Hi! I‘ve been troubleshooting this with Trend Micro. The lock does not happen in the DSVA, so Trend Micro suspects that the lock is in the Guest Introspection appliance and want’s us to do a trace with VMware, so I would recommmend you to do the same.

With Agent based protection, Files OnDemand has worked fine on Horizon 7.9, Windows 10 1809 non-persistant VDI without any caching and App Volumes 2.15

KjellO​

Thanks. I'll submit a SR with VMWare. Are you willing to share your SR number so I can reference it?

KjellO​

Our partner has opened a support request with VMware (SR 20116382604). They collected logs yesterday and are now investigating those.

Hi! Due to the situation with COVID-19, I've not had the capasity to start troubleshooting with VMware, hope you find a solution!

/Kjell

This is the answer from VMware support. I don't have any experience with TrendMicro nor do I have access to it, so I'm not sure what they mean by this. Our partner will open a case with TrendMicro too.

“Possible root cause of the issue what you observing is because filter rules were not applied. Directory was not present when filter rules were applied.

We currently do not support applying filter rules by matching regular expression strings and Partners need to apply those filters at their end.
Since most of the paths had regular expression () (for all users) while attempting exclusion like follows:

2020-04-16T08:47:01.418Z| vcpu-1| I125: Guest: vsep: DEBUG: QueryCommandLine : Commandline: "C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe" /background

Some test that we can also perform is to install OneDrive on other location. For example - "C:\Users\OneDrive\

Could you please open a ticket with trend micro and request them to review the logs? I am requesting this as the actions performed by guest introspection are pushed by Trend Micro usually.”

Hi KjellO, RTrigger

Onedrive (with file-on demand) issue with App Volumes has been resolved in 2.18.2 release.

Please download it : Download VMware App Volumes

Evidence:

VMware App Volumes 2.18.2 Release Notes

Please mark the reply as helpful/correct if it address your issue.

Thanks Shreyskar​

The release notes state this is occurring with writable volumes. I am not using writable volumes.

Are you stating that 2.18.2 also resolves the issue with OneDrive FOD and Office365 on an AppStack?

Thank you.

Hi RTrigger

The release note mentions about the fix that only applies if onedrive FOD breaks with writable volume.

However you can still test with appvolumes agent 2.18.2.

Unfortunately AppVolumes 2.18.2 did not resolve my issue in LAB.

I was able to use OneDrive Files On Demand with LibreOffice in an AppStack by adding the soffice.exe, swriter.exe and scacl.exe to "HookInjectionWhitelist" located in [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\svdriver\Parameters].

Thats interesting about the introspection,thanks

They seemed to have fixed this in app volumes 2.18.2 FYI for anyone reading this thread

Hi,

Trend said the same about Guest Introspection not supporting regex-exclusions and that we should open a ticket with VMware, so you end up in cicles. VMware is investigating the OneDrive issues, so I hope they not send me back to Trend support :smileygrin:

As a backup solution, I've setup a VDI image with the Deep Security Windows Agent, and that is working much better, and with combined mode you could easily setup policies for the VDI's you want to use either Appliance based protection, or Agent based protection.

/Kjell

So we came across this issue in our persistent Windows 10 1909 image with Deep Security protection. Sure enough, if you disable the DSVA protection, all good. Naturally, that doesn't work. I see in this post that you mention using the "/allusers" switch should resolve that? Am I reading it right? We've tried that and it's still no go.

Steps in order:

1. Provisioned the new Horizon Windows 10 persistent VM (has OneDrive w/ allusers switch installed in the base).
2. Login with my AD account and let Windows create the profile.
3. Verify the DSVA protection is active.
4. Login to OneDrive.

With those steps, the OneDrive process starts but eventually hits that wall of processing where it just hangs explorer.

I should note we are NOT using App Volumes or RDSH. OneDrive is installed thick within the VM.

Thanks in advance.

-Ed

Hi,

You need to exclude files accessed by OneDrive, or you will experience these issues, but since Guest Introspection don't handle exclusions with wildcards, the exclusions don't work.

For example, with OneDrive you would like to exclude this path: C:\Users\*\OneDrive*\, and to make that work with Deep Security, you will need to install the Agent which handles wildcards without problem.

You could also raise the issue to VMware, perhaps if they get more SR they will figure out how to implement it in Guest Introspection.

Kind regards

Kjell Øyvind

Small update on our case:

Yesterday, I've created a new policy from scratch in DeepSecurity containing only the recommended exclusions for Horizon. I tested OneDrive with that policy and it worked! I couldn't believe it, so I tested again and again and again (setting a onedrive folder to keep offline and then setting the clear space for that folder again, so onedrive does a download and clears space is a good test I've noticed). It just worked. I then logged on with the same user to another desktop with the same DeepSecurity policy and it blocked immediately. Logged back on to the previous desktop and it still worked... Then I reverted back to the old Deep Security policy, and it kept working!? Tried again and again, but still it kept working. Just as I was about to notify our partner about this, it just stopped working... 😞

Our partner, who is communicating with Trend Micro about this, said they were close to a solution, so as soon as I have more information, I'll update this thread.

KjellO​, I understand that excluding the OneDrive folder might be a solution (using the agent then), but I'm not sure I really want that. What if one user has malware on his onedrive?

Regards.