Citrix has posted a great Citrix Antivirus recommendations blog. We here at ervik.as also have 2 blog posts that are 3-4 years old. We have added them with a summary of the original post by Citrix! Please find the links at the bottom!
WARNING! While we generally feel these configurations and exclusions provide the best balance between security and performance, please don’t forget that antivirus exclusions increase the attack surface of a system and might expose it to real security threats. Please note that Citrix does NOT recommend implementing any of these settings in production without first discussing them with your organization’s security teams and thoroughly testing and validating them in a test environment.
The following recommendations apply to all Citrix components:
- Set real-time scanning to scan local drives only and not network drives
- Disable scan on boot
- Remove any unnecessary antivirus related entries from the Run key
- Exclude the pagefile(s) from being scanned
- Exclude Windows event logs from being scanned
- Exclude IIS log files from being scanned
The following are the recommendations specific to each component:
StoreFront
2.0 – 2.5 |
Files:
- %ProgramFiles%\Citrix\Receiver StoreFront\Services\SubscriptionsStoreService
\**\PersistentDictionary.edb
Processes:
- %ProgramFiles%\Citrix\Receiver StoreFront\Services\SubscriptionsStoreService
\Citrix.DeliveryServices.ServiceHosting.WindowsServiceHost.exe
- %ProgramFiles%\Citrix\Receiver StoreFront\Services\CredentialWallet
\Citrix.DeliveryServices.CredentialWallet.ServiceHost.exe
|
StoreFront
2.6 – 3.7 |
Files:
- %SystemRoot%\ServiceProfiles\NetworkService\AppData\Roaming
\Citrix\SubscriptionsStore\**\PersistentDictionary.edb
Processes:
- %ProgramFiles%\Citrix\Receiver StoreFront\Services\SubscriptionsStoreService
\Citrix.DeliveryServices.SubscriptionsStore.ServiceHost.exe
- %ProgramFiles%\Citrix\Receiver StoreFront\Services\CredentialWallet
\Citrix.DeliveryServices.CredentialWallet.ServiceHost.exe
|
PVS Server |
Files:
- **\*.vhd
- **\*.avhd
- **\*.vhdx
- **\*.avhd
- %SystemRoot%\System32\drivers\CvhdBusP6.sys (Windows Server 2008)
- %SystemRoot%\System32\drivers\CVhdMp.sys (Windows Server 2012)
- %SystemRoot%\System32\drivers\CfsDep2.sys
- %ProgramData%\Citrix\Provisioning Services\Tftpboot\ARDBP32.BIN
Processes:
- %ProgramFiles%\Citrix\Provisioning Services\BNTFTP.EXE
- %ProgramFiles%\Citrix\Provisioning Services\StreamService.exe
- %ProgramFiles%\Citrix\Provisioning Services\StreamProcess.exe
- %ProgramFiles%\Citrix\Provisioning Services\soapserver.exe
|
PVS Target Device |
Files:
- **\*.vdiskcache
- **\vdiskdif.vhdx (7.x only)
- %SystemRoot%\System32\drivers\bnistack6.sys
- %SystemRoot%\System32\drivers\CfsDep2.sys
- %SystemRoot%\System32\drivers\CVhdBusP6.sys
- %SystemRoot%\System32\drivers\CVhdMp.sys (7.x only)
Processes:
- %ProgramFiles%\Citrix\PvsVm\Service\PvsVmAgent.exe
- %ProgramFiles%\Citrix\Personal vDisk\BIN\CTXPVD.exe (PvD and AppDisks only)
- %ProgramFiles%\Citrix\Personal vDisk\BIN\CTXPVDSVC.exe (PvD and AppDisks only)
|
XenApp / XenDesktop 7.x Controller |
Folders:
- %programdata%\Citrix\Broker\Cache (7.6+)
Processes:
- %ProgramFiles%\Citrix\Broker\Service\BrokerService.exe
|
XenApp / XenDesktop 7.x Server OS VDA |
Processes:
- %ProgramFiles%\Citrix\User Profile Manager\UserProfileManager.exe
- %ProgramFiles%\Citrix\Virtual Desktop Agent\BrokerAgent.exe
- %ProgramFiles%\Citrix\Personal vDisk\BIN\CTXPVD.exe (AppDisks only)
- %ProgramFiles%\Citrix\Personal vDisk\BIN\CTXPVDSVC.exe (AppDisks only)
- %SystemRoot%\System32\spoolsv.exe
- %SystemRoot%\System32\winlogon.exe
|
XenDesktop 7.x Client OS VDA |
Processes:
- %ProgramFiles%\Citrix\User Profile Manager\UserProfileManager.exe
- %ProgramFiles%\Citrix\Virtual Desktop Agent\BrokerAgent.exe
- %ProgramFiles%\Citrix\ICAService\picaSvc2.exe
- %ProgramFiles%\Citrix\ICAService\CpSvc.exe
- %ProgramFiles%\Citrix\Personal vDisk\BIN\CTXPVD.exe (PvD and AppDisks only)
- %ProgramFiles%\Citrix\Personal vDisk\BIN\CTXPVDSVC.exe (PvD and AppDisks only)
- %SystemRoot%\System32\spoolsv.exe
- %SystemRoot%\System32\winlogon.exe
|
XenApp 6.5 |
Files:
- %ProgramFiles(x86)%\Citrix\Independent Management Architecture\RadeOffline.mdb
- %ProgramFiles(x86)%\Citrix\Independent Management Architecture\imalhc.mdb
- %ProgramFiles(x86)%\Citrix\Citrix Resource Manager\LocalDB\RMLocalDatabase.mdb
Processes:
- %ProgramFiles%\Citrix\User Profile Manager\UserProfileManager.exe
- %ProgramFiles(x86)%\Citrix\System32\Citrix\Ima\ImaSrv.exe
- %ProgramFiles(x86)%\Citrix\System32\Citrix\Ima\IMAAdvanceSrv.exe
|
EdgeSight Agent |
Folders:
- %AllUsersProfile%\Application Data\Citrix\System Monitoring\Data
Processes:
- %ProgramFiles%\Citrix\System Monitoring\Agent\Core\rscorsvc.exe
- %ProgramFiles%\Citrix\System Monitoring\Agent\Core\Firebird\bin\fbserver.exe
|
EdgeSight Server |
Folders:
- %CommonProgramFiles(x86)%\Citrix\System Monitoring\Server\RSSH
- %ProgramFiles(x86)%\Citrix\System Monitoring\Server\EdgeSight\scripts\rssh
- %ProgramFiles(x86)%\Citrix\System Monitoring\Server\EdgeSight\Pages
- %ProgramFiles(x86)%\Microsoft SQL Server\MSSQL\Reporting Services
- %ProgramFiles%\Microsoft SQL Server\MSSQL\Data
- %SystemRoot%\SYSTEM32\Logfiles
|
Read the full Citrix blog post here
Also check out these Citrix Antivirus related posts right here:
Citrix Guidelines for Antivirus Software Configuration
Antivirus Guidelines for Citrix XenDesktop