After installing or upgrading to Symantec Endpoint Protection (SEP) 14, you find that graceful session logoffs are prevented in a Citrix or FSLogix environment.

Symantec Endpoint Protection client versions 14.0 through 14.3

Our SymQual error reporting service prevents a graceful session logoff due to locked WER folders located in these directories:

Users\####\AppData\Local\Microsoft\Windows\WER\ReportArchive
Users\####\AppData\Local\Microsoft\Windows\WER\ReportQueue

This issue is fixed in the Symantec Endpoint Protection 14.3 RU1 release. For information on how to obtain the latest build of Symantec Endpoint Protection, see Download the latest version of Symantec software here.

The following workaround will effectively resolve the issue:

1. Double-click the Symantec Endpoint Protection Client notification area icon. In the left-hand column, click "Change Settings."
2. Scroll down to "Client Management" and click the "Configure Settings" button.
3. Navigate to the "Tamper Protection" tab.
4. Uncheck the "Protect Symantec security software from being tampered with or shut down" checkbox and click the "OK" button.
5. Browse to the SEP installation path ...\Symantec Endpoint Protection\14.x\bin\ folder.
6. Rename sqsvc.dll, sqscr.dll and symerr.exe files to: sqsvc.dll.old, sqscr.dll.old and symerr.exe.old
7. Click Windows Start > Run, then type the following: start smc -stop and wait for the SEP client to stop, then type: start smc -start. Return to the "Tamper Protection" tab and select the checkbox, "Protect Symantec security software from being tampered with or shut down", then click the "OK" button.
    

ESCRT-767