I’ve had various random issues with some sites that use Citrix Profile Manager and Sophos AntiVirus, usually manifesting as corrupt user profiles. I logged an issue with Sophos but they weren’t too interested in investigating or resolving the issue so I’ve found the following two workarounds. Some customers only needed one of these workarounds, some needed both, so your mileage may vary.
In the Sophos Enterprise Console, under “Anti-virus and HIPS” edit the policy that applies to your XenDesktop and/or XenApp servers. Under the “Web Protection” box, set “Download Scanning” to off.
Disable the “Profile Streaming” and “Active Write Back” features of the Citrix Profile Manager, either via the INI file or Group Policy. Edit your policy containing the Profile Manager administrative template and settings, and navigate to Computer Configuration -> Policies -> Administrative Templates -> Citrix (if using the Profile Manager 4.1 ADMX template, otherwise Classic Administrative Templates -> Citrix) -> Profile Management. Change the “Active Write Back” setting to Disabled, then under “Streamed User Profiles” change the “Profile Streaming” setting to Disabled also.
I hope this information helps someone out, as I was unable to find any other references to this issue in Citrix or Sophos KBs, Citrix forums etc. It’s also possible that other AV products may cause the same behaviour, but I’m yet to see it. I’m not a fan of Sophos in general, and the performance of the product is that bad that one of my customers recommends turning off the on-acces scanning on file servers and running a nightly scan instead. Enough said I think!