Product: ProfileUnity Client
Product Version: 6.8.5 and higher
Expires on: 365 days from publishing
Updated: March 15, 2024
Problem:
- Antivirus slows logon while scanning of ProfileUnity Program Files and directories.
- Cause Slow down of the VM
- Cause file corruptions
Resolution:
ProfileUnity Client Tools Installation Path
Exclude the entire "C:\Program Files\ProfileUnity" folder, and all sub-folders and files. Each A/V solution has different ways for specifying recursion, ie C:\Program Files\ProfileUnity\* or C:\Program Files\ProfileUnity\**
Or you can list out all the exe's seperately in the ProfileUnity Directory by running
dir /b /s /a-d "C:\Program Files\ProfileUnity\*.exe"
Then adding them seperately as exclusions
Filter Drivers
6.8.5 & 6.8.6
C:\Windows\System32\drivers\cbregistry20.sys
C:\Windows\System32\drivers\cbregistry.sys
C:\Windows\System32\drivers\cbfilter20.sys
6.8.7
C:\Windows\System32\drivers\cbregistry22.sys
C:\Windows\System32\drivers\cbfilter22.sys
C:\Windows\System32\drivers\cbprocess22.sys
ProfileUnity on network shares:
\\<domainname>\netlogon\profileunity\:
Note:This is the current default deployment path. If unsure, check the ProfileUnity console under Administration (top right)->ProfileUnity Tools->Deployment Path.
7z\x64\7z.exe
7z\x86\7z.exe
LwL.ProfileUnity.Client.Startup.exe
LwL.ProfileUnity.Client.Startup.Update.exe
LwL.ProfileUnity.Client.Logoff.exe
User's home portability/vhdx directories:
- \\profileserver\profiles\%username%\Portability
- Exclude:*.7z, *.lou,*.lbr *.vhd *.vhdx and*.manifest files located inside.
DIA software storage location for DIA applications:
- \\server\share\DIA_APPS\
- Exclude: *.vhd *.vhdx
ProfileUnity Temporary directories:
System Temp Directories:
- c:\Windows\Temp\ProfileUnity
- C:\programdata\ProfileUnity\postflight
User Temp Directory
- %temp%\ProfileUnity
- This directory can be redirected to a fixed location like C:\PUTemp using ProfileUnity ADM GPO template.
- KB: How to setup custom ProfileUnity Temp directory.
The FlexApp package and ProfileDisk mount directories:
- C:\FADIA-T
- C:\FlexAppDIA-Temp
- C:\Windows\Temp\flexappdia
- C:\ProfileDiskMounts
- C:\ProfileDisk
- C:\Users\ProfileDisk
- C:\ProfileDisk_Temp
Users Local Manifest Location
C:\Users\%username%\ProfileUnity\Logon & Logoff directories\*.manifest
For SMB cache mode and cloud for FlexApp Block level caching:
- Block cache path = C:\DiskShadowData
ProfileUnity Console executables on the PU Server:
- "C:\Program Files (x86)\Liquidware Labs\ProfileUnity" and sub folders+files
- "C:\Program Files\MongoDB" and sub folders+files
Additional AV Application Specific Information
Trend Micro Apex One (formerly OfficeScan) Specific
Please refer the attached trendexclusions.docx and Zipped AV.zip for examples
Microsoft Windows Defender Specific
Please refer to attached Defender Exceptions.zip, which includes a GPO output of example path exclusions
Another consideration is Microsoft Defender 365 feature called "Attack Surface Reduction" (a.k.a. ASR) can block ProfileUnity from using elevation. When this is turned on, the default policy that is enabled causes this issue. Customers need to approve the the rules in the cloud portal for exclusions.
Example:
When using Citrix VDA 7.1.4 or above.
Add C:\Windows\System32\vds.exe to the trusted program list.
See attached Files for examples specific to those AV's for exclusions.
Related article