You will find below a list of exclusions for various vendors. Click on the vendor name to jump to the list of exclusions for that vendor.
NOTE:
If these files are not excluded, antivirus software might prevent appropriate access to these files, and security databases can become corrupted. Scanning these files can prevent the files from being used or might prevent a security policy from being applied to the files. These files should not be scanned because antivirus software might not correctly treat them as proprietary database files.
These are the recommended exclusions. There might be other file types that are not included in this article that should be excluded.
These are exclusions specific for Citrix
When using non-persistent images, all changes are lost after a reboot. This also applies to antivirus definitions and possible contaminations. Depending on the degree of security desired, a decision can be made as to whether it will be necessary to install an antivirus agent on the virtual desktop. The following antivirus exclusions should be applied to all Citrix infrastructure servers:
- Set real-time scanning to scan local drives only and not network drives
- Disable scan on boot
- Remove any unnecessary antivirus related entries from the Run key
- Exclude the pagefile(s) from being scanned
- Exclude Windows event logs from being scanned
- Exclude IIS log files from being scanned
- Exclude the print spooler directory (to improve print performance)
It is recommended to update a master image or vDisk at least once a month, this is to keep the size of the virus definition files to a minimum. For updating only the definition files it of no importance how the image gets updated (vDisk version, editing a MCS image or enrolling an entirely new image). Applying the new definition files must occur during computer start-up and at a random interval during business hours (most virtualization aware anti-virus solutions provide such a function). Start-up of the Citrix services should be delayed to ensure enough time is available to update the definition files. This can be done by altering the service start-up method to 'delayed start', or by implementing a script to 'manually' start the services after a period of time. Virus definitions sizes tent to increase over time, this timeframe must be taken into account.
General source information can be found at:
Article: Guidelines Tech Zone article
Av exclusions for Citrix Director
Av exclusions for Citrix Federated Authentication Service (FAS)
Av exclusions for Citrix Provisioning Services Service
Av exclusions for Citrix Provisioning Services Target Device
Av exclusions for Citrix Session Recording Agent
Av exclusions for Citrix Session Recording Player
Av exclusions for Citrix Session Recording Server
Av exclusions for Citrix StoreFront
Av exclusions for Citrix User Profile Management
Av exclusions for Citrix Virtual Apps and Desktops Delivery Controller
Av exclusions for Citrix Virtual Apps and Desktops VDA (Multi Session)
Av exclusions for Citrix Virtual Apps and Desktops VDA (Single Session)
Av exclusions for Citrix Workspace Environment Management Infrastructure Service Agent
'
NOTE: On a 64- bit system, by default, the installation directory will exist in
"%ProgramFiles(x86)%" instead of
"%ProgramFiles%" on 32-bit systems.
NOTE: Older versions of the agent can be installed in
%ProgramFiles(x86)%\Norskale\Norskale Agent Host. Make sure to check the installation directory before configuring antivirus exclusions.
Source: Tech Paper: Endpoint Security, Antivirus, and Antimalware Best Practices
Av exclusions for Citrix Workspace Environment Management Infrastructure Service
Av exclusions for Citrix WorkspaceApp
NOTE: Exclusions for the Citrix Workspace app are typically not required. A need arises in environments with antivirus configured with more strict than usual policies, or in situations in which multiple security agents are simultaneously in use (AV, DLP, HIP, and so on). When installing Citrix Workspace app using the Virtual Delivery Agent installer, an "Online plug-in" folder is present in the install path such as %ProgramFiles(x86)%\Citrix\online plugin\ICA Client\
Source: Tech Paper: Endpoint Security, Antivirus, and Antimalware Best Practices
These are exclusions specific for Ivanti
Ivanti Automation Console or Workspace Control products Directory can be one of these, depending of time of installation or upgrade!
-
"%ProgramFiles%\Ivanti"
-
"%ProgramFiles(x86)%\Ivanti"
-
"%ProgramFiles%\RES"
-
"%ProgramFiles(x86)%\RES"
-
"%ProgramFiles%\RES Software"
-
"%ProgramFiles(x86)%\RES Software"
Av exclusions for Ivanti Automation Agent
Av exclusions for Ivanti Automation Console
Av exclusions for Ivanti Automation Dispatcher
Av exclusions for Ivanti Security Controls
NOTE: Console executables (located in the installation directory) can be in different locations depending on the version.
Console Directories
- 2019.3 and earlier
- - C:\ProgramData\Landesk\Shavlik Protect
- - C:\Program Files\LANDESK\Shavlik Protect (by default, may be custom)
- 2020.1 and later
- - C:\ProgramData\Ivanti\Security Controls
- - C:\Program Files\Ivanti\Security Controls (by default, may be custom)
Source: Antivirus Exclusions for Ivanti Security Controls
Av exclusions for Ivanti Workspace Control Agent
Av exclusions for Ivanti Workspace Control Console
Av exclusions for Ivanti Workspace Control Relay Service