The following antivirus exclusions should be applied to all Citrix infrastructure servers:
– Set real-time scanning to scan local drives only and not network drives
– Disable scan on boot
– Remove any unnecessary antivirus related entries from the Run key
– Exclude the pagefile(s) from being scanned
– Exclude IIS log files from being scanned
– Exclude Windows event logs from being scanned
Below are the recommended antivirus exclusions, by Citrix product:
Citrix Profile Manager Agent:
– Do not scan on open or status-check operations
– UserProfileManager.exe
EdgeSight Agent:
– <AllUsersProfile>\Application Data\Citrix\System Monitoring\Data
– \ProgramFiles\Citrix\System Monitoring\Agent\Core\rscorsvc.exe
– \ProgramFiles\Citrix\System Monitoring\Agent\Core\Firebird\bin\fbserver.exe
Server:
– \CommonProgramFiles\\Citrix\System Monitoring\Server\RSSH
– \ProgramFiles\Citrix\System Monitoring\Server\EdgeSight\scripts\rssh
– \ProgramFiles\Citrix\System Monitoring\Server\EdgeSight\Pages
– \ProgramFiles\Microsoft SQL Server\MSSQL\Reporting Services
– \ProgramFiles\Microsoft SQL Server\MSSQL\Data
– \SystemRoot\SYSTEM32\Logfiles
Provisioning Services Server:
– Exclude scanning of Local vDisk Store
– \Windows\System32\drivers\CvhdBusP6.sys
– \Windows\System32\drivers\CfsDep2.sys
– \Program Files\Citrix\Provisioning Services\BNTFTP.EXE
– \ProgramData\Citrix\Provisioning Services\Tftpboot\ARDBP32.BIN
– \Program Files\Citrix\Provisioning Services\StreamService.exe
– \Program Files\Citrix\Provisioning Services\StreamProcess.exe
– \Program Files\Citrix\Provisioning Services\soapserver.exe
Target:
– Exclude scanning of Write Cache
– \Program Files\Citrix\Provisioning Services\BNDevice.exe
– \Windows\System32\drivers\bnistack6.sys
– \Program Files\Citrix\Provisioning Services\TargetOSOptimizer.exe
– \Windows\System32\drivers\CfsDep2.sys
– \Windows\System32\drivers\CVhdBusP6.sys
Target – Personal vDisk:
– CTXPVD.exe
– CTXPVDSVC.exe
– \Program Files\Citrix\Personal vDisk\BIN\WIN7\
XenApp Controller:
– Windows\system32\csrss.exe
– Windows\system32\winlogon.exe
– Windows\system32\userinit.exe
– Windows\system32\smss.exe
– Program Files\Citrix\Group Policy\Client-Side Extension\CitrixCseEngine.exe
– Program Files (x86)\Citrix\System32\wfshell.exe
– Program Files (x86)\Citrix\system32\ctxxmlss.exe
– Program Files (x86)\Citrix\System32\CtxSvcHost.exe
– Program Files (x86)\Citrix\system32\mfcom.exe
– Program Files (x86)\Citrix\System32\Citrix\Ima\ImaSrv.exe
– Program Files (x86)\Citrix\System32\Citrix\Ima\IMAAdvanceSrv.exe
– Program Files (x86)\Citrix\HealthMon\HCAService.exe
– Program Files (x86)\Citrix\Streaming Client\RadeSvc.exe
– Program Files (x86)\Citrix\Streaming Client\RadeHlprSvc.exe
– Program Files (x86)\Citrix\Independent Management Architecture\RadeOffline.mdb
– Program Files (x86)\Citrix\Independent Management Architecture\imalhc.mdb
Session Host:
– \Windows\system32\spoolsv.exe
– \Windows\system32\csrss.exe
– \Windows\system32\winlogon.exe
– \Windows\system32\userinit.exe
– \Windows\system32\smss.exe
– \Program Files\Citrix\Group Policy\Client-Side Extension\CitrixCseEngine.exe
– \Program Files (x86)\Citrix\System32\wfshell.exe
– \Program Files (x86)\Citrix\system32\CpSvc.exe
– \Program Files (x86)\Citrix\System32\CtxSvcHost.exe
– \Program Files (x86)\Citrix\system32\mfcom.exe
– \Program Files (x86)\Citrix\System32\Citrix\Ima\ImaSrv.exe
-\Program Files (x86)\Citrix\System32\Citrix\Ima\IMAAdvanceSrv.exe
– \Program Files (x86)\Citrix\HealthMon\HCAService.exe
– \Program Files (x86)\Citrix\Streaming Client\RadeSvc.exe
– \Program Files (x86)\Citrix\Streaming Client\RadeHlprSvc.exe
– \Program Files (x86)\Citrix\XTE\bin\XTE.exe
– \Program Files (x86)\Citrix\Independent Management Architecture\RadeOffline.mdb
– %AppData%\ICAClient\Cache (if using pass-through authentication)
XenClient Synchronizer:
– \Program Files\Citrix\Synchronizer|
XenDesktop Controller:
– \Windows\system32\csrss.exe
– \Windows\system32\winlogon.exe
– \Windows\system32\userinit.exe
– \Windows\system32\smss.exe
Controller – pre-XenDesktop 7.x:
– \Program Files\Citrix\Group Policy\Client-Side Extension\CitrixCseEngine.exe
– \Program Files (x86)\Citrix\System32\wfshell.exe
– \Program Files (x86)\Citrix\system32\ctxxmlss.exe
– \Program Files (x86)\Citrix\System32\CtxSvcHost.exe
– \Program Files (x86)\Citrix\system32\mfcom.exe
Windows Server OS Machines – XenDesktop 7.x:
– \Windows\system32\spoolsv.exe
– \Windows\system32\csrss.exe
– \Windows\system32\winlogon.exe
– \Windows\system32\userinit.exe
– \Windows\system32\smss.exe
– \Program Files\Citrix\Group Policy\Client-Side Extension\CitrixCseEngine.exe
– \Program Files (x86)\Citrix\System32\wfshell.exe
– \Program Files (x86)\Citrix\system32\CpSvc.exe
– \Program Files (x86)\Citrix\System32\CtxSvcHost.exe
Soure and for more info – Citrix Consolidated List of Antivirus Exclusions