Gompels

Thanks for the suggestion @ak01 , yes we whitelist ntuser.* which changed the error from ‘KAV is locking the user hive’ to ‘unspecified error’. I have found disabling self-defence is not a complete fix -- sometimes users logging in on affected PCs are still prevented. An occasional fix is to retry logging in ‘until it works’. A more concrete fix is to login with the local admin account and delete the user profile, which guarantees next login works but subsequent logins can still fail. This is a shared mandatory profile that is causing the issue -- I suspect it something in it is causing issues but not sure what. The issue also appears to occur predominately at a small remote branch, our head office only has one PC exhibiting these problems. All the PCs are new and were imaged from the same WDS/MDT image with W10 20H2. The only other potential factor is the head-office had KAV deployed before the remote branch, potential timing with a windows update?

Not sure if it exactly the same cause, but a large number, but not all, of our machines are suffering the same problem on Windows 10 Build 19042.928 running KES 11.6.0.394, The event-log entry for the user-profile service lists KAV as locking the user profile. Whitelisting NTUSER.dat simply changes the event log entry to ‘unspecified error’. Looking at KAV there are entries for ‘operation with application resources is blocked by Self-Defense’. Disabling Self-Defense and then deleting the (corrupted) local copy of the roaming profile allows users to log-in again. This only seems to apply to our mandatory profiles. While we can run without Self-Defense, this seems less than ideal, can anyone offer any advice?