CTX114522 - Antivirus Software Configuration Guidelines for Presentation Server
This document was published at: http://support.citrix.com/article/CTX114522
Document ID: CTX114522, Created on: Sep 5, 2007, Updated: Sep 6, 2007 Products: Citrix Access Essentials 2.0, Citrix Access Essentials 1.5, Citrix Access Essentials 1.0, Citrix MetaFrame Presentation Server 3.0 for Microsoft Windows 2000, Citrix MetaFrame Presentation Server 3.0 for Microsoft Windows 2003, Citrix Presentation Server 4.0 for Microsoft Windows 2000, Citrix Presentation Server 4.0 for Microsoft Windows 2003, Citrix Presentation Server 4.5 for Windows Server 2003 Russian Edition, Citrix Presentation Server 4.5 for Windows Server 2003, Citrix Presentation Server 4.5 for Windows Server 2003 Feature Pack 1, Citrix Presentation Server 4.5 for Windows Server 2003 x64 Edition
Summary This article provides guidelines for configuring an antivirus software solution on a server running Citrix Presentation Server. Antivirus Software Configuration Guidelines for Presentation Server Citrix recommends consulting the antivirus software solution vendor for any specific settings they could recommend when using their solution with Presentation Server. Based on Citrix Consulting experience, the antivirus software should be configured as follows: Scan on write events only Scan local drives only Exclude the pagefile from being scanned Exclude the Print Spooler directory to improve print performance Exclude the \Program Files\Citrix folder from being scanned (the heavily accessed local host cache and Resource Manager local database are contained inside this folder) Seite 1 von 2 CTX114522 - Antivirus Software Configuration Guidelines for 14.09.2007 http://support.citrix.com/article/CTX114522&printable=true 1999-2007 Citrix Systems, Inc. All Rights Reserved If ICA pass-through connections are used, exclude the users Presentation Server Client bitmap cache and the Presentation Server Client folders If users are connecting to a published desktop, Citrix recommends removing the antivirus-related calls from the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Run registry key to improve performance Every antivirus engine update should be installed and tested in a controlled test environment before deployment to the production environment. Administrators should perform scalability testing to determine the impact of their chosen antivirus product. Because scanning does use some server resources, there is some impact on the number of users that can successfully access each server. More secure environments, such as banks, may need to scan all incoming and outgoing data, whereas many enterprises find that only scanning incoming data may be sufficient. The decision as to what is scanned should be determined by the enterprise security manager. Backing up a server running Presentation Server while scanning the outbound data can slow down the backup process immensely. More Information CTX106674 Citrix Presentation Server 4.0 and Symantec AntiVirus Corporate Edition 9.x Supporting Test Results CTX113486 Error: SYMANTEC TAMPER PROTECTION ALERT Points to CPU Utilization Management Executables CTX108897 Error 10001: Installation of MetaFrame Presentation Server failed CTX114084 Roaming Profiles Persist and are Not Saved Correctly Through a Terminal Server Session to Windows Server 2003 CTX114137 Presentation Server Becomes Unresponsive When Using Trend Micro OfficeScan or ServerProtect Multiple instances of ShStat.exe, UpdaterUI.exe and TBMon.exe running in the Process List on the Citrix server Seite 2 von 2 CTX114522 - Antivirus Software Configuration Guidelines for 14.09.2007 http://support.citrix.com/article/CTX114522&printable=true