search cancel

Threats not being detected on VDI using Citrix app layering technology with Endpoint Protection client


Article ID: 171647


Updated On:


Endpoint Protection


Using Symantec Endpoint Protection (SEP) client to test.

  • Tried to extract the Eicar test file on a non-persistent VDI client and the file was not getting detected.
  • The file is detected when executed.

There is no error message, the file is not getting detected. 


  • Symantec Endpoint Protection Manager Version 14.0.3876.1100
  • Symantec Endpoint Protection Manager Database SQL 11.00.6594
  • OS on which Symantec Endpoint Protection Manager is installed and Service Pack if any Windows 2012 R2


Since the VDI is basically deleted and recreated almost daily, SEP sees it as a new machine, so it reindexes the auto protect every day. This causes major performance issues, therefore, it is generally best to keep auto-protect turned off.


Boost the manual scan schedule or keep it how it is as long as it's being detected when modified, opened, or full scans are being run on the host server regularly.