After Symantec virus definition file version 191001021 is applied to SEP (Symantec Endpoint Protection) on the VDA the VDA may exhibit issues with session launches failing or the VDA not registering with the DDC.

A restart of the VDA will temporarily resolve the issue however it will come back after a variable period of time.

 

Citrix is not responsible for and does not endorse or accept any responsibility for the contents or your use of these third party Web sites. Citrix is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement by Citrix of the linked Web site. It is your responsibility to take precautions to ensure that whatever Web site you use is free of viruses or other harmful items.

Either roll back the Symantec definition file to the previous version or update to definitions 10/5/19 rev. 3 and newer. 

For more details see https://support.symantec.com/us/en/article.tech256579.html  

 

---

Problem Cause

Citrix Support has observed that this is caused by SEP creating the following registry key during a scheduled or on demand Scan of the system after the above definition file has been loaded:

HKEY_USERS\S-1-5-20_Classes

The existence of the above key is not a problem however SEP creates this key with no permissions for the built in Network Service Windows account (which is user S-1-5-20).  Windows Services (including Citrix ones) that run under the context of the Network Service will fail to enumerate the contents of the key and exhibit the problems described above.  

Rebooting the VDA will clear the key but it will be re-created on the next scan (scheduled or manual) from SEP.  

You could alter the permissions of the key to include Full Control for Network Service however this is only a temporary solution as you would have to do it after every reboot after the key is created.

Citrix DaaS Launch and Registration Failures after Symantec definition file 191001021 is applied to the VDA

Ref: Symantec case # 30605580