cancel
Showing results for 
Search instead for 
Did you mean: 
xaba_sg
Level 7
Report Inappropriate Content
Message 1 of 23

Problem with ENS 10.6.1+November Update and Citrix XenApp 7.15

We are installing ENS 10.6.1 on the new citrix servers with XenApp 7.15 LTSR CU1.

After installation and reboot, users can't login and the connection freeze on "Please Wait for User Profile Service" and on server there are two warnings for winlogon Event 6001 and 6004 .

Immagine.jpg

Disabling the on-access scan on ENS the problem does not occur (Even removing ENS from the server the problem does not occur)

There are no events in any ENS log files.

I cant understand what happens or if there is a "bug".

22 Replies
McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 2 of 23

Re: Problem with ENS 10.6.1+November Update and Citrix XenApp 7.15

Please check you have the recommended Citrix exclusions in place - you'll need to use high/low risk processes to define the citrix processes as low risk:

Citrix Guidelines for Antivirus Software Configuration (https://support.citrix.com/article/CTX127030)

Citrix Consolidated List of Antivirus Exclusions (https://www.citrix.com/blogs/2016/12/02/citrix-recommended-antivirus-exclusions/)

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
xaba_sg
Level 7
Report Inappropriate Content
Message 3 of 23

Re: Problem with ENS 10.6.1+November Update and Citrix XenApp 7.15

Thanks for the reply.

I have already set the recommended exclusions.

I do not understand why no logs are generated if there is any process or service that is blocked by ENS.

McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 4 of 23

Re: Problem with ENS 10.6.1+November Update and Citrix XenApp 7.15

You've narrowed it down to the on access scanner component. This feature doesn't report any errors as it doesn't "block" a process or service per say. In cases where OAS is causing issues, it is generally caused by us having a hold on the file when another process also wants it - in this case, we might be performing a scan activity whilst Citrix also wants to access the file resulting in the denied access.

You can potenitally use our Profiler tool to analyse what we are scanning at time of the issue. Otherwise I would suggest gathering a procmon, amtrace and MER with ENS in debug logging whilst reproducing the issue and submitting these to our Support Team. (KB86691 provides you with info on these mentioned data collection tools)

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
mr
Level 7
Report Inappropriate Content
Message 5 of 23

Re: Problem with ENS 10.6.1+November Update and Citrix XenApp 7.15

Working on the same problem.  10.5 was fine, 10.6 hangs the various profile processing steps at logon.  As with you, all exclusions are in place.

I'm opening a ticket as suggested above, I have not pinned down what exact scanning process/target changed from 10.5 to 10.6.

xaba_sg
Level 7
Report Inappropriate Content
Message 6 of 23

Re: Problem with ENS 10.6.1+November Update and Citrix XenApp 7.15

The same for me. I opened an SR, but Mcafee answered me after 3 weeks.
In the next week I will send the logs collected.

I will wait for them to do their checks...

Re: Problem with ENS 10.6.1+November Update and Citrix XenApp 7.15

Please post your finding here as well if you get any.
I have witnessed a similar cirtix behavior as well, but without a visible ENS logging it is difficult to connect this issue directly to antivirus software. Passing of the issue one time after turning off ENS might be a coincidence, personally I request repeated evidence to confirm the link.
mr
Level 7
Report Inappropriate Content
Message 8 of 23

Re: Problem with ENS 10.6.1+November Update and Citrix XenApp 7.15

HugsNotDrugs - I'm not sure what point you are trying to make.

In case we weren't clear enough -

We had Endpoint Security 10.5 installed and working correctly.

The upgrade to 10.6 came out and the profile processing delays started.  This was demonstrated over multiple days as the system would behave normaly each morning after nightly reset to the image which had not been updated to 10.6.  Once the upgrade ran, the logon failed.  We updated some of our images to 10.6 just to verify it wasn't an update without reboot issue and found they are now broke even at boot time.  As noted earlier, disabling On Access solves the problem.  No policy changes were made.  So we can say without question it is related to the McAfee update.  Is there a system setting rather than a McAfee setting that could solve the issue?  Is there a new set of exclusions or some other setting required for 10.6?  Could be either but seems likely McAfee should be our first stop.

McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 9 of 23

Re: Problem with ENS 10.6.1+November Update and Citrix XenApp 7.15

If there are a new set of exclusions needed, this would need to be advised by Citrix. These have however remained the same for years and therefore I would not expect these to have changed.

I just had a look at your open SR's and other SR's raised by people in this thread and  we don't have any data to check. As advised earlier in this thread, the best data you can give Support to assist you is the following:

A procmon, amtrace and MER with ENS in debug logging whilst reproducing the issue (KB86691 provides you with info on these mentioned data collection tools).

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

Re: Problem with ENS 10.6.1+November Update and Citrix XenApp 7.15

As I had already indicated, I uploaded the logs today (Amtrace and ProcMon).

I removed viruscan 8.8 and reinstalled 10.6.1 to replicate the problem.

Member Rewards
McAfee Community rewards active and helpful members just like you. Click here to take a look at the first community members who received a special reward and were recognized by McAfee leader, Aneel Jaeel, for their participation and trusted knowledge in the community.