The Trend Micro OfficeScan AEGIS engine may cause a desktop not to load during logon, resulting in a black screen with only the mouse cursor visible. The process explorer.exe is not loaded, nor can it be loaded through Task Manager.
The problem usually occurs on provisioned desktops, either through VDI (VMWare View) or some other 3rd party management solution (Dell Kace, etc). Various components of these solutions hook into key Windows components (Winlogon, Explorer extensions, etc), and are then being blocked by the Trend Micro Behavioral Analysis service (the AEGIS-engine).
A workaround is to either whitelist all the components, but this is often not a straight-forward solution. Another more attainable method is to work around the issue by disabling the Trend Micro AEGIS engine altogether.
Push the changes to the clients:
To verify that AEGIS is turned off, open services.msc, look for the service Trend Micro Unauthorized Change Prevention Service, and check: