Hi there!
In most of the VDI Implementations AV creates issues, mainly for PVS, profiles & performance. I’ve put forth some best practices on AV exclusions with supporting articles. Be advised every company will have it’s own security policy and i do not take any ownership of the below details; use it at your own risk!!!
-
HSD/HVD
Citrix Profile Manager Agent: – ref: http://support.citrix.com/proddocs/topic/user-profile-manager-5-x/upm-secure-antivirus.html?_ga=1.9649781.1927866785.1413273549
Do not scan on open or status-check operations
UserProfileManager.exe
PVS Target: ref http://support.citrix.com/article/CTX124185
Exclude scanning of Write Cache
\Program Files\Citrix\Provisioning Services\BNDevice.exe
\Windows\System32\drivers\bnistack6.sys
\Program Files\Citrix\Provisioning Services\TargetOSOptimizer.exe
\Windows\System32\drivers\CfsDep2.sys
\Windows\System32\drivers\CVhdBusP6.sys
Vdiskdif.vhdx
.vdiskcache
RDSH Session Host: ref: http://support.citrix.com/article/ctx127030
\Windows\system32\spoolsv.exe
\Windows\system32\csrss.exe
\Windows\system32\winlogon.exe
\Windows\system32\userinit.exe
\Windows\system32\smss.exe
\Program Files\Citrix\Group Policy\Client-Side Extension\CitrixCseEngine.exe
\Program Files (x86)\Citrix\System32\wfshell.exe
\Program Files (x86)\Citrix\system32\CpSvc.exe
\Program Files (x86)\Citrix\System32\CtxSvcHost.exe
\Program Files (x86)\Citrix\system32\mfcom.exe
\Program Files (x86)\Citrix\System32\Citrix\Ima\ImaSrv.exe
\Program Files (x86)\Citrix\System32\Citrix\Ima\IMAAdvanceSrv.exe
\Program Files (x86)\Citrix\HealthMon\HCAService.exe
\Program Files (x86)\Citrix\Streaming Client\RadeSvc.exe
\Program Files (x86)\Citrix\Streaming Client\RadeHlprSvc.exe
\Program Files (x86)\Citrix\XTE\bin\XTE.exe
\Program Files\Citrix\Independent Management Architecture\RadeOffline.mdb
%AppData%\ICAClient\Cache (if using pass-through authentication)
Windows Desktop/Server OS Machines – XenDesktop 7.x: ref: http://support.citrix.com/article/ctx127030
\Windows\system32\spoolsv.exe
\Windows\system32\csrss.exe
\Windows\system32\winlogon.exe
\Windows\system32\userinit.exe
\Windows\system32\smss.exe
\Program Files\Citrix\Group Policy\Client-Side Extension\CitrixCseEngine.exe
\Program Files (x86)\Citrix\System32\wfshell.exe
\Program Files (x86)\Citrix\system32\CpSvc.exe
\Program Files (x86)\Citrix\System32\CtxSvcHost.exe
2.Support Server Policy
Provisioning Services Server: ref: http://support.citrix.com/article/CTX124185
Exclude scanning of Local vDisk Store
\Windows\System32\drivers\CvhdBusP6.sys
\Windows\System32\drivers\CfsDep2.sys
\Program Files\Citrix\Provisioning Services\BNTFTP.EXE
\ProgramData\Citrix\Provisioning Services\Tftpboot\ARDBP32.BIN
\Program Files\Citrix\Provisioning Services\StreamService.exe
\Program Files\Citrix\Provisioning Services\StreamProcess.exe
\Program Files\Citrix\Provisioning Services\soapserver.exe
\Program Files\Citrix\Provisioning Services\inventory.exe
\Program Files\Citrix\Provisioning Services\mgmtDaemon.exe
\Program Files\Citrix\Provisioning Services
otifier.exe\Program Files\Citrix\Provisioning Services\PVSTSB.exe
\Program Files\Citrix\Provisioning Services\BNPXE.exe
\Program Files\Citrix\Provisioning Services\BNAbsService.exe
\Program Files\Citrix\Provisioning Services\cdfsvc.exe
.vhd
XenDesktop Controller: ref: http://support.citrix.com/article/ctx127030
\Windows\system32\csrss.exe
\Windows\system32\winlogon.exe
\Windows\system32\userinit.exe
\Windows\system32\smss.exe
The following antivirus exclusions should be applied to all Citrix infrastructure servers: ref: http://support.citrix.com/article/ctx127030 & http://support.microsoft.com/en-us/kb/822158
Set real-time scanning to scan on write operations only and not on read/access
Set real-time scanning to scan local drives only and not network drives
Disable scan on boot
Exclude the pagefile(s) from being scanned
Exclude IIS log files from being scanned
Exclude Windows event logs from being scanned
Turn off scanning of Windows Security files
Add the following files in the %windir%\Security\Database path of the exclusions list:
*.edb
*.sdb
*.log
*.chk
*.jrs
Turn off scanning of Group Policy related files
Group Policy user registry information. These files are located in the following folder:
%allusersprofile%\
Specifically, exclude the following file:
NTUser.pol
Group Policy client settings files. These files are located in the following folder:
%SystemRoot%\System32\GroupPolicy\Machine\
%SystemRoot%\System32\GroupPolicy\User\Specifically, exclude the following file:
Registry.pol
Hope it helps!