How to enable or disable Windows Defender

Reading Time: 2 minutes

If you have a requirement to disable the default Windows Defender installation on your server due to using a different AV solution such as McAfee, Sophos etc, here is a step by step guide on how to disable or enable Windows Defender. You may also find that when trying to disable Windows Defender, the feature is greyed out, so we will also go through the process of getting around this issue via Power Shell

Firstly, logon to your server, launch server manager and click ‘Manage’ as shown in the screenshot below

Click Add Roles and Features or Remove Roles and Features if you’re wanting to remove Windows Defender

Click next

and click next again

Leave the defaults and click next

Leave the defaults and click next

Scroll down to ‘Windows Defender Features’ and deselect or select if you are installing Windows Defender

If the option is greyed out, you will need to uninstall the feature via Power Shell.

Install or Uninstall Windows Defender via Power Shell

Launch Powershell as administrator (Right click on Powershell and click run as administrator)

To remove Windows Defender, type: Uninstall-WindowsFeature -Name Windows-Defender

To install Windows Defender, type the below:

Install-WindowsFeature -Name Windows-Defender

Xenapp AntiVirus Exclusions

Reading Time: 2 minutesThe following antivirus exclusions should be applied to all Citrix infrastructure servers:

– Set real-time scanning to scan local drives only and not network drives
– Disable scan on boot
– Remove any unnecessary antivirus related entries from the Run key
– Exclude the pagefile(s) from being scanned
– Exclude IIS log files from being scanned
– Exclude Windows event logs from being scanned

Below are the recommended antivirus exclusions, by Citrix product:

Citrix Profile Manager Agent:

– Do not scan on open or status-check operations
– UserProfileManager.exe

EdgeSight Agent:

– <AllUsersProfile>\Application Data\Citrix\System Monitoring\Data
– \ProgramFiles\Citrix\System Monitoring\Agent\Core\rscorsvc.exe
– \ProgramFiles\Citrix\System Monitoring\Agent\Core\Firebird\bin\fbserver.exe

Server:

– \CommonProgramFiles\\Citrix\System Monitoring\Server\RSSH
– \ProgramFiles\Citrix\System Monitoring\Server\EdgeSight\scripts\rssh
– \ProgramFiles\Citrix\System Monitoring\Server\EdgeSight\Pages
– \ProgramFiles\Microsoft SQL Server\MSSQL\Reporting Services
– \ProgramFiles\Microsoft SQL Server\MSSQL\Data
– \SystemRoot\SYSTEM32\Logfiles

Provisioning Services Server:

– Exclude scanning of Local vDisk Store
– \Windows\System32\drivers\CvhdBusP6.sys
– \Windows\System32\drivers\CfsDep2.sys
– \Program Files\Citrix\Provisioning Services\BNTFTP.EXE
– \ProgramData\Citrix\Provisioning Services\Tftpboot\ARDBP32.BIN
– \Program Files\Citrix\Provisioning Services\StreamService.exe
– \Program Files\Citrix\Provisioning Services\StreamProcess.exe
– \Program Files\Citrix\Provisioning Services\soapserver.exe

Target:

– Exclude scanning of Write Cache
– \Program Files\Citrix\Provisioning Services\BNDevice.exe
– \Windows\System32\drivers\bnistack6.sys
– \Program Files\Citrix\Provisioning Services\TargetOSOptimizer.exe
– \Windows\System32\drivers\CfsDep2.sys
– \Windows\System32\drivers\CVhdBusP6.sys

Target – Personal vDisk:

– CTXPVD.exe
– CTXPVDSVC.exe
– \Program Files\Citrix\Personal vDisk\BIN\WIN7\

XenApp Controller:

– Windows\system32\csrss.exe
– Windows\system32\winlogon.exe
– Windows\system32\userinit.exe
– Windows\system32\smss.exe
– Program Files\Citrix\Group Policy\Client-Side Extension\CitrixCseEngine.exe
– Program Files (x86)\Citrix\System32\wfshell.exe
– Program Files (x86)\Citrix\system32\ctxxmlss.exe
– Program Files (x86)\Citrix\System32\CtxSvcHost.exe
– Program Files (x86)\Citrix\system32\mfcom.exe
– Program Files (x86)\Citrix\System32\Citrix\Ima\ImaSrv.exe
– Program Files (x86)\Citrix\System32\Citrix\Ima\IMAAdvanceSrv.exe
– Program Files (x86)\Citrix\HealthMon\HCAService.exe
– Program Files (x86)\Citrix\Streaming Client\RadeSvc.exe
– Program Files (x86)\Citrix\Streaming Client\RadeHlprSvc.exe
– Program Files (x86)\Citrix\Independent Management Architecture\RadeOffline.mdb
– Program Files (x86)\Citrix\Independent Management Architecture\imalhc.mdb

Session Host:

– \Windows\system32\spoolsv.exe
– \Windows\system32\csrss.exe
– \Windows\system32\winlogon.exe
– \Windows\system32\userinit.exe
– \Windows\system32\smss.exe
– \Program Files\Citrix\Group Policy\Client-Side Extension\CitrixCseEngine.exe
– \Program Files (x86)\Citrix\System32\wfshell.exe
– \Program Files (x86)\Citrix\system32\CpSvc.exe
– \Program Files (x86)\Citrix\System32\CtxSvcHost.exe
– \Program Files (x86)\Citrix\system32\mfcom.exe
– \Program Files (x86)\Citrix\System32\Citrix\Ima\ImaSrv.exe
-\Program Files (x86)\Citrix\System32\Citrix\Ima\IMAAdvanceSrv.exe
– \Program Files (x86)\Citrix\HealthMon\HCAService.exe
– \Program Files (x86)\Citrix\Streaming Client\RadeSvc.exe
– \Program Files (x86)\Citrix\Streaming Client\RadeHlprSvc.exe
– \Program Files (x86)\Citrix\XTE\bin\XTE.exe
– \Program Files (x86)\Citrix\Independent Management Architecture\RadeOffline.mdb
– %AppData%\ICAClient\Cache (if using pass-through authentication)
 XenClient Synchronizer:

– \Program Files\Citrix\Synchronizer|

XenDesktop Controller:

– \Windows\system32\csrss.exe
– \Windows\system32\winlogon.exe
– \Windows\system32\userinit.exe
– \Windows\system32\smss.exe

Controller – pre-XenDesktop 7.x:

– \Program Files\Citrix\Group Policy\Client-Side Extension\CitrixCseEngine.exe
– \Program Files (x86)\Citrix\System32\wfshell.exe
– \Program Files (x86)\Citrix\system32\ctxxmlss.exe
– \Program Files (x86)\Citrix\System32\CtxSvcHost.exe
– \Program Files (x86)\Citrix\system32\mfcom.exe

Windows Server OS Machines – XenDesktop 7.x:

– \Windows\system32\spoolsv.exe
– \Windows\system32\csrss.exe
– \Windows\system32\winlogon.exe
– \Windows\system32\userinit.exe
– \Windows\system32\smss.exe
– \Program Files\Citrix\Group Policy\Client-Side Extension\CitrixCseEngine.exe
– \Program Files (x86)\Citrix\System32\wfshell.exe
– \Program Files (x86)\Citrix\system32\CpSvc.exe
– \Program Files (x86)\Citrix\System32\CtxSvcHost.exe

Soure and for more info – Citrix Consolidated List of Antivirus Exclusions