CTX114522 - Antivirus Software Configuration Guidelines for Presentation Server

This document was published at: http://support.citrix.com/article/CTX114522

Document ID: CTX114522, Created on: Sep 5, 2007, Updated: Sep 6, 2007
Products: Citrix Access Essentials 2.0, Citrix Access Essentials 1.5, Citrix Access Essentials 1.0, Citrix MetaFrame Presentation Server 3.0 for Microsoft Windows 2000, Citrix
MetaFrame Presentation Server 3.0 for Microsoft Windows 2003, Citrix Presentation Server 4.0 for Microsoft Windows 2000, Citrix Presentation Server 4.0 for Microsoft Windows
2003, Citrix Presentation Server 4.5 for Windows Server 2003 Russian Edition, Citrix Presentation Server 4.5 for Windows Server 2003, Citrix Presentation Server 4.5 for Windows
Server 2003 Feature Pack 1, Citrix Presentation Server 4.5 for Windows Server 2003 x64 Edition

Summary
This article provides guidelines for configuring an antivirus software solution on a server running Citrix Presentation Server.
Antivirus Software Configuration Guidelines for Presentation Server
Citrix recommends consulting the antivirus software solution vendor for any specific settings they could recommend when using their
solution with Presentation Server.
Based on Citrix Consulting experience, the antivirus software should be configured as follows:
Scan on write events only
Scan local drives only
Exclude the pagefile from being scanned
Exclude the Print Spooler directory to improve print performance
Exclude the \Program Files\Citrix folder from being scanned (the heavily accessed local host cache and Resource Manager local
database are contained inside this folder)
Seite 1 von 2 CTX114522 - Antivirus Software Configuration Guidelines for
14.09.2007 http://support.citrix.com/article/CTX114522&printable=true
1999-2007 Citrix Systems, Inc. All Rights Reserved
If ICA pass-through connections are used, exclude the users Presentation Server Client bitmap cache and the Presentation Server
Client folders
If users are connecting to a published desktop, Citrix recommends removing the antivirus-related calls from the
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Run registry key to improve performance
Every antivirus engine update should be installed and tested in a controlled test environment before deployment to the production
environment.
Administrators should perform scalability testing to determine the impact of their chosen antivirus product.
Because scanning does use some server resources, there is some impact on the number of users that can successfully access each
server.
More secure environments, such as banks, may need to scan all incoming and outgoing data, whereas many enterprises find that only
scanning incoming data may be sufficient.
The decision as to what is scanned should be determined by the enterprise security manager.
Backing up a server running Presentation Server while scanning the outbound data can slow down the backup process immensely.
More Information
CTX106674 Citrix Presentation Server 4.0 and Symantec AntiVirus Corporate Edition 9.x Supporting Test Results
CTX113486 Error: SYMANTEC TAMPER PROTECTION ALERT Points to CPU Utilization Management Executables
CTX108897 Error 10001: Installation of MetaFrame Presentation Server failed
CTX114084 Roaming Profiles Persist and are Not Saved Correctly Through a Terminal Server Session to Windows Server 2003
CTX114137 Presentation Server Becomes Unresponsive When Using Trend Micro OfficeScan or ServerProtect
Multiple instances of ShStat.exe, UpdaterUI.exe and TBMon.exe running in the Process List on the Citrix server
Seite 2 von 2 CTX114522 - Antivirus Software Configuration Guidelines for
14.09.2007 http://support.citrix.com/article/CTX114522&printable=true