With many items available on CTX antivirus exclusions, and a couple of great blogs on antivirus exclusions, antivirus guidelines Citrix are back! Nick Rintalan and PVS and antivirus exclusions forgotten by Dimitrios Samorgiannidis, I decided to create a consolidated list of recommended antivirus exclusions in a Citrix environment.
WARNING! This article contains antivirus exclusions. It is important to understand that antivirus exclusions and optimizations increase the attack surface of a system and can expose computers to a variety of threats to real security. However, the following guidelines generally represent the best compromise between security and performance. Citrix does not recommend implementing any of these exclusions or optimizations to rigorous testing was conducted in a lab environment to understand the tradeoffs between security and performance. Citrix also recommends that organizations engage their antivirus and security teams to consider the following guidelines prior to any production deployment type
General Antivirus Recommendations :.
The following list contains general antivirus recommendations that should be considered before applying any kind of exclusion or optimizations:
- If organizations choose to exclude files or folders in the real-time or on-access, Citrix recommends scanning the files and folders excluded on a regular basis using scheduled scans. It is recommended to perform scheduled scans during non-business or non-peak hours to minimize any potential impact on performance.
- integrity of excluded files and folders should be maintained at all times. Organizations should consider taking advantage of monitoring the integrity of business files or host intrusion prevention solution to protect the integrity of files and folders that have been excluded from real-time or on access. Note that the database and log files should not be included in this type of monitoring data integrity, because these files are subject to change.
- If a complete dossier must be excluded from real-time or on-access scanning, Citrix recommends monitoring very closely the creation of new files in excluded folders
the following antivirus exclusions should be applied to all Citrix infrastructure servers :.
Scan Set in real time to analyze local drives only, not network drives
Disable boot-time scan
Delete any unnecessary antivirus related inputs the key Run
Exclude the pagefile (s) to be scanned
Exclude the IIS log files are scanned
Exclude Windows event logs from in scanning over
This is the recommended antivirus exclusions, Citrix product:
| Manager Citrix & StoreFront | Director and StoreFront: inetpub temp IIS Temporary Compressed Files Windows system32 inetsrv w3wp.exe Windows SysWOW64 inetsrv w3wp.exe StoreFront: Program Files Citrix Receiver StoreFront services SubscriptionsStoreService |
| Citrix Profile Manager | Agent: not analyze on open operations or status control UserProfileManager.exe |
| EdgeSight | Agent: Program Files Citrix System Monitoring Agent Core rscorsvc.exe Program Files Citrix System Monitoring Agent Core Firebird bin fbserver .exe server: CommonProgramFiles Citrix System Monitoring server rssh Program Files Citrix System Monitoring server EdgeSight scripts rssh Program Files Citrix System Monitoring Server EdgeSight Pages Program Files Microsoft SQL Server MSSQL Reporting services Program Files Microsoft SQL Server MSSQL Data SystemRoot System32 Logfiles |
| Provisioning services | server: Exclude scanning the local vDisk Store Windows System32 drivers CvhdBusP6.sys (Windows server 08) Windows System32 drivers CVhdMp.sys (Windows Server 2012) Windows System32 drivers CfsDep2.sys Program Files Citrix Provisioning services BNTFTP.EXE ProgramData Citrix Provisioning services tftpboot ARDBP32.BIN Program Files Citrix Provisioning services StreamService.exe Program Files Citrix Provisioning services StreamProcess.exe Program Files Citrix Provisioning services soapserver.exe Target: Exclude scanning the write cache Program Files Citrix Provisioning services BNDevice.exe Windows System32 drivers bnistack6.sys Program Files Citrix Provisioning services TargetOSOptimizer.exe Windows System32 drivers CfsDep2.sys Windows System32 drivers CVhdBusP6.sys Target - personal vDisk: CTXPVD.exe CTXPVDSVC.exe Program Files Citrix Personal vDisk BIN Win7 |
| XenApp | controller Windows system32 csrss.exe Windows system32 winlogon.exe Windows system32 userinit.exe Windows system32 smss.exe Program Files Citrix Group Policy Client-Side Extension CitrixCseEngine.exe Program Files (x86) Citrix System32 wfshell.exe Program Files (x86) Citrix system32 ctxxmlss.exe Program Files (x86) Citrix System32 CtxSvcHost.exe Program Files (x86) Citrix system32 mfcom. exe Program Files (x86) Citrix System32 Citrix IMA ImaSrv.exe Program Files (x86) Citrix System32 Citrix IMA IMAAdvanceSrv.exe Program Files (x86) Citrix HealthMon HCAService.exe Program Files (x86) Citrix streaming Client RadeSvc.exe Program Files ( x86) Citrix streaming Client RadeHlprSvc.exe Program Files (x86) Citrix Independent Management architecture RadeOffline.mdb Program Files (x86) Citrix Independent Management architecture Imalhc.mdb Host session: Windows system32 spoolsv.exe Windows system32 csrss.exe Windows system32 winlogon.exe Windows system32 userinit.exe Windows system32 smss.exe Program Files Citrix Group Policy Client-Side Extension CitrixCseEngine.exe Program Files (x86) Citrix System32 wfshell.exe Program Files (x86) Citrix system32 CpSvc.exe Program Files (x86) Citrix System32 CtxSvcHost.exe Program Files (x86) Citrix system32 mfcom.exe Program Files (x86) Citrix System32 Citrix IMA ImaSrv.exe Program Files (x86) Citrix System32 Citrix IMA IMAAdvanceSrv.exe Program Files (x86) Citrix HealthMon HCAService.exe Program Files (x86) Citrix streaming Client RadeSvc.exe Program Files (x86) Citrix streaming Client RadeHlprSvc.exe Program Files (x86) Citrix XTE bin XTE.exe Program Files (x86) Citrix Independent Management architecture RadeOffline.mdb % AppData% ICA Client Cache (if using pass-through authentication) |
| XenClient | Synchronizer: Program Files Citrix Synchronizer |
| XenDesktop | controller: Windows system32 csrss.exe Windows system32 winlogon.exe Windows system32 userinit.exe Windows system32 smss.exe Controller - pre-XenDesktop 7.x Program Files Citrix Group Policy Client-Side Extension CitrixCseEngine.exe Program Files (x86) Citrix System32 wfshell.exe Program Files (x86) Citrix system32 ctxxmlss.exe Program Files ( x86) Citrix System32 CtxSvcHost.exe Program Files (x86) Citrix system32 mfcom.exe Windows Server OS machines - XenDesktop 7.x : Windows system32 spoolsv.exe Windows system32 csrss.exe Windows system32 winlogon.exe Windows system32 userinit.exe Windows system32 smss.exe Program Files Citrix Group Policy Client-Side Extension CitrixCseEngine.exe Program Files (x86) Citrix System32 wfshell.exe Program Files (x86) Citrix system32 CpSvc.exe Program Files (x86) Citrix System32 CtxSvcHost .exe |
For more information on antivirus exclusions, please reference the following articles:
Citrix profile management - profile management 5.x - eDocs
EdgeSight - CTX111062, CTX11406
Provisioning services - CTX124185
XenApp - CTX127030
Windows - Microsoft Blogs Technet
In addition, I would like to thank the Citrix following consultants for their contributions: Nick Rintalan Andy Winiarski Sarah Steinhoff Beau Dolinsky, Kavish Nursimulu, Hanny Tadros, Kevin Chan, Danielle Vaughan, Dan Allen Tom Reed, Felipe Bernal, Michael Shuster, and Pablo Legorreta.
Thanks,
Steven Krueger
Citrix Consulting
0 Komentar