Our environment:
- We created about 75 ThinApps in a VDI-Environment (VMWare View, 1 Windows 7 Master-Client, 700 non persistent linked Clones)
- ThinApps are locaated in a DFS-Environment, the Apps will be registered on the Client based on AD Group Membersships during Users login.
- SEP12.1 vor VDI is configured "best practice", we only user "Auto Protect", we don't use "SONAR", we don't use "Download Protection"; in global Scan Options, "Bloodhound heuistic virus detection" is enabled (Level: "Automatic" - we don't even want to know what would happen, if the level was set to "aggressive" ;-))
Our experience:
- when the users launches a new compiled ThinApp, they get a Timeout (15-20 seconds) until the ThinApp-splashscreen appears, even the Process of the ThinApp appears after this period in taskmanager. The Timeout has not with every ThinApp the same duration, sometimes the effect is not even noticeable... it seems to be worth, when Java-based Applications were virtualized with Thinapp.
Our Conclusion:
SEP12.1 heuristic Detectionmethod "bloodhound" seems to expect a potential risk within each new new compiled thinapp-executable. The Agent reports this exe as "Detected Application" back to the SEP-Management Server and marks it with the default Action "Log Only".
Our Workaround:
- After a new thinapp is deployed, add a new exception for the "Detected Application", set Action to "Ignore"...
(in the SEPM-Console navigate to "Policies", "Exceptions" and Edit an existing and to the Client-Group linked Policy (or create a new one). Inside the Policy navigate to "Exceptions" and Click "Add", "Windows Exceptions", "Application". In the Popup-Window you may find a lot of thinapps (in our case neary every thinapp was listed as "Detected Application"). Mark all ThinApps you want to execept, choose "Ignore" from the "Action"-Dropdownlist, Confirm with "OK" and save the Policy. As soon as the client refreshes it's Policy, the ThinApp should not be affected anymore by bloodhound-heuristics (manually refresh the Policy on the client: Start the Agent-GUI, klick "Help", "Troubleshooting", "Update").
If any other/better Experiences and/or Solutions/Workarounds is found by anyone, feedbacks are very welcome...