Based on Citrix Consulting’s field experience, it is recommended to configure antivirus software on XenApp servers with the settings below. While these optimizations and exclusions have been known to increase the attack surface of a computer, these settings represent the best tradeoff between security and performance. It should be noted that these configurations have been implemented in production environments by several enterprise customers.

Scan on write events or only when files are modified*
Scan local drives or disable network scanning
Exclude the pagefile(s) from being scanned
Exclude the Print Spooler directory to improve printing performance
Exclude the \Program Files\Citrix directory** (the heavily accessed Application Streaming “RadeCache”, Local Host Cache, and Resource Manager Summary Database reside here)
Remove any unnecessary antivirus related entries from the ‘Run’ key to improve performance (HKLM\Software\Microsoft\Windows\Current Version\Run)
If pass-through authentication is being used (for example in a XenDesktop or Shared Hosted desktop scenario), exclude the XenApp Online Plug-in bitmap cache directory (typically %AppData%\ICAClient\Cache)
If using the streamed user profile feature of Citrix Profile management, ensure the antivirus solution is configured to be aware of Hierarchical Storage Manager (HSM) drivers. For more information, please refer to Profile Streaming and Enterprise Antivirus Products

Click here to read more ( may require a valid mycitrix.com account )