ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

ELAM fails in Citrix XenDesktop VDI with Symantec Endpoint Protection installed

book

Article ID: 161831

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

With Symantec Endpoint Protection (SEP) installed to client computers that run in a Citrix XenDesktop virtual desktop infrastructure (VDI), Early Launch Anti-Malware (ELAM) fails to stop bad drivers as expected.
 

Cause

While the virtualization layer is still off, ELAM loads at the very beginning of the Windows boot process, before all other drivers, including Citrix drivers, and before the private virtual disk (PvD) mounts. The PvD is where the differences between the master image and the user data reside. Therefore, the bad drivers load after ELAM loads, so ELAM is unable to detect them.
 

Resolution

Since ELAM does not work as expected in the Citrix XenDesktop VDI, you should disable ELAM on XenDesktop VDI deployments via GPO.
 

 

Applies To

  • Citrix XenDesktop VDI
  • Symantec Endpoint Protection 12.1.2 and later