amr

Good morning all, We have recently kicked off a project to get Defender for Endpoint going and replacing NSX/TrendMicro DeepSecurity. I have read the numerous articles from TechZone and Microsoft a few times each to get an understanding on the best path forward. Key points I've taken away: - Don't onboard the golden image - We want a single entry for each VM, so use the appropriate on boarding scripts for VDI - Use GPO locally, in AD, or post sync script to onboard instant clones - Follow the TechZone article and be diligent about exclusions and things unique to VDI With all that said, how are you managing on boarding ICs with Defender? To me the scripts linked to the IC OUs is probably the method we'll go. We have had issues in the past with post sync scripts timing out and VMs failing to create. Are there any caveats or gotchas to watch out for with this entire system?

I had no luck going through Broadcom or Omnissa, they both pointed me at each other 🤣. However, after some time my keys finally showed back up in our Universal Console under View Perpetual Keys. The link was broken for weeks. My licenses are also not in either vendors portal still.

This is really great that you haven't noticed issues with WD

@John Twilley Awesome to hear! We have had this deployed out to physical machines with no issues for a month or more now. Next month we will be removing the regkey in production on View and see if implementing Defender puts it back or breaks Defender with it not there.

Great to hear and i agree 100%. My biggest question(s) is what does this key do if deleted? Will Defender put it back? Does this leave us vulnerable?

Thanks Sascha. Agreed, curious to see others experience.

Thanks for this post. I just made one this morning before I even saw this one, too funny. We found 100% success in deleting that registry key but are unaware of the impact of doing this, especially with Windows Defender going into production in the next few months. I have not tried the trace start/stop fix you outlined above but have seen other people have success with that on reddit, in particular on those links you posted.

Good morning, I have been following this topic for quite some time and there used to be KB on it, however since the move to Broadcom the page returns a 404 https://kb.vmware.com/s/article/97111. Their workarounds were not viable for us since we cannot disable modern auth, etc. We are able to create this error with the February, March, and April patch on Windows 10 22H2, we have not tried the May patch. The issue appears from the AAD Broker plug in being blocked with the recent updates via Windows Defender. Even though we do not use Defender, this is not unique to us as it is happening to folks who use it or not. If this is blocked, our machines cannot communicate with Azure for auth, licensing, etc, hence the errors. The resolution was to delete the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedInterfaces\IfIso\ and all of its contents on the parent image. You can see that when a machine is broken all of the plug ins are set to ACTION=BLOCKED|ACTIVE=TRUE (attached) and you can see on a working machine, they are not blocked with some of them being ACTION=BLOCKED|ACTIVE=FALSE: (attached) Having said that, I do not know of any repercussions of removing that key as well as all of its entries or not. This is especially something to consider since we will be doing to Defender soon on VDI. Has anyone had any luck fixing this without deleting the keys or has MS/VMware fixed this yet? Does deleting this key impact Windows defender?

We dug into this more with the user. It is happening on PC and Mac but only when he is at his work location in another state. When he is at his home base in a 2nd state, there is no issue. Likely seems issues are related to this other work location.

Sure, they are on 8.12.2. I believe this issue was persistent on older versions.

Hey Rob, Now this could be something very interesting that we will look into. I do not have a good working knowledge of Macs so this is absolutely something we will look at.

Hey Joe, Yes, we have multiple people using 8.12.2 (including myself) with no issue. We have also reached out to the user to try HTML rather than the Client.

Good morning everyone, We currently are on Horizon 8 2306 with 2306.1 UAGs. We have 1 user in particular who appears to constantly be disconnected while working remotely on a Macbook. User is on the latest Horizon Client at the time of writing this. We have ~500 other users who do not have this issue as it seems to be unique to this particular one. The Horizon logs show the users was logged off by the UAG due to being inactive, which is something we expect since we have our timeout on our load balancers to 120 minutes. However, said user is getting kicked off sometimes every 1-10 minutes while working. There is no pattern or frequency to note. We have engaged support and have taken logs and are trying to get the users to use a Windows device and another network to see if this is related to them locally. Has anyone had this issue before?

Duplicate Post - Original here: