Citrix Recommended Antivirus Exclusions

XenApp 7.8, Secure Browser Edition

Citrix has posted a great Citrix Antivirus recommendations blog. We here at ervik.as also have 2 blog posts that are 3-4 years old. We have added them with a summary of the original post by Citrix! Please find the links at the bottom!

WARNING! While we generally feel these configurations and exclusions provide the best balance between security and performance, please don’t forget that antivirus exclusions increase the attack surface of a system and might expose it to real security threats. Please note that Citrix does NOT recommend implementing any of these settings in production without first discussing them with your organization’s security teams and thoroughly testing and validating them in a test environment.

 

The following recommendations apply to all Citrix components:

  • Set real-time scanning to scan local drives only and not network drives
  • Disable scan on boot
  • Remove any unnecessary antivirus related entries from the Run key
  • Exclude the pagefile(s) from being scanned
  • Exclude Windows event logs from being scanned
  • Exclude IIS log files from being scanned

The following are the recommendations specific to each component:

StoreFront
2.0 – 2.5
Files:

  • %ProgramFiles%\Citrix\Receiver StoreFront\Services\SubscriptionsStoreService
    \**\PersistentDictionary.edb

Processes:

  • %ProgramFiles%\Citrix\Receiver StoreFront\Services\SubscriptionsStoreService
    \Citrix.DeliveryServices.ServiceHosting.WindowsServiceHost.exe
  • %ProgramFiles%\Citrix\Receiver StoreFront\Services\CredentialWallet
    \Citrix.DeliveryServices.CredentialWallet.ServiceHost.exe
StoreFront
2.6 – 3.7
Files:

  • %SystemRoot%\ServiceProfiles\NetworkService\AppData\Roaming
    \Citrix\SubscriptionsStore\**\PersistentDictionary.edb

Processes:

  • %ProgramFiles%\Citrix\Receiver StoreFront\Services\SubscriptionsStoreService
    \Citrix.DeliveryServices.SubscriptionsStore.ServiceHost.exe
  • %ProgramFiles%\Citrix\Receiver StoreFront\Services\CredentialWallet
    \Citrix.DeliveryServices.CredentialWallet.ServiceHost.exe
PVS Server Files:

  • **\*.vhd
  • **\*.avhd
  • **\*.vhdx
  • **\*.avhd
  • %SystemRoot%\System32\drivers\CvhdBusP6.sys (Windows Server 2008)
  • %SystemRoot%\System32\drivers\CVhdMp.sys (Windows Server 2012)
  • %SystemRoot%\System32\drivers\CfsDep2.sys
  • %ProgramData%\Citrix\Provisioning Services\Tftpboot\ARDBP32.BIN

Processes:

  • %ProgramFiles%\Citrix\Provisioning Services\BNTFTP.EXE
  • %ProgramFiles%\Citrix\Provisioning Services\StreamService.exe
  • %ProgramFiles%\Citrix\Provisioning Services\StreamProcess.exe
  • %ProgramFiles%\Citrix\Provisioning Services\soapserver.exe
PVS Target Device Files:

  • **\*.vdiskcache
  • **\vdiskdif.vhdx (7.x only)
  • %SystemRoot%\System32\drivers\bnistack6.sys
  • %SystemRoot%\System32\drivers\CfsDep2.sys
  • %SystemRoot%\System32\drivers\CVhdBusP6.sys
  • %SystemRoot%\System32\drivers\CVhdMp.sys (7.x only)

Processes:

  • %ProgramFiles%\Citrix\PvsVm\Service\PvsVmAgent.exe
  • %ProgramFiles%\Citrix\Personal vDisk\BIN\CTXPVD.exe (PvD and AppDisks only)
  • %ProgramFiles%\Citrix\Personal vDisk\BIN\CTXPVDSVC.exe (PvD and AppDisks only)
XenApp / XenDesktop 7.x Controller Folders:

  • %programdata%\Citrix\Broker\Cache (7.6+)

Processes:

  • %ProgramFiles%\Citrix\Broker\Service\BrokerService.exe
XenApp / XenDesktop 7.x Server OS VDA Processes:

  • %ProgramFiles%\Citrix\User Profile Manager\UserProfileManager.exe
  • %ProgramFiles%\Citrix\Virtual Desktop Agent\BrokerAgent.exe
  • %ProgramFiles%\Citrix\Personal vDisk\BIN\CTXPVD.exe (AppDisks only)
  • %ProgramFiles%\Citrix\Personal vDisk\BIN\CTXPVDSVC.exe (AppDisks only)
  • %SystemRoot%\System32\spoolsv.exe
  • %SystemRoot%\System32\winlogon.exe
XenDesktop 7.x Client OS VDA Processes:

  • %ProgramFiles%\Citrix\User Profile Manager\UserProfileManager.exe
  • %ProgramFiles%\Citrix\Virtual Desktop Agent\BrokerAgent.exe
  • %ProgramFiles%\Citrix\ICAService\picaSvc2.exe
  • %ProgramFiles%\Citrix\ICAService\CpSvc.exe
  • %ProgramFiles%\Citrix\Personal vDisk\BIN\CTXPVD.exe (PvD and AppDisks only)
  • %ProgramFiles%\Citrix\Personal vDisk\BIN\CTXPVDSVC.exe (PvD and AppDisks only)
  • %SystemRoot%\System32\spoolsv.exe
  • %SystemRoot%\System32\winlogon.exe
XenApp 6.5 Files:

  • %ProgramFiles(x86)%\Citrix\Independent Management Architecture\RadeOffline.mdb
  • %ProgramFiles(x86)%\Citrix\Independent Management Architecture\imalhc.mdb
  • %ProgramFiles(x86)%\Citrix\Citrix Resource Manager\LocalDB\RMLocalDatabase.mdb

Processes:

  • %ProgramFiles%\Citrix\User Profile Manager\UserProfileManager.exe
  • %ProgramFiles(x86)%\Citrix\System32\Citrix\Ima\ImaSrv.exe
  • %ProgramFiles(x86)%\Citrix\System32\Citrix\Ima\IMAAdvanceSrv.exe
EdgeSight Agent Folders:

  • %AllUsersProfile%\Application Data\Citrix\System Monitoring\Data

Processes:

  • %ProgramFiles%\Citrix\System Monitoring\Agent\Core\rscorsvc.exe
  • %ProgramFiles%\Citrix\System Monitoring\Agent\Core\Firebird\bin\fbserver.exe
EdgeSight Server Folders:

  • %CommonProgramFiles(x86)%\Citrix\System Monitoring\Server\RSSH
  • %ProgramFiles(x86)%\Citrix\System Monitoring\Server\EdgeSight\scripts\rssh
  • %ProgramFiles(x86)%\Citrix\System Monitoring\Server\EdgeSight\Pages
  • %ProgramFiles(x86)%\Microsoft SQL Server\MSSQL\Reporting Services
  • %ProgramFiles%\Microsoft SQL Server\MSSQL\Data
  • %SystemRoot%\SYSTEM32\Logfiles

Read the full Citrix blog post here

Also check out these Citrix Antivirus related posts right here:

Citrix Guidelines for Antivirus Software Configuration

Antivirus Guidelines for Citrix XenDesktop