Citrix Support has observed that this is caused by SEP creating the following registry key during a scheduled or on demand Scan of the system after the above definition file has been loaded:
HKEY_USERSS-1-5-20_Classes
The existence of the above key is not a problem however SEP creates this key with no permissions for the built in Network Service Windows account (which is user S-1-5-20). Windows Services (including Citrix ones) that run under the context of the Network Service will fail to enumerate the contents of the key and exhibit the problems described above.
Rebooting the VDA will clear the key but it will be re-created on the next scan (scheduled or manual) from SEP.
You could alter the permissions of the key to include Full Control for Network Service however this is only a temporary solution as you would have to do it after every reboot after the key is created.