Horizon - Endpoint Antivirus

[AlessandroG 0]

Hello everyone, I switched to horizon, so as to virtualize the workstations. Unfortunately, the antivirus creates some problems for me. When users connect with the Blast protocol, the VMs reset, showing the classic blue screen. I tried to suspend the antivirus but I didn't get any results, uninstalling the antivirus, everything is back to normal. Would you give me some advice?

 

Thanks Alessandro

[Marcos 5,070]

This is a known issue with VMWare drivers which was also confirmed by Microsoft. We recommend contacting VMWare re. the issue. If necessary, we can provide more details about the issue to their programmers.

[AlessandroG 0]

Thanks Marcos

i open ticket on WMWARE

Support Request Confirmation Number:19172949104

Support Request Status:

Open (Unassigned)

Date and Time Created:

2019-04-23 10:51

Target Response Time:

2019-04-23 14:51 (GMT+02:00) Jordan Standard Time

 

I hope that this problem will resolved

 

Thanks Alessandro 

[AlessandroG 0]

Hello Marcos

 

Surely nothing from my past experiences with VMware will happen. Know if there are workarounds to solve the problem ?

Do ypu send me if there is post on Microsoft site

Thanks Alessandro

 

[Marcos 5,070]

I'm not aware of any public statement by Microsoft re. this issue. We analyzed a dump from such crash and concluded that it was caused by a VMWare driver which was also confirmed by Microsoft when we consulted it with their developers. If VMWare contacts us, we can provide them with information that data that would help them fix the issue.

[AlessandroG 0]

2 hours ago, Marcos said:

I'm not aware of any public statement by Microsoft re. this issue. We analyzed a dump from such crash and concluded that it was caused by a VMWare driver which was also confirmed by Microsoft when we consulted it with their developers. If VMWare contacts us, we can provide them with information that data that would help them fix the issue.

Hi Marcos

i copy VMWare's answer

Hello Alessandro,

Thank you for your support request.
My name is Goran and I am assigned this case.
I understand that there is an issue with antivirus software that is causing problems in View environment.
In order to avoid such problems you may review kb article (2082045) from VMware documentation. It provides the list of .exe files from Horizon View that need to be added to antivirus exclusion list to prevent interference.
https://kb.vmware.com/s/article/2082045
 

Naturally I tried this solution without any positive result. I add that anceh the documetnaizoni me sebra old when some files do not exist  :(

 

[Marcos 5,070]

You should reply them that the memory dump from a crash has been already analyzed by an AV vendor and Microsoft and both confirmed a bug in a VMWare driver which is unrelated to the mentioned exclusions. We at ESET are willing to help them and provide details about the problem. You as a customer of VMWare could provide them with a memory dump for perusal.

[AlessandroG 0]

Hi Marcos

 

For your information I have also carried out these exclusions, but I did not get any results.

What seems strange to me that a vodstro user who pays for both your own and Vmware's assisetnezé, must try again when it would be easier for the two software houses to talk to each other.

Thanks Alessandro

 

 

 

 

 

 

[AlessandroG 0]

Update  VMware :

VMware Support Request 19172949104    [ ref:_00D409hQR._5002H18KQak:ref ]

** Please do not change the subject line of this email if you wish to respond. **

Hello Alessandro,

Thank you for the information provided. 
What exact product are you using? Can you confirm that all required ports are opened as described by the user facing similar problems https://forum.eset.com/topic/6181-eset-and-vmware-view-desktops/
Do you have any details on which VMware drivers are causing the issue? Any Microsoft reference to the same? 
I haven't being able to find any relevant information regarding this.

Best regards,

 

Update Eset  :

Buonasera,

 

da quanto comunicato dal supporto ESET, i nostri analisti hanno verificato un memory Dump dal quale a una prima analisi sembrerebbe che il problema sia in qualche modo da imputare ai VMware driver. In questo scenario non abbiamo modo di intervenire ulteriormente e in modo diretto.

Il supporto italiano fornisce supporto di primo e secondo livello sui prodotti ESET.  E' il settore sviluppo ESET ad essere chiamato in causa in questo caso.

 

In quanto cliente VMware dovrebbe Lei aprire direttamente un canale di assistenza con i tecnici VMware e presentare il problema, attendendo una verifica anche da parte loro. Una volta aperto questo ticket sul problema possiamo in qualche modo cercare di far comunicare i due settori sviluppo in modo che possano affrontare insieme il problema stesso.

 

Questo è quanto ci è stato indicato dai nostri colleghi di ESET Corporate.

 

 

 

Conclusions:

 

two big companies can't talk to each other and solve a problem that leads to both problems for their customers. In my humble opinion, it seems to me a lack of respect for customers. Surely you as Vmware have more resources than a common user, I don't think it's hard to get in touch with you.

 

Best reguard

Alessandro Ghezzi

 

[Marcos 5,070]

3 minutes ago, AlessandroG said:

two big companies can't talk to each other and solve a problem that leads to both problems for their customers. In my humble opinion, it seems to me a lack of respect for customers. Surely you as Vmware have more resources than a common user, I don't think it's hard to get in touch with you.

This is untrue. We contacted VMware and provided them with details about the problem in their driver. It's their turn now.

[AlessandroG 0]

12 minutes ago, Marcos said:

This is untrue. We contacted VMware and provided them with details about the problem in their driver. It's their turn now.

This thing you write and it is quite strange, because

1) Vmare  know nothing and keep asking me for info.

Do you have any details on which VMware drivers are causing the issue?

2) I ask Microsoft articles about this bug, which you didn't provide either

Any Microsoft reference to the same?

3) I haven't seen a reply from any of the two parties yet, I am told that my case is under analini, then we say all is not my case and given that from what you tell me is a known problem.

4)

 

Write the problem on the Vmware forum somewhere so that I, like so many other users, can still ask for a solution to the problem more strongly.

As they say in Italian, "words don't make trains run, facts are needed"

None of the development support wrote anything about this problem. In your opinion, who do I believe? For me, you're just throwing the ball over to the other side

Thanks Alessandro

 

 

 

[Peter Randziak 1,130]

Hello @AlessandroG

We got an update from the development team.

As a work-around please try to may disable the UDP in the Blast protocol, it helped in the testing environment, can you please confirm?

To do that please refer to Vmware documentation: (basically set HKLM\SOFTWARE\Policies\VMware, Inc.\VMware Blast\Config\UdpEnabled to 0 (string value) on machines with Horizon agent)
https://techzone.vmware.com/sites/default/files/vmware-horizon-7-view-blast-extreme-display-protocol.pdf
https://techzone.vmware.com/sites/default/files/resource/blast_extreme_display_protocol_in_vmware_horizon_7.pdf

Please keep us posted.

 

Regards, Peter

[AlessandroG 0]

Hello  @Peter

Hi everyone, I performed the indicated procedure and disabled the UDP ports. Unfortunately after connecting via horizon client with Blast protocol through UAG , just logged in to the VM automatically. the vm enters an error and is reset.

I'm sorry but this doesn't seem like the solution

I am also available for a remote session if you wish to check

Reguard Alessandro

[Peter Randziak 1,130]

Hello @AlessandroG,

16 hours ago, AlessandroG said:

I am also available for a remote session if you wish to check

Thank you for the offer, we appreciate it but seems we know what is causing the BSODs. 

Our team worked hard on this and spent about a week by debugging and researching those BSODs as we have multiple reports of it from our customers. 
We are nearly sure that we know, what the root cause, which is not caused by any bug in our security solution, so we are in contact with the driver developer to confirm our assumptions. 
Once confirmed, it will be up to the driver developer company to address the issue. 
Moreover our team came up with a proposed workaround on our side to avoid the bug manifestation leading to the BSOD.

Regards, Peter

Tracking key for us: P_EESW-4003

[lars50 0]

Hi@all,
I have the same issue.
Horizon 7.9 running on W2K19, VDI Clients = Windows 10 1903 with NVidia GPU Support.
Blast = Bluescreen if ESET Endpoint AV 7.1.x is installed.
PCOIP/RDP = OK.
Using the e1000 virtual network adapter instead of vmxnet3 as a workaround is working fine!
Can someone confirm this?

e1000 produces the Bluescreen as well , just tested with an test W10 Machine.

Best Regards
Lars

Edited July 31, 2019 by lars50
New information about e1000

[Fabian 0]

Same Problem here.

Horizon 7.9  W2K16

VDI Clients = Windows 10 1903 with or without NVidia GPU

Blast = Bluescreen if ESET  is installed.

PCOIP/RDP = OK.

opened case with VMware, but they only "keep the customer busy" ( make different pool, try E1000, reinstall Win10, reinstall Connection Server, …..)

 

[Marcos 5,070]

Didn't the above mentioned workaround work? Ie. setting HKLM\SOFTWARE\Policies\VMware, Inc.\VMware Blast\Config\UdpEnabled to 0.

VMware is working on a fix in their driver. In the mean time, we've implemented a workaround in our driver so that issues don't occur if there's a faulty VMware driver installed together with our product.

[Fabian 0]

On 6/19/2019 at 2:07 PM, Peter Randziak said:

Hello @AlessandroG

We got an update from the development team.

As a work-around please try to may disable the UDP in the Blast protocol, it helped in the testing environment, can you please confirm?

To do that please refer to Vmware documentation: (basically set HKLM\SOFTWARE\Policies\VMware, Inc.\VMware Blast\Config\UdpEnabled to 0 (string value) on machines with Horizon agent)
https://techzone.vmware.com/sites/default/files/vmware-horizon-7-view-blast-extreme-display-protocol.pdf
https://techzone.vmware.com/sites/default/files/resource/blast_extreme_display_protocol_in_vmware_horizon_7.pdf

Please keep us posted.

 

Regards, Peter

disabled the UDP in the registry as you mentioned above.

 

WORKS FINE  for me!!

[Fabian 0]

27 minutes ago, Marcos said:

Didn't the above mentioned workaround work? Ie. setting HKLM\SOFTWARE\Policies\VMware, Inc.\VMware Blast\Config\UdpEnabled to 0.

VMware is working on a fix in their driver. In the mean time, we've implemented a workaround in our driver so that issues don't occur if there's a faulty VMware driver installed together with our product.

WORKS FINE for me !!!!

THX a lot

[lars50 0]

On 8/2/2019 at 1:06 PM, Marcos said:

Didn't the above mentioned workaround work? Ie. setting HKLM\SOFTWARE\Policies\VMware, Inc.\VMware Blast\Config\UdpEnabled to 0.

VMware is working on a fix in their driver. In the mean time, we've implemented a workaround in our driver so that issues don't occur if there's a faulty VMware driver installed together with our product.

The tests with the UDP workaround are working.

VMware confirmed an update to me with Horizon 7.10 in Q4.

I have asked for an vmware workaround with older agent versions or horizon server but it looks it's related to ESET 7x.