- No SEP icon on the system tray
- No ability to open the system logs from the client GUI
- No ability to see the firewall or SNAC status from the GUI (most customers will not install a firewall on their Terminal Server)
- No startup scans
- No delayed threat detection notifications
- No missing or out of date definition notifications
- Clients do not display all information in the Help & Support
> Troubleshooting > General Information (Server, Group, Location,
Policy serial number, etc)
- Clients locally show as Offline on the Help & Support >
Troubleshooting > General Information view. In reality the client is
still forwarding stateful information and log data to the Symantec
Endpoint Protection Manager (SEPM).
- Clients do not show the Logon Client status on the SEPM client status view.
The following is a list of the features that are lost after disabling ccApp:
Note: Duplicate SEP system tray icons in the local system tray of a Terminal Server
may be the result of a Citrix feature called Seamless Desktop
Integration, where server resources are made to appear as if they are
running on the client. See Symantec
Endpoint Protection: Duplicate system tray icons appear on Terminal
Server Client for each connection to a Citrix Server.
by: Guru Corner
Here to View all the questions in Endpoint Protection (AntiVirus)
|There are no attachment file(s) related to this question.