MY VIRTUALIZATION. YOUR VIRTUALIZATION.

Citrix-Antivirus-List-Exclusions.jpg

Citrix Recommended List of Antivirus Exclusions

Abdoulaye WAGUE May 11, 2017

General recommendations for Windows servers running Citrix components

  • Set real-time scanning to scan on write operations only and not on read/access
  • Set real-time scanning to scan local drives only and not network drives
  • Disable scan on boot
  • Remove any unnecessary antivirus related entries from the Run key
  • Exclude the pagefile(s) from being scanned
  • Exclude IIS log files from being scanned
  • Exclude Windows event logs from being scanned

Citrix ProductAntivirus Exclusions
XenAppController:

%windir%\system32\csrss.exe
%windir%\system32\winlogon.exe
%windir%\system32\userinit.exe
%windir%\system32\smss.exe
%ProgramFiles(x86)%\Citrix\Group Policy\Client-Side Extension\CitrixCseEngine.exe
%ProgramFiles(x86)%\Citrix\System32\wfshell.exe
%ProgramFiles(x86)%\Citrix\system32\ctxxmlss.exe
%ProgramFiles(x86)%\Citrix\System32\CtxSvcHost.exe
%ProgramFiles(x86)%\Citrix\system32\mfcom.exe
%ProgramFiles(x86)%\Citrix\System32\Citrix\Ima\ImaSrv.exe
%ProgramFiles(x86)%\Citrix\System32\Citrix\Ima\IMAAdvanceSrv.exe
%ProgramFiles(x86)%\Citrix\HealthMon\HCAService.exe
%ProgramFiles(x86)%\Citrix\Streaming Client\RadeSvc.exe
%ProgramFiles(x86)%\Citrix\Streaming Client\RadeHlprSvc.exe
%ProgramFiles(x86)%\Citrix\Independent Management Architecture\RadeOffline.mdb
%ProgramFiles(x86)%\Citrix\Independent Management Architecture\imalhc.mdb

Session Host:

%windir%\system32\spoolsv.exe
%windir%\system32\csrss.exe
%windir%\system32\winlogon.exe
%windir%\system32\userinit.exe
%windir%\system32\smss.exe
%ProgramFiles%\Citrix\Group Policy\Client-Side Extension\CitrixCseEngine.exe
%ProgramFiles(x86)%\Citrix\System32\wfshell.exe
%ProgramFiles(x86)%\Citrix\system32\CpSvc.exe
%ProgramFiles(x86)%\Citrix\System32\CtxSvcHost.exe
%ProgramFiles(x86)%\Citrix\system32\mfcom.exe
%ProgramFiles(x86)%\Citrix\System32\Citrix\Ima\ImaSrv.exe
%ProgramFiles(x86)%\Citrix\System32\Citrix\Ima\IMAAdvanceSrv.exe
%ProgramFiles(x86)%\Citrix\HealthMon\HCAService.exe
%ProgramFiles(x86)%\Citrix\Streaming Client\RadeSvc.exe
%ProgramFiles(x86)%\Citrix\Streaming Client\RadeHlprSvc.exe
%ProgramFiles(x86)%\Citrix\XTE\bin\XTE.exe
%ProgramFiles(x86)%\Citrix\Independent Management Architecture\RadeOffline.mdb
%AppData%\ICAClient\Cache (if using pass-through authentication)
XenDesktopController:

%windir%\system32\csrss.exe
%windir%\system32\winlogon.exe
%windir%\system32\userinit.exe
%windir%\system32\smss.exe

Controller – pre-XenDesktop 7.x:

%ProgramFiles%\Citrix\Group Policy\Client-Side Extension\CitrixCseEngine.exe
%ProgramFiles(x86)%\Citrix\System32\wfshell.exe
%ProgramFiles(x86)%\Citrix\system32\ctxxmlss.exe
%ProgramFiles(x86)%\Citrix\System32\CtxSvcHost.exe
%ProgramFiles(x86)%\Citrix\system32\mfcom.exe

Windows Server OS Machines – XenDesktop 7.x:

%windir%\system32\spoolsv.exe
%windir%\system32\csrss.exe
%windir%\system32\winlogon.exe
%windir%\system32\userinit.exe
%windir%\system32\smss.exe
%ProgramFiles%\Citrix\Group Policy\Client-Side Extension\CitrixCseEngine.exe
%ProgramFiles(x86)%\Citrix\System32\wfshell.exe
%ProgramFiles(x86)%\Citrix\system32\CpSvc.exe
%ProgramFiles(x86)%\Citrix\System32\CtxSvcHost.exe
Citrix Director & Storefront\inetpub\temp\IIS Temporary Compressed Files
%windir%\system32\inetsrv\w3wp.exe
%windir%\SysWOW64\inetsrv\w3wp.exe

StoreFront:

%ProgramFiles%\Citrix\Receiver StoreFront\Services\SubscriptionsStoreService
Citrix Profile ManagerAgent:

Do not scan on open or status-check operations

%ProgramFiles%\Citrix\User Profile Manager\UserProfileManager.exe
EdgeSightAgent:

%ALLUSERSPROFILE%\Application Data\Citrix\System Monitoring\Data
%ProgramFiles%\Citrix\System Monitoring\Agent\Core\rscorsvc.exe
%ProgramFiles%\Citrix\System Monitoring\Agent\Core\Firebird\bin\fbserver.exe

Server:

%CommonProgramFiles%\Citrix\System Monitoring\Server\RSSH
%ProgramFiles%\Citrix\System Monitoring\Server\EdgeSight\scripts\rssh
%ProgramFiles%\Citrix\System Monitoring\Server\EdgeSight\Pages
%ProgramFiles%\Microsoft SQL Server\MSSQL\Reporting Services
%ProgramFiles%\Microsoft SQL Server\MSSQL\Data
%SystemRoot%\SYSTEM32\Logfiles
Provisioning ServicesServer:

Exclude scanning of Local vDisk Store

%windir%\System32\drivers\CvhdBusP6.sys (Windows Server 2008)
%windir%\System32\drivers\CVhdMp.sys (Windows Server 2012)
%windir%\System32\drivers\CfsDep2.sys
%ProgramFiles%\Citrix\Provisioning Services\BNTFTP.EXE
%ProgramData%\Citrix\Provisioning Services\Tftpboot\ARDBP32.BIN
%ProgramFiles%\Citrix\Provisioning Services\StreamService.exe
%ProgramFiles%\Citrix\Provisioning Services\StreamProcess.exe
%ProgramFiles%\Citrix\Provisioning Services\soapserver.exe

Target:

Exclude scanning of Write Cache

%ProgramFiles%\Citrix\Provisioning Services\BNDevice.exe
%windir%\System32\drivers\bnistack6.sys
%ProgramFiles%\Citrix\Provisioning Services\TargetOSOptimizer.exe
%windir%\System32\drivers\CfsDep2.sys
%windir%\System32\drivers\CVhdBusP6.sys

Target – Personal vDisk:

CTXPVD.exe
CTXPVDSVC.exe
%ProgramFiles%\Citrix\Personal vDisk\BIN\WIN7\
XenClientSynchronizer:

%Program Files%\Citrix\Synchronizer
Citrix ProductAntivirus Exclusions
, ,
Abdoulaye WAGUECitrix Recommended List of Antivirus Exclusions

Join the conversation