Threats not being detected on VDI using Citrix app layering technology with Endpoint Protection client

book

Article ID: 171647

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Using Symantec Endpoint Protection (SEP) client to test.

  • Tried to extract the Eicar test file on a non-persistent VDI client and the file was not getting detected.
  • The file is detected when executed.

There is no error message, the file is not getting detected. 

Cause

Since the VDI is basically deleted and recreated almost daily, SEP sees it as a new machine, so it reindexes the auto protect every day. This causes major performance issues, therefore, it is generally best to keep auto-protect turned off.
 

Environment

  • Symantec Endpoint Protection Manager Version 14.0.3876.1100
  • Symantec Endpoint Protection Manager Database SQL 11.00.6594
  • OS on which Symantec Endpoint Protection Manager is installed and Service Pack if any Windows 2012 R2

Resolution

Boost the manual scan schedule or keep it how it is as long as it's being detected when modified, opened, or full scans are being run on the host server regularly.