Connect with us

Hi, what are you looking for?

Citrix XenApp

Script to make your Citrix XenApp servers run better with SEP antivirus

If you use SEP (Symantec Endpoint Protection) on your Citrix servers, you will notice that performance on your server takes a huge hit if you leave Symantec as is. Specifically increased RAM and CPU usage caused by multiple instances of SmcGui.exe and ccApp.exe processes for all the connected sessions.

Symantec has a great KB article here that addresses this:

You can disable SmcGui to prevent multiple instances of it running by adding following DWORD registry value on your Citrix server:

HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\LaunchSmcGui

and setting the value to 0. You can also disable ccAPP by deleting the ccApp entry at the following keys:

32 bit:

64 bit:

I didn’t want to go to each Citrix server and verify and/or make these changes manually so I created this little bat script I can execute remotely on each Server 2008 R2 box (you’ll want to modify for 32 bit boxes):

Now when building a new XenApp server (i.e. not from a template), I wanted to use this same script as a “post-install script” after installing XenApp but with a few other things included. One thing I wanted is to set the Terminal Server roaming profile path (assuming you are not doing it with GPO already). So I add this to the script:

I also want to install my EdgeSight agent at this time. I wrote a a few installs script for this already in my post here:

so I will call on these bat scripts from the script I am writing now. But I want it to pause and let me verify that the Symantec changes happened successfully. So I add this first:

then finally I call on the EdgeSight agent install script (which will reboot your system after installing automatically). I have it shared off my EdgeSight server under the “XENAPP_AGENT” share so my script looks like:

So my final script will look like this screenshot:

Hope this helps. Let me know if there is anything that any of you would like to see added.



  1. Eamonn

    May 10, 2012 at 9:29 AM

    The newer SEP 12.1.1 that came out in April 2012 version seems to prevent changes to this reg key.
    Endpoint “Protection SMC LaunchSmcGui” 0

  2. Tom

    February 25, 2013 at 3:20 PM

    Any remedies for the issue Eamonn points out??

    Thank you, Tom

  3. Jason Samuel

    February 25, 2013 at 3:32 PM

    Tom :

    Any remedies for the issue Eamonn points out??

    Thank you, Tom

    I’m afraid I can’t replicate the issue in a SEP 12.1.1 environment. Using The script continues to work fine for me. Are you running it as an administrator?

  4. Eamonn Deering

    February 25, 2013 at 3:43 PM

    @Jason Samuel

    I got it working. As far as I remember you have to disable Symantec Tamper protection if its on.
    You can enable it after the reg change.

  5. Jason Samuel

    February 25, 2013 at 3:56 PM

    Eamonn Deering :

    @Jason Samuel

    I got it working. As far as I remember you have to disable Symantec Tamper protection if its on.
    You can enable it after the reg change.

    Thanks for the update!

  6. John

    February 6, 2014 at 1:55 PM

    If we enable SEP, Windows Explorer that published on Citrix server will not run. you have to open any other applications on same server and then launch Windows Explorer icon.
    is there any way, we can resolve this issue?

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Citrix Workspace

You can use FIDO2 hardware security keys plugged into your physical desktop over the Citrix HDX remoting protocol for use with virtualized Windows Desktop...


Today I would like to go over proper URL redirection when using SSL but first I would like to preface this by describing what...


In a worst case scenario and all your web servers have failed, what do you do? You could have a standby group of servers...

Microsoft Identity & Access Management

EUC and Security Engineers have always had the capability to add a EULA to Citrix StoreFront and/or Citrix NetScaler Gateway (aka Citrix Gateway) for... began in 2008 as a way for me to give back to the IT community. This website features the latest news and how-to's on enterprise mobility, security, virtualization, cloud architecture, and other technologies I work with. This website has evolved over time to become a go-to reference hub for these technologies. It receives hundreds of thousands of unique visitors from all over the world each month. More details on the About Me page.
Copyright © 2008-2023