Citrix user sessions are held open by ccSvcHst.exe during log off

book

Article ID: 158363

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

If user profiles have been configured to be deleted during log off, either by Citrix or Group Policies, the deletion might fail and a new profile created upon next logon.

Cause

During a scan the SEP client holds a handle on the scan log located in \Users\%username%\AppData\Local\Symantec\Symantec Endpoint Protection\Logs\mmddyyyy.log. The handle is not closed when the scan is stopped, which prevents the profile from being deleted.

Resolution

The issue has been resolved by upgrading the SEP Client to version 12.1 RU5 or higher and implementing the following registry key:

32 bit OS:

Location: HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\AdministratorOnly\General\CloseUserLogFile

Type: DWORD

Value: 1 

64 bit OS:

Location: HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node\]Symantec\Symantec Endpoint Protection\AV\AdministratorOnly\General\CloseUserLogFile

Type: DWORD

Value: 1 

Note: Always backup the registry before making any changes to it.


Applies To

Symantec Endpoint Protection 12.1 and environments where user profiles have been configured to be deleted on log off.