Citrix Recommended Antivirus Exclusions

Alexander Ervik Johnsen Antivirus, Citrix, MCS, PVS, StoreFront, XenApp, XenDesktop 2016-12-02

XenApp 7.8, Secure Browser Edition

Citrix has posted a great Citrix Antivirus recommendations blog. We here at ervik.as also have 2 blog posts that are 3-4 years old. We have added them with a summary of the original post by Citrix! Please find the links at the bottom!

WARNING! While we generally feel these configurations and exclusions provide the best balance between security and performance, please don’t forget that antivirus exclusions increase the attack surface of a system and might expose it to real security threats. Please note that Citrix does NOT recommend implementing any of these settings in production without first discussing them with your organization’s security teams and thoroughly testing and validating them in a test environment.

The following recommendations apply to all Citrix components:

Set real-time scanning to scan local drives only and not network drives
Disable scan on boot
Remove any unnecessary antivirus related entries from the Run key
Exclude the pagefile(s) from being scanned
Exclude Windows event logs from being scanned
Exclude IIS log files from being scanned

The following are the recommendations specific to each component:

StoreFront 2.0 – 2.5	Files: %ProgramFiles%\Citrix\Receiver StoreFront\Services\SubscriptionsStoreService \**\PersistentDictionary.edb Processes: %ProgramFiles%\Citrix\Receiver StoreFront\Services\SubscriptionsStoreService \Citrix.DeliveryServices.ServiceHosting.WindowsServiceHost.exe %ProgramFiles%\Citrix\Receiver StoreFront\Services\CredentialWallet \Citrix.DeliveryServices.CredentialWallet.ServiceHost.exe
StoreFront 2.6 – 3.7	Files: %SystemRoot%\ServiceProfiles\NetworkService\AppData\Roaming \Citrix\SubscriptionsStore\**\PersistentDictionary.edb Processes: %ProgramFiles%\Citrix\Receiver StoreFront\Services\SubscriptionsStoreService \Citrix.DeliveryServices.SubscriptionsStore.ServiceHost.exe %ProgramFiles%\Citrix\Receiver StoreFront\Services\CredentialWallet \Citrix.DeliveryServices.CredentialWallet.ServiceHost.exe
PVS Server	Files: *\.vhd *\.avhd *\.vhdx *\.avhd %SystemRoot%\System32\drivers\CvhdBusP6.sys (Windows Server 2008) %SystemRoot%\System32\drivers\CVhdMp.sys (Windows Server 2012) %SystemRoot%\System32\drivers\CfsDep2.sys %ProgramData%\Citrix\Provisioning Services\Tftpboot\ARDBP32.BIN Processes: %ProgramFiles%\Citrix\Provisioning Services\BNTFTP.EXE %ProgramFiles%\Citrix\Provisioning Services\StreamService.exe %ProgramFiles%\Citrix\Provisioning Services\StreamProcess.exe %ProgramFiles%\Citrix\Provisioning Services\soapserver.exe
PVS Target Device	Files: *\.vdiskcache **\vdiskdif.vhdx (7.x only) %SystemRoot%\System32\drivers\bnistack6.sys %SystemRoot%\System32\drivers\CfsDep2.sys %SystemRoot%\System32\drivers\CVhdBusP6.sys %SystemRoot%\System32\drivers\CVhdMp.sys (7.x only) Processes: %ProgramFiles%\Citrix\PvsVm\Service\PvsVmAgent.exe %ProgramFiles%\Citrix\Personal vDisk\BIN\CTXPVD.exe (PvD and AppDisks only) %ProgramFiles%\Citrix\Personal vDisk\BIN\CTXPVDSVC.exe (PvD and AppDisks only)
XenApp / XenDesktop 7.x Controller	Folders: %programdata%\Citrix\Broker\Cache (7.6+) Processes: %ProgramFiles%\Citrix\Broker\Service\BrokerService.exe
XenApp / XenDesktop 7.x Server OS VDA	Processes: %ProgramFiles%\Citrix\User Profile Manager\UserProfileManager.exe %ProgramFiles%\Citrix\Virtual Desktop Agent\BrokerAgent.exe %ProgramFiles%\Citrix\Personal vDisk\BIN\CTXPVD.exe (AppDisks only) %ProgramFiles%\Citrix\Personal vDisk\BIN\CTXPVDSVC.exe (AppDisks only) %SystemRoot%\System32\spoolsv.exe %SystemRoot%\System32\winlogon.exe
XenDesktop 7.x Client OS VDA	Processes: %ProgramFiles%\Citrix\User Profile Manager\UserProfileManager.exe %ProgramFiles%\Citrix\Virtual Desktop Agent\BrokerAgent.exe %ProgramFiles%\Citrix\ICAService\picaSvc2.exe %ProgramFiles%\Citrix\ICAService\CpSvc.exe %ProgramFiles%\Citrix\Personal vDisk\BIN\CTXPVD.exe (PvD and AppDisks only) %ProgramFiles%\Citrix\Personal vDisk\BIN\CTXPVDSVC.exe (PvD and AppDisks only) %SystemRoot%\System32\spoolsv.exe %SystemRoot%\System32\winlogon.exe
XenApp 6.5	Files: %ProgramFiles(x86)%\Citrix\Independent Management Architecture\RadeOffline.mdb %ProgramFiles(x86)%\Citrix\Independent Management Architecture\imalhc.mdb %ProgramFiles(x86)%\Citrix\Citrix Resource Manager\LocalDB\RMLocalDatabase.mdb Processes: %ProgramFiles%\Citrix\User Profile Manager\UserProfileManager.exe %ProgramFiles(x86)%\Citrix\System32\Citrix\Ima\ImaSrv.exe %ProgramFiles(x86)%\Citrix\System32\Citrix\Ima\IMAAdvanceSrv.exe
EdgeSight Agent	Folders: %AllUsersProfile%\Application Data\Citrix\System Monitoring\Data Processes: %ProgramFiles%\Citrix\System Monitoring\Agent\Core\rscorsvc.exe %ProgramFiles%\Citrix\System Monitoring\Agent\Core\Firebird\bin\fbserver.exe
EdgeSight Server	Folders: %CommonProgramFiles(x86)%\Citrix\System Monitoring\Server\RSSH %ProgramFiles(x86)%\Citrix\System Monitoring\Server\EdgeSight\scripts\rssh %ProgramFiles(x86)%\Citrix\System Monitoring\Server\EdgeSight\Pages %ProgramFiles(x86)%\Microsoft SQL Server\MSSQL\Reporting Services %ProgramFiles%\Microsoft SQL Server\MSSQL\Data %SystemRoot%\SYSTEM32\Logfiles

Read the full Citrix blog post here

Also check out these Citrix Antivirus related posts right here:

Citrix Guidelines for Antivirus Software Configuration

Antivirus Guidelines for Citrix XenDesktop

Citrix Recommended Antivirus Exclusions

Also check out these Citrix Antivirus related posts right here:

Related Posts

Citrix positioned as a Leader in the 2019-2020 IDC MarketScape for VCC

Citrix HDX for Dummies Free eBook version 2.5

How to Anticipate Citrix End-User Performance Issues with Embedded Intelligence and Automation

Citrix Optimizer 2.0.0.109

Citrix Receiver 4.x vs Citrix Workspace app 1808