The following antivirus exclusions should be applied to all Citrix infrastructure servers:

  • Set real-time scanning to scan local drives only and not network drives
  • Disable scan on boot
  • Remove any unnecessary antivirus related entries from the Run key
  • Exclude the pagefile(s) from being scanned
  • Exclude IIS log files from being scanned
  • Exclude Windows event logs from being scanned

Hyper-V

Exception Item Description
VHD,VSV,ISO,AVHD,VFD,XML,BIN,VHDX,AVHDX,HRL Extensions
C:\ProgramData\Microsoft\Windows\Hyper-V\*.* Directory & Subdirectories
C:\Users\Public\Documents\Hyper-V\Virtual Hard Disks\*.* Directory & Subdirectories
C:\ProgramData\Microsoft\Windows\Hyper-V\Snapshots Directory
C:\ClusterStorage\*.* Directory & Subdirectories
Vmms.exe Process exclusions
Vmwp.exe Process exclusions
Clussvc.exe Process exclusions

 

Citrix (XenApp/Xen Desktop)

 

Component Exclusion List
Citrix Director & StoreFront Director and StoreFront:
\inetpub\temp\IIS Temporary Compressed Files
\Windows\system32\inetsrv\w3wp.exe
\Windows\SysWOW64\inetsrv\w3wp.exe StoreFront:
\Program Files\Citrix\Receiver StoreFront\Services\SubscriptionsStoreService
Citrix Profile Manager Agent:
Do not scan on open or status-check operations
UserProfileManager.exe
EdgeSight Agent:
<AllUsersProfile>\Application Data\Citrix\System Monitoring\Data
\ProgramFiles\Citrix\System Monitoring\Agent\Core\rscorsvc.exe
\ProgramFiles\Citrix\System Monitoring\Agent\Core\Firebird\bin\fbserver.exe Server:
\CommonProgramFiles\Citrix\System Monitoring\Server\RSSH
\ProgramFiles\Citrix\System Monitoring\Server\EdgeSight\scripts\rssh
\ProgramFiles\Citrix\System Monitoring\Server\EdgeSight\Pages
\ProgramFiles\Microsoft SQL Server\MSSQL\Reporting Services
\ProgramFiles\Microsoft SQL Server\MSSQL\Data
\SystemRoot\SYSTEM32\Logfiles
Provisioning Services – For Server
Note: An even easier approach would be to
 exclude the complete Provisioning services folder
For PVS Server
\Windows\System32\drivers\CvhdBusP6.sys (Windows Server 2008)
\Windows\System32\drivers\CVhdMp.sys (Windows Server 2012)
\Windows\System32\drivers\CfsDep2.sys
\Program Files\Citrix\Provisioning Services\BNTFTP.EXE
\ProgramData\Citrix\Provisioning Services\Tftpboot\ARDBP32.BIN
\Program Files\Citrix\Provisioning Services\StreamService.exe
\Program Files\Citrix\Provisioning Services\StreamProcess.exe
\Program Files\Citrix\Provisioning Services\soapserver.exe
C:\Windows\System32\drivers\CVhdBusP6.sys => (PVS 6.1)
C:\Windows\System32\drivers\CVhdBus2.sys => (PVS 5.6)
C:\Windows\System32\drivers\CFsDep2.sys => (PVS 5.6 and PVS 6.1)
C:\Program Files\Citrix\Provisioning Services\BNTFTP.EXE => (PVS 5.6 and PVS 6.1)
C:\ProgramData\Citrix\Provisioning Services\Tftpboot\ARDBP32.BIN => (PVS 5.6 and PVS 6.1)
D:\Store => ( i.e. local vdisk store) ->Exclude scanning of Local vDisk Store
Provisioning Services – For Target Devices
Note: An even easier approach would be to
 exclude the complete Provisioning services folder
Target Devices:
\Program Files\Citrix\Provisioning Services\BNDevice.exe
\Windows\System32\drivers\bnistack6.sys
\Program Files\Citrix\Provisioning Services\TargetOSOptimizer.exe
\Windows\System32\drivers\CfsDep2.sys
\Windows\System32\drivers\CVhdBusP6.sys
\Program Files\Citrix\Personal vDisk\BIN\WIN7\
C:\Windows\System32\drivers\bnistack.sys => (Only targets, Win2003/XP)
C:\Windows\System32\drivers\bnistack6.sys => (Only targets, 2008/Win7)
C:\Windows\System32\drivers\BNNF.sys => (Only targets, Win2003/XP)
C:\Windows\System32\drivers\BNNS.sys => (Only targets, Win2003/XP)
C:\Windows\System32\drivers\BNNS6.sys => (Doesn’t exist anymore with PVS6.1 Agent)
C:\Windows\System32\drivers\BNPort.sys => (Only targets, Win2003/XP)
C:\Windows\System32\drivers\CFsDep2.sys => (Win2003/XP & 2008/Win7)
C:\Windows\System32\drivers\CVhdBusP52.sys => (Only targets, Win2003/XP)
C:\Windows\System32\drivers\CVhdBusP6.sys => (2008/Win7)
C:\Program Files\Citrix\Provisioning Services\BNDevice.exe => (Only targets, 2008/Win7)
C:\Program Files\Citrix\Provisioning Services\TargetOSOptimizer.exe => (Only targets, 2008/Win7)
Target – Personal vDisk:
CTXPVD.exe
CTXPVDSVC.exe
Exclude scanning of Write Cache
Xen App -Session Controller(Controller) Controller:

\Windows\system32\csrss.exe
\Windows\system32\winlogon.exe
\Windows\system32\userinit.exe
\Windows\system32\smss.exe
\Program Files\Citrix\Group Policy\Client-Side Extension\CitrixCseEngine.exe
\Program Files (x86)\Citrix\System32\wfshell.exe
\Program Files (x86)\Citrix\system32\ctxxmlss.exe
\Program Files (x86)\Citrix\System32\CtxSvcHost.exe
\Program Files (x86)\Citrix\system32\mfcom.exe
\Program Files (x86)\Citrix\System32\Citrix\Ima\ImaSrv.exe
\Program Files (x86)\Citrix\System32\Citrix\Ima\IMAAdvanceSrv.exe
\Program Files (x86)\Citrix\HealthMon\HCAService.exe
\Program Files (x86)\Citrix\Streaming Client\RadeSvc.exe
\Program Files (x86)\Citrix\Streaming Client\RadeHlprSvc.exe
\Program Files (x86)\Citrix\Independent Management Architecture\RadeOffline.mdb
\Program Files (x86)\Citrix\Independent Management Architecture\imalhc.mdb

Xen App -Session Host Session Host:

\Windows\system32\spoolsv.exe
\Windows\system32\csrss.exe
\Windows\system32\winlogon.exe
\Windows\system32\userinit.exe
\Windows\system32\smss.exe
\Program Files\Citrix\Group Policy\Client-Side Extension\CitrixCseEngine.exe
\Program Files (x86)\Citrix\System32\wfshell.exe
\Program Files (x86)\Citrix\system32\CpSvc.exe
\Program Files (x86)\Citrix\System32\CtxSvcHost.exe
\Program Files (x86)\Citrix\system32\mfcom.exe
\Program Files (x86)\Citrix\System32\Citrix\Ima\ImaSrv.exe
\Program Files (x86)\Citrix\System32\Citrix\Ima\IMAAdvanceSrv.exe
\Program Files (x86)\Citrix\HealthMon\HCAService.exe
\Program Files (x86)\Citrix\Streaming Client\RadeSvc.exe
\Program Files (x86)\Citrix\Streaming Client\RadeHlprSvc.exe
\Program Files (x86)\Citrix\XTE\bin\XTE.exe
\Program Files (x86)\Citrix\Independent Management Architecture\RadeOffline.mdb
%AppData%\ICAClient\Cache (if using pass-through authentication)

XenDesktop – Controller Controller:

\Windows\system32\csrss.exe
\Windows\system32\winlogon.exe
\Windows\system32\userinit.exe
\Windows\system32\smss.exe

Controller – pre-XenDesktop 7.x:

\Program Files\Citrix\Group Policy\Client-Side Extension\CitrixCseEngine.exe
\Program Files (x86)\Citrix\System32\wfshell.exe
\Program Files (x86)\Citrix\system32\ctxxmlss.exe
\Program Files (x86)\Citrix\System32\CtxSvcHost.exe
\Program Files (x86)\Citrix\system32\mfcom.exe

Windows Server OS Machines – XenDesktop 7.x:

\Windows\system32\spoolsv.exe
\Windows\system32\csrss.exe
\Windows\system32\winlogon.exe
\Windows\system32\userinit.exe
\Windows\system32\smss.exe
\Program Files\Citrix\Group Policy\Client-Side Extension\CitrixCseEngine.exe
\Program Files (x86)\Citrix\System32\wfshell.exe
\Program Files (x86)\Citrix\system32\CpSvc.exe
\Program Files (x86)\Citrix\System32\CtxSvcHost.exe

Ref: