We are installing ENS 10.6.1 on the new citrix servers with XenApp 7.15 LTSR CU1.
After installation and reboot, users can't login and the connection freeze on "Please Wait for User Profile Service" and on server there are two warnings for winlogon Event 6001 and 6004 .
Disabling the on-access scan on ENS the problem does not occur (Even removing ENS from the server the problem does not occur)
There are no events in any ENS log files.
I cant understand what happens or if there is a "bug".
Please check you have the recommended Citrix exclusions in place - you'll need to use high/low risk processes to define the citrix processes as low risk:
Citrix Guidelines for Antivirus Software Configuration (https://support.citrix.com/article/CTX127030)
Citrix Consolidated List of Antivirus Exclusions (https://www.citrix.com/blogs/2016/12/02/citrix-recommended-antivirus-exclusions/)
Thanks for the reply.
I have already set the recommended exclusions.
I do not understand why no logs are generated if there is any process or service that is blocked by ENS.
You've narrowed it down to the on access scanner component. This feature doesn't report any errors as it doesn't "block" a process or service per say. In cases where OAS is causing issues, it is generally caused by us having a hold on the file when another process also wants it - in this case, we might be performing a scan activity whilst Citrix also wants to access the file resulting in the denied access.
You can potenitally use our Profiler tool to analyse what we are scanning at time of the issue. Otherwise I would suggest gathering a procmon, amtrace and MER with ENS in debug logging whilst reproducing the issue and submitting these to our Support Team. (KB86691 provides you with info on these mentioned data collection tools)
Working on the same problem. 10.5 was fine, 10.6 hangs the various profile processing steps at logon. As with you, all exclusions are in place.
I'm opening a ticket as suggested above, I have not pinned down what exact scanning process/target changed from 10.5 to 10.6.
The same for me. I opened an SR, but Mcafee answered me after 3 weeks.
In the next week I will send the logs collected.
I will wait for them to do their checks...
HugsNotDrugs - I'm not sure what point you are trying to make.
In case we weren't clear enough -
We had Endpoint Security 10.5 installed and working correctly.
The upgrade to 10.6 came out and the profile processing delays started. This was demonstrated over multiple days as the system would behave normaly each morning after nightly reset to the image which had not been updated to 10.6. Once the upgrade ran, the logon failed. We updated some of our images to 10.6 just to verify it wasn't an update without reboot issue and found they are now broke even at boot time. As noted earlier, disabling On Access solves the problem. No policy changes were made. So we can say without question it is related to the McAfee update. Is there a system setting rather than a McAfee setting that could solve the issue? Is there a new set of exclusions or some other setting required for 10.6? Could be either but seems likely McAfee should be our first stop.
If there are a new set of exclusions needed, this would need to be advised by Citrix. These have however remained the same for years and therefore I would not expect these to have changed.
I just had a look at your open SR's and other SR's raised by people in this thread and we don't have any data to check. As advised earlier in this thread, the best data you can give Support to assist you is the following:
A procmon, amtrace and MER with ENS in debug logging whilst reproducing the issue (KB86691 provides you with info on these mentioned data collection tools).
As I had already indicated, I uploaded the logs today (Amtrace and ProcMon).
I removed viruscan 8.8 and reinstalled 10.6.1 to replicate the problem.