SEP Notification Icon

 Server, XenApp  No Responses »
Apr 182012
 

During a recent Symantec Endpoint Protection deployment, I started to notice an interesting anomaly. Every time a user accessed the web interface and launched a Citrix icon, a new process would spawn and minimize to the users tray (SEP Notification Icon).  You can also see the pending process by  opening the Citrix Connection Center and expanding the servername (active/servername/).

disconnected session shows notification icon for sep

Whats interesting about this specific issue is after the user closed out of the published application, the SEP Notification icon remained and the user still had an active session on the server. As a result of this action we started to notice our concurrent license usage was at levels we did not anticipate which prompted further investigation.

In the event you do have the Notification Icon after updating SEP, simply logon on the server in question and add/modify the following registry key:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC]
"LaunchSMCGui"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ccApp"=-

Now that you have hidden LaunchSMCgui an purged the run key of unnecessary Symantec launches you should be good to go and will no longer have lingering sessions.

 Posted by T.Mims at 3:12 pm  Tagged with: , ,

disable symantic hids

 Server, Workstation, XenApp  1 Response »
Sep 262011
 

Case and point! Its completely annoying how many times we add a new environment into a xenapp farm or server environment and we need to disable HIDS simply because we have no freaking idea what the application is doing. Dont let the name – Heuristic Intrusion Detection Software fool you because it can block more than you want (and often does)!  As far as we are concerned, this is a must in your troubleshooting logic, and for testing ports, new software, etc…

So to that note, to disable HIDS in your x64 environment - run the following command.
C:\Program Files (x86)\symantec\Critical System Protection\Agent\IPS\bin\SISIPSService -i

To disable HIDS in your x86 environment – run the following command
C:\Program Files\symantec\Critical System Protection\Agent\IPS\bin\SISIPSService -i

Surely this will help you in your quest to get to the bottom of root cause analysis (RCA). We all know symantec has evolved into the black hole to us engineers, much like the network. Enjoy and please look at your firewall rules next in the event this fails. And make sure your turn Symantec HIDS back on when you are done.

 Posted by T.Mims at 10:28 pm  Tagged with: , , ,

symantec heuristic scanning

 Ramblings  Comments Off
Apr 072011
 

It’s completely annoying. Can anybody just explain why when we launch an application written in visual studio 6.0 symantec antivirus decides to quarantine [heuristic scanning] my binary? This is completely annoying.
file quarantined

 Posted by T.Mims at 4:19 pm  Tagged with: ,
© 2012 random technology [RT] technology documentation

Optimized by SEO Ultimate