Xenapp AntiVirus Exclusions

Reading Time: 2 minutes

The following antivirus exclusions should be applied to all Citrix infrastructure servers:

– Set real-time scanning to scan local drives only and not network drives
– Disable scan on boot
– Remove any unnecessary antivirus related entries from the Run key
– Exclude the pagefile(s) from being scanned
– Exclude IIS log files from being scanned
– Exclude Windows event logs from being scanned

Below are the recommended antivirus exclusions, by Citrix product:

Citrix Profile Manager Agent:

– Do not scan on open or status-check operations
– UserProfileManager.exe

EdgeSight Agent:

– <AllUsersProfile>\Application Data\Citrix\System Monitoring\Data
– \ProgramFiles\Citrix\System Monitoring\Agent\Core\rscorsvc.exe
– \ProgramFiles\Citrix\System Monitoring\Agent\Core\Firebird\bin\fbserver.exe

Server:

– \CommonProgramFiles\\Citrix\System Monitoring\Server\RSSH
– \ProgramFiles\Citrix\System Monitoring\Server\EdgeSight\scripts\rssh
– \ProgramFiles\Citrix\System Monitoring\Server\EdgeSight\Pages
– \ProgramFiles\Microsoft SQL Server\MSSQL\Reporting Services
– \ProgramFiles\Microsoft SQL Server\MSSQL\Data
– \SystemRoot\SYSTEM32\Logfiles

Provisioning Services Server:

– Exclude scanning of Local vDisk Store
– \Windows\System32\drivers\CvhdBusP6.sys
– \Windows\System32\drivers\CfsDep2.sys
– \Program Files\Citrix\Provisioning Services\BNTFTP.EXE
– \ProgramData\Citrix\Provisioning Services\Tftpboot\ARDBP32.BIN
– \Program Files\Citrix\Provisioning Services\StreamService.exe
– \Program Files\Citrix\Provisioning Services\StreamProcess.exe
– \Program Files\Citrix\Provisioning Services\soapserver.exe

Target:

– Exclude scanning of Write Cache
– \Program Files\Citrix\Provisioning Services\BNDevice.exe
– \Windows\System32\drivers\bnistack6.sys
– \Program Files\Citrix\Provisioning Services\TargetOSOptimizer.exe
– \Windows\System32\drivers\CfsDep2.sys
– \Windows\System32\drivers\CVhdBusP6.sys

Target – Personal vDisk:

– CTXPVD.exe
– CTXPVDSVC.exe
– \Program Files\Citrix\Personal vDisk\BIN\WIN7\

XenApp Controller:

– Windows\system32\csrss.exe
– Windows\system32\winlogon.exe
– Windows\system32\userinit.exe
– Windows\system32\smss.exe
– Program Files\Citrix\Group Policy\Client-Side Extension\CitrixCseEngine.exe
– Program Files (x86)\Citrix\System32\wfshell.exe
– Program Files (x86)\Citrix\system32\ctxxmlss.exe
– Program Files (x86)\Citrix\System32\CtxSvcHost.exe
– Program Files (x86)\Citrix\system32\mfcom.exe
– Program Files (x86)\Citrix\System32\Citrix\Ima\ImaSrv.exe
– Program Files (x86)\Citrix\System32\Citrix\Ima\IMAAdvanceSrv.exe
– Program Files (x86)\Citrix\HealthMon\HCAService.exe
– Program Files (x86)\Citrix\Streaming Client\RadeSvc.exe
– Program Files (x86)\Citrix\Streaming Client\RadeHlprSvc.exe
– Program Files (x86)\Citrix\Independent Management Architecture\RadeOffline.mdb
– Program Files (x86)\Citrix\Independent Management Architecture\imalhc.mdb

Session Host:

– \Windows\system32\spoolsv.exe
– \Windows\system32\csrss.exe
– \Windows\system32\winlogon.exe
– \Windows\system32\userinit.exe
– \Windows\system32\smss.exe
– \Program Files\Citrix\Group Policy\Client-Side Extension\CitrixCseEngine.exe
– \Program Files (x86)\Citrix\System32\wfshell.exe
– \Program Files (x86)\Citrix\system32\CpSvc.exe
– \Program Files (x86)\Citrix\System32\CtxSvcHost.exe
– \Program Files (x86)\Citrix\system32\mfcom.exe
– \Program Files (x86)\Citrix\System32\Citrix\Ima\ImaSrv.exe
-\Program Files (x86)\Citrix\System32\Citrix\Ima\IMAAdvanceSrv.exe
– \Program Files (x86)\Citrix\HealthMon\HCAService.exe
– \Program Files (x86)\Citrix\Streaming Client\RadeSvc.exe
– \Program Files (x86)\Citrix\Streaming Client\RadeHlprSvc.exe
– \Program Files (x86)\Citrix\XTE\bin\XTE.exe
– \Program Files (x86)\Citrix\Independent Management Architecture\RadeOffline.mdb
– %AppData%\ICAClient\Cache (if using pass-through authentication)
 XenClient Synchronizer:

– \Program Files\Citrix\Synchronizer|

XenDesktop Controller:

– \Windows\system32\csrss.exe
– \Windows\system32\winlogon.exe
– \Windows\system32\userinit.exe
– \Windows\system32\smss.exe

Controller – pre-XenDesktop 7.x:

– \Program Files\Citrix\Group Policy\Client-Side Extension\CitrixCseEngine.exe
– \Program Files (x86)\Citrix\System32\wfshell.exe
– \Program Files (x86)\Citrix\system32\ctxxmlss.exe
– \Program Files (x86)\Citrix\System32\CtxSvcHost.exe
– \Program Files (x86)\Citrix\system32\mfcom.exe

Windows Server OS Machines – XenDesktop 7.x:

– \Windows\system32\spoolsv.exe
– \Windows\system32\csrss.exe
– \Windows\system32\winlogon.exe
– \Windows\system32\userinit.exe
– \Windows\system32\smss.exe
– \Program Files\Citrix\Group Policy\Client-Side Extension\CitrixCseEngine.exe
– \Program Files (x86)\Citrix\System32\wfshell.exe
– \Program Files (x86)\Citrix\system32\CpSvc.exe
– \Program Files (x86)\Citrix\System32\CtxSvcHost.exe

Soure and for more info – Citrix Consolidated List of Antivirus Exclusions