RDS UDP Issues

Hi,

We have 3 x Established clients using 360 on RDS servers running on Windows server 2019 with UPD (User profile disks) enabled.

Both servers are failing to delete the local, cached copies of the profile with AD360 enabled. If we uninstall AD360 the problem disappears.

Has anyone else seen this?

Comments

  • Jorge_TorreJorge_Torre WatchGuard Representative
    edited September 2022

    Hi SMSystems,

    What protection version is installed in those machines?

    This is a known issue with protection versions 8.00.19.x and we have a hotfix which corrects this issue (Windows Defender must be disabled before applying it)

    If the protection version is 8.00.20.x, the issue may be caused by the Decoy files feature included in this version: https://info.pandasecurity.com/aether/?product=AD360&lang=en

    Regards,

    Jorge Torre Riaño | Technical Support
    WatchGuard Technologies, Inc. | www.watchguard.com
    Contact us: https://www.watchguard.com/wgrd-support/support-by-phone/all
    Tech Search: https://techsearch.watchguard.com/
    Feedback: https://www.watchguard.com/wgrd-support/feedback

  • @Jorge_Torre said:
    Hi SMSystems,

    What protection version is installed in those machines?

    This is a known issue with protection versions 8.00.19.x and we have a hotfix which corrects this issue (Windows Defender must be disabled before applying it)

    If the protection version is 8.00.20.x, the issue may be caused by the Decoy files feature included in this version: https://info.pandasecurity.com/aether/?product=AD360&lang=en

    Regards,

    Thank you - it's 8.0.20 in all cases so I will disable the the Decoy Files feature and feedback in here.

  • Hi,

    We have a similar 2019 RDS/UDP environment and are seeing the same issue. Also running v8.0.20 of EPDR. I've already disabled the decoy files setting on the relevant policies. We now have hundreds of wgua_critical_files left over in user profiles, presumably it's safe to just delete them all now?

  • David_CarroDavid_Carro WatchGuard Representative

    Hello, RadleaTom,

    If decoy files is disabled and you do still have the wgua_critical files folders, you can delete them, yes.

    David


    David Carro | Technical support
    WatchGuard Technologies, Inc. | www.watchguard.com

  • @David_Carro said:
    Hello, RadleaTom,

    If decoy files is disabled and you do still have the wgua_critical files folders, you can delete them, yes.

    David

    Hi David,
    Where users are synching their desktops to OneDrive they are regularly receiving notifications from OneDrive that they have deleted a bunch of these wgua files.

    It's uber annoying when users keep asking us about them.

    Can the file location be changed to prevent this happening?

  • David_CarroDavid_Carro WatchGuard Representative

    No It cannot be changed, but OneDrive can be setup so this files will not be sync with the cloud:

    OneDrive for Business:
    You can configure exceptions using group policies. https://docs.microsoft.com/en-us/onedrive/use-group-policy
    This would be the particular group policy item to configure: Exclude specific kinds of files from being uploaded
    This setting lets you enter keywords to prevent the OneDrive sync app (OneDrive.exe) from uploading certain files to OneDrive or SharePoint. You can enter complete names, such as "setup.exe" or use the asterisk () as a wildcard character to represent a series of characters, such as *.pst. Keywords aren't case-sensitive.
    If you enable this setting, the sync app doesn't upload new files that match the keywords you specified. No errors appear for the skipped files, and the files remain in the local OneDrive folder. You want to exclude wgua_critical_file.
    .

    Hope this helps.


    David Carro | Technical support
    WatchGuard Technologies, Inc. | www.watchguard.com

  • @David_Carro said:
    No It cannot be changed, but OneDrive can be setup so this files will not be sync with the cloud:

    OneDrive for Business:
    You can configure exceptions using group policies. https://docs.microsoft.com/en-us/onedrive/use-group-policy
    This would be the particular group policy item to configure: Exclude specific kinds of files from being uploaded
    This setting lets you enter keywords to prevent the OneDrive sync app (OneDrive.exe) from uploading certain files to OneDrive or SharePoint. You can enter complete names, such as "setup.exe" or use the asterisk () as a wildcard character to represent a series of characters, such as *.pst. Keywords aren't case-sensitive.
    If you enable this setting, the sync app doesn't upload new files that match the keywords you specified. No errors appear for the skipped files, and the files remain in the local OneDrive folder. You want to exclude wgua_critical_file.
    .

    Hope this helps.

    Thanks David but this isn't a viable solution. Many of the file extensions are in popular use so excluding them from file synch would create too many issues.

    Any other ideas?

  • David_CarroDavid_Carro WatchGuard Representative

    Hi, SMSytems

    But you do not want to exclude the extensions, but the filename:
    wgua_critical_file

    All the files on the folders start with the same name:
    https://wgt-my.sharepoint.com/:i:/g/personal/david_carro_watchguard_com/EYY9qtsEARdDg5CBTnK22NIBNAxcTkjwg9V0cO5lB2Mc1Q

    So just exclude the common name in all of them, and not the extensions

    Regards,

    David


    David Carro | Technical support
    WatchGuard Technologies, Inc. | www.watchguard.com

  • @David_Carro said:
    Hi, SMSytems

    But you do not want to exclude the extensions, but the filename:
    wgua_critical_file

    All the files on the folders start with the same name:
    https://wgt-my.sharepoint.com/:i:/g/personal/david_carro_watchguard_com/EYY9qtsEARdDg5CBTnK22NIBNAxcTkjwg9V0cO5lB2Mc1Q

    So just exclude the common name in all of them, and not the extensions

    Regards,

    David

    Sorry - I didn't spot that. Thank you :)

  • David_CarroDavid_Carro WatchGuard Representative

    Keep us informed, let us know if this solved your issue!
    ;)


    David Carro | Technical support
    WatchGuard Technologies, Inc. | www.watchguard.com

Sign In to comment.