CTX114522 - Antivirus Software Configuration Guidelines for Seite 1 von 2

CTX114522 - Antivirus Software Configuration Guidelines for Presentation Server

This document was published at: http://support.citrix.com/article/CTX114522

Document ID: CTX114522, Created on: Sep 5, 2007, Updated: Sep 6, 2007

Products: Citrix Access Essentials 2.0, Citrix Access Essentials 1.5, Citrix Access Essentials 1.0, Citrix MetaFrame Presentation Server 3.0 for Microsoft Windows 2000, Citrix
MetaFrame Presentation Server 3.0 for Microsoft Windows 2003, Citrix Presentation Server 4.0 for Microsoft Windows 2000, Citrix Presentation Server 4.0 for Microsoft Windows
2003, Citrix Presentation Server 4.5 for Windows Server 2003 Russian Edition, Citrix Presentation Server 4.5 for Windows Server 2003, Citrix Presentation Server 4.5 for Windows
Server 2003 Feature Pack 1, Citrix Presentation Server 4.5 for Windows Server 2003 x64 Edition

Summary
This article provides guidelines for configuring an antivirus software solution on a server running Citrix Presentation Server.
Antivirus Software Configuration Guidelines for Presentation Server
Citrix recommends consulting the antivirus software solution vendor for any specific settings they could recommend when using their
solution with Presentation Server.
Based on Citrix Consulting experience, the antivirus software should be configured as follows:
• Scan on write events only
• Scan local drives only
• Exclude the pagefile from being scanned
• Exclude the Print Spooler directory to improve print performance
• Exclude the \Program Files\Citrix folder from being scanned (the heavily accessed local host cache and Resource Manager local
database are contained inside this folder)

http://support.citrix.com/article/CTX114522&printable=true 14.09.2007
CTX114522 - Antivirus Software Configuration Guidelines for Seite 2 von 2

• If ICA pass-through connections are used, exclude the user‘s Presentation Server Client bitmap cache and the Presentation Server
Client folders
• If users are connecting to a published desktop, Citrix recommends removing the antivirus-related calls from the
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Run registry key to improve performance
Every antivirus engine update should be installed and tested in a controlled test environment before deployment to the production
environment.
Administrators should perform scalability testing to determine the impact of their chosen antivirus product.
Because scanning does use some server resources, there is some impact on the number of users that can successfully access each
server.
More secure environments, such as banks, may need to scan all incoming and outgoing data, whereas many enterprises find that only
scanning incoming data may be sufficient.
The decision as to what is scanned should be determined by the enterprise security manager.
Backing up a server running Presentation Server while scanning the outbound data can slow down the backup process immensely.
More Information
CTX106674 – Citrix Presentation Server 4.0 and Symantec AntiVirus Corporate Edition 9.x Supporting Test Results
CTX113486 – Error: SYMANTEC TAMPER PROTECTION ALERT Points to CPU Utilization Management Executables
CTX108897 – Error 10001: Installation of MetaFrame Presentation Server failed
CTX114084 – Roaming Profiles Persist and are Not Saved Correctly Through a Terminal Server Session to Windows Server 2003
CTX114137 – Presentation Server Becomes Unresponsive When Using Trend Micro OfficeScan or ServerProtect
Multiple instances of ShStat.exe, UpdaterUI.exe and TBMon.exe running in the Process List on the Citrix server

©1999-2007 Citrix Systems, Inc. All Rights Reserved

http://support.citrix.com/article/CTX114522&printable=true 14.09.2007