1 person found this helpful
For DirectFlex, the DEM agent keeps track of the launches and exits of the configured DirectFlex-enabled executables. At the launch of the first instance we perform the import, and after the exit of the last one we perform the export. In some cases the DEM agent "misses" an exit, which means that the export won't be triggered when the last instance exits. As you've seen, this is picked up during the path-based export at logoff.
Chrome is a good example of an application where we don't see all application exits, as some of its child instances run inside Windows jobs that can be terminated in a way that's invisible to our bookkeeping mechanism.
Third-party security software might also affect this, although I would expect that would then apply to all applications equally... Still, just in case that you're using Symantec Endpoint Protection, be sure to check out the Symantec Endpoint Protection DirectFlex export fix advanced setting (described in KB 2145286 for Group Policy configuration, and KB 2148324 for NoAD mode.)
For completeness: I can't imagine that the behavior you're seeing in your environment is due to a recent DEM version (as you already indicated), as the underlying logic hasn't changed for quite a while.
I could chalk it up to Chrome not closing out all of its processes if it was just Chrome, but Firefox, Adobe Acrobat Reader 2017 Visual Studio Code (at least) all have the same issue and it doesn't sometimes work, it never works at application close. Also, back like a year ago I set up Chrome and I explicitly set the "Continue running background apps when Google Chrome is closed" policy to off so that the process ended at the close of Chrome and tested UEM (at the time) and it most definitely was capturing the profile when Chrome was closed. Now I can't really say exactly when this started but this is definitely not something that has been going on forever.
Oh and we run agent less antivirus so I highly doubt that would be the issue.