编者按:下篇,我们主要讨论防病毒排除
防病毒排除
最常见的(通常也是最重要的)防病毒优化是正确定义所有组件的防病毒排除。虽然有些供应商可以自动检测Citrix组件并应用排除,但对于大多数环境,这是需要在管理控制台中手动配置。
排除通常建议用于实时扫描;但是Citrix建议使用定时扫描和定期扫描,需要排除特定的文件和文件夹。为了减轻任何潜在的性能影响,建议在非业务或非高峰时间执行计划扫描。
排除的文件和文件夹应始终保持完整性。组织应考虑利用商业文件完整性监控或主机***预防解决方案来保护已从实时或访问扫描中排除的文件和文件夹的完整性。值得注意的是,数据库和日志文件不应包括在这种类型的数据完整性监视中,因为这些文件可能会更改。如果必须从实时或访问扫描中排除整个文件夹,Citrix建议密切监视排除文件夹中新文件的创建。
仅扫描本地驱动器-或禁用网络扫描。假设所有远程位置(可能包括承载用户配置文件和重定向文件夹的文件服务器)都受到防病毒和数据完整性解决方案的监控。如果不是这样,建议排除所有已配置计算机访问的网络共享。示例包括托管重定向文件夹或用户配置文件的共享。
建议:与您的供应商和安全团队一起审查这些建议。
-检查所有要排除的文件/文件夹,并在创建排除策略之前确认它们存在。
-为不同的组件实现多个排除策略,而不是为所有组件创建一个大型策略。
-要最小化机会窗口,请实现实时扫描和计划扫描的组合.
Virtual Apps and Desktops
Delivery Controllers
Files:
• %SystemRoot%ServiceProfilesNetworkServiceHaDatabaseName.mdf (7.12+)
•%SystemRoot%ServiceProfilesNetworkServiceHaImportDatabaseName.mdf (7.12+)
•%SystemRoot%ServiceProfilesNetworkServiceHaDatabaseName_log.ldf (7.12+)
•%SystemRoot%ServiceProfilesNetworkServiceHaImportDatabaseName_log.ldf (7.12+)
Folders:
• %ProgramData%CitrixBrokerCache (7.6+)
Processes:
• %ProgramFiles%CitrixBrokerServiceBrokerService.exe
•%ProgramFiles%CitrixBrokerServiceHighAvailabilityService.exe (7.12+)
• %ProgramFiles%CitrixConfigSyncConfigSyncService.exe (7.12+)
Virtual Delivery Agents
Files:
• %UserProfile%AppDataLocalTempCitrixHDXRTConnector**.txt
Processes:
• %ProgramFiles%CitrixUser Profile ManagerUserProfileManager.exe
• %ProgramFiles%CitrixVirtual Desktop AgentBrokerAgent.exe
• %SystemRoot%System32spoolsv.exe
• %SystemRoot%System32winlogon.exe
• %ProgramFiles%CitrixICAServicepicaSvc2.exe (Desktop OS only)
• %ProgramFiles%CitrixICAServiceCpSvc.exe (Desktop OS only)
Workspace app / Receiver for Windows
Files:
•%UserProfile%AppDataLocalTempCitrixRTMediaEngineSRVMediaEngineSRVDebugLogs**.txt
Processes:
• %ProgramFiles(x86)%CitrixICA ClientMediaEngineService.exe
• %ProgramFiles(x86)%CitrixICA ClientCDViewer.exe
• %ProgramFiles(x86)%CitrixICA Clientconcentr.exe
• %ProgramFiles(x86)%CitrixICA Clientwfica32.exe
• %ProgramFiles(x86)%CitrixICA ClientAuthManagerAuthManSvr.exe
• %ProgramFiles(x86)%CitrixICA ClientSelfServicePluginSelfService.exe
•%ProgramFiles(x86)%CitrixICA ClientSelfServicePluginSelfServicePlugin.exe
Please note that these exclusions for Receiver typically are not needed. We have only seen a need for these in environments when the antivirus is configured with policies that are more strict than usual, or in situations in which multiple security agents are in use simultaneously (AV, DLP, HIP, etc.)
Provisioning
Provisioning Server
Files:
• *.vhd
• *.avhd
• *.vhdx
• *.avhdx
• *.pvp
• *.lok
• %SystemRoot%System32driversCvhdBusP6.sys (Windows Server 2008 R2)
• %SystemRoot%System32driversCVhdMp.sys (Windows Server 2012 R2)
• %SystemRoot%System32driversCfsDep2.sys
• %ProgramData%CitrixProvisioning ServicesTftpbootARDBP32.BIN
Processes:
• %ProgramFiles%CitrixProvisioning ServicesBNTFTP.EXE
• %ProgramFiles%CitrixProvisioning ServicesPVSTSB.EXE
• %ProgramFiles%CitrixProvisioning ServicesStreamService.exe
• %ProgramFiles%CitrixProvisioning ServicesStreamProcess.exe
• %ProgramFiles%CitrixProvisioning Servicessoapserver.exe
• %ProgramFiles%CitrixProvisioning ServicesInventory.exe
• %ProgramFiles%CitrixProvisioning ServicesNotifier.exe
• %ProgramFiles%CitrixProvisioning ServicesMgmntDaemon.exe
• %ProgramFiles%CitrixProvisioning ServicesBNPXE.exe (only if PXE is used)
Provisioning Target Device
Files:
• .vdiskcache
• vdiskdif.vhdx (7.x and above when using RAM cache with overflow)
• %SystemRoot%System32driversnistack6.sys
• %SystemRoot%System32driversCfsDep2.sys
• %SystemRoot%System32driversCVhdBusP6.sys
• %SystemRoot%System32driverscnicteam.sys
• %SystemRoot%System32driversCVhdMp.sys (7.x only)
StoreFront
Files:
•%SystemRoot%ServiceProfilesNetworkServiceAppDataRoamingCitrixSubscriptionsStore**PersistentDictionary.edb
Processes:
•%ProgramFiles%CitrixReceiver StoreFrontServicesSubscriptionsStoreServiceCitrix.DeliveryServices.SubscriptionsStore.ServiceHost.exe
•%ProgramFiles%CitrixReceiver StoreFrontServicesCredentialWalletCitrix.DeliveryServices.CredentialWallet.ServiceHost.exe
Cloud Connector
Files:
• %SystemRoot%ServiceProfilesNetworkServiceHaDatabaseName.mdf
•%SystemRoot%ServiceProfilesNetworkServiceHaImportDatabaseName.mdf
•%SystemRoot%ServiceProfilesNetworkServiceHaDatabaseName_log.ldf
•%SystemRoot%ServiceProfilesNetworkServiceHaImportDatabaseName_log.ldf
Folders:
• %SystemDrive%LogsCDF
• %ProgramData%CitrixWorkspaceCloudLogs
Processes:
• %ProgramFiles%CitrixXaXdCloudProxyXaXdCloudProxy.exe
• %ProgramFiles%CitrixBrokerServiceHighAvailabilityService.exe
• %ProgramFiles%CitrixConfigSyncConfigSyncService.exe
Workspace Environment Management
Processes:
• Norskale Broker Service.exe
• Norskale Broker Service Configuration Utility.exe
• Norskale Database Management Utility.exe
参考
Citrix Ready Workspace Security Program
Citrix Guidelines for Antivirus Software Configuration
Provisioning Services Antivirus Best Practices
Antivirus layering with Citrix App Layering