Monday, September 21, 2009

Symantec Endpoint Protection (SmcGui.exe) and Citrix (Terminal Services)


We have been experiencing some issues with Symantec Endpoint Protection (SEP) and Citrix.

By default, when users would launch a published application via Citrix, the Symantec Management Client (smc.exe) service launches a process called SmcGui.exe. This also puts a SEP icon (little yellow shield) in the users system tray. This is the GUI front-end for SEP.

Upon closing their published application (any application), the little yellow shield, as well as the SmcGui.exe process, stay running in the background.

How do I resolve this?

Step 1) Seems logical... Disable the icon.

Configure a policy on the SEP server for terminal servers to disable the system tray icon and the gui.

Problem: Even if you setup a policy via the SEP Management Console to disable the system tray icon, the server still launches SmcGui.exe, and fails to close the process when they logout.

Step 2) Google It

A quick google of SmcGui.exe and Citrix yeilds a terribly log thread on the issue over at Symantec's forums. Reading this thread leads to nasty hacks like renaming the SmcGui.exe executable file (which doesn't work), replacing the file (which sometimes works), and some other issues.

too much wasted time on that forum thread!!!

Step 3) Google it More!

After some more googling (sp?) I came across this Symantec knowledge base article...

Woohoo! Turns out we already had the proper maintenance pack installed, so I tested adding the registry key and it worked great...

Step 4) Do this on lots of servers.

I created a custom administrative template file that will allow these settings to be pushed out with group policy.

Hopefully this will help someone else along the way.

here you go. Just save the following to a file (whatever.adm) and add to administrative templates in group policy.


CATEGORY "Symantec Endpoint Protection"
POLICY "Launch SmcGui.exe"
EXPLAIN !!LaunchSmcGui_Explain
KEYNAME "SOFTWARE\Symantec\Symantec Endpoint Protection\SMC"
VALUENAME "LaunchSmcGui"


LaunchSmcGui_Explain="Set to Disabled to prevent SmcGui.exe from launching. Prevents errors on Citrix servers and Terminal Servers."