PHPKB Knowledge Base Software Logo  
Guru Corner
Online Knowledgebase System  
Knowledge Base Home Knowledge Base Home
Home > All Categories > Symantec > Endpoint Protection (AntiVirus) > Best Practices for Symantec Endpoint Protection on Citrix and Terminal Servers
Question Title Best Practices for Symantec Endpoint Protection on Citrix and Terminal Servers

Problem

You are looking for information on how to best configure Symantec Endpoint Protection (SEP) for Terminal Server and Citrix solutions

Solution

The following whitepaper provides information on the best configuration of SEP in Terminal Server and Citrix environments.

These recommendations apply to SEP 11 and with minor differences also to SEP 12.1.

In SEP 12.1 some processes have changed on the client:

  • ccApp.exe and Rtvscan.exe are no longer present. Their functionality has been moved into ccSvcHost.exe.
  • SmcGui.exe will only be running if the user launches the SEP GUI and it should only be launched for that user session.
  • The ccSvcHst.exe handles the system tray icon which is suppose to run in every session.

  The start of these multiple instances can be prevented by modifying the registry value for LaunchSmcGui as described in the document.

Prevent the process from starting by changing the registry value:

  1. Click Start, Run and type regedit then click OK
  2. Browse to HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC
  3. Find the entry LaunchSmcGui and change it from DWORD 1 to DWORD 0

Note: When LaunchSmcGui is disabled, the help and support > troubleshooting window will show the server as offline. However the client will still update policies/content as needed. The Policy Serial Number can be verified by viewing the SerialNumber string in the registry editor (HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\Sylink).

If you are unable to modify the listed registry keys please temporarily deactivate the Tamper Protection option. Please find an example how to modfiy the tamper protection settings in the SEPM in the following KB:

http://service1.symantec.com/SUPPORT/ent-security.nsf/2326c6a13572aeb788257363002b62aa/c291bf8d5d97b5f68025736200576f9d?OpenDocument

or

Registry Key: HKEY_LOCAL_MACHINE/System/CurrentControlSet/Control/Citrix/wfshell/TWI
Value Name: SeamlessFlags
Value Type: REG_DWORD

DISABLE SYSTRAY AGENT
Value: 0x20

Seamless Configuration Settings
http://support.citrix.com/article/CTX101644&searchID=26517783

Authored by: Guru Corner
Click Here to View all the questions in Endpoint Protection (AntiVirus) category.
File Attachments File Attachments
Article Information Additional Information
Article Number: 289
Created: 2013-07-07 5:59 PM
Rating: No Rating
 
Article Options Article Options
Print Question Print this Question
Export to Adobe PDF Export to PDF File
Export to MS Word Export to MS Word
 
Search Knowledge Base Search Knowledge Base
 
 

Powered by Guru Corner