编者按:下篇,咱们主要讨论防病毒排除 数据库
防病毒排除 安全
最多见的(一般也是最重要的)防病毒优化是正肯定义全部组件的防病毒排除。虽然有些供应商能够自动检测Citrix组件并应用排除,但对于大多数环境,这是须要在管理控制台中手动配置。 服务器
排除一般建议用于实时扫描;可是Citrix建议使用定时扫描和按期扫描,须要排除特定的文件和文件夹。为了减轻任何潜在的性能影响,建议在非业务或非高峰时间执行计划扫描。 网络
排除的文件和文件夹应始终保持完整性。组织应考虑利用商业文件完整性监控或主机***预防解决方案来保护已从实时或访问扫描中排除的文件和文件夹的完整性。值得注意的是,数据库和日志文件不该包括在这种类型的数据完整性监视中,由于这些文件可能会更改。若是必须从实时或访问扫描中排除整个文件夹,Citrix建议密切监视排除文件夹中新文件的建立。 app
仅扫描本地驱动器-或禁用网络扫描。假设全部远程位置(可能包括承载用户配置文件和重定向文件夹的文件服务器)都受到防病毒和数据完整性解决方案的监控。若是不是这样,建议排除全部已配置计算机访问的网络共享。示例包括托管重定向文件夹或用户配置文件的共享。 ide
建议:与您的供应商和安全团队一块儿审查这些建议。 性能
-检查全部要排除的文件/文件夹,并在建立排除策略以前确认它们存在。 优化
-为不一样的组件实现多个排除策略,而不是为全部组件建立一个大型策略。 ui
-要最小化机会窗口,请实现实时扫描和计划扫描的组合. spa
Virtual Apps and Desktops
Delivery Controllers
Files:
• %SystemRoot%ServiceProfilesNetworkServiceHaDatabaseName.mdf (7.12+)
•%SystemRoot%ServiceProfilesNetworkServiceHaImportDatabaseName.mdf (7.12+)
•%SystemRoot%ServiceProfilesNetworkServiceHaDatabaseName_log.ldf (7.12+)
•%SystemRoot%ServiceProfilesNetworkServiceHaImportDatabaseName_log.ldf (7.12+)
Folders:
• %ProgramData%CitrixBrokerCache (7.6+)
Processes:
• %ProgramFiles%CitrixBrokerServiceBrokerService.exe
•%ProgramFiles%CitrixBrokerServiceHighAvailabilityService.exe (7.12+)
• %ProgramFiles%CitrixConfigSyncConfigSyncService.exe (7.12+)
Virtual Delivery Agents
Files:
• %UserProfile%AppDataLocalTempCitrixHDXRTConnector**.txt
Processes:
• %ProgramFiles%CitrixUser Profile ManagerUserProfileManager.exe
• %ProgramFiles%CitrixVirtual Desktop AgentBrokerAgent.exe
• %SystemRoot%System32spoolsv.exe
• %SystemRoot%System32winlogon.exe
• %ProgramFiles%CitrixICAServicepicaSvc2.exe (Desktop OS only)
• %ProgramFiles%CitrixICAServiceCpSvc.exe (Desktop OS only)
Workspace app / Receiver for Windows
Files:
•%UserProfile%AppDataLocalTempCitrixRTMediaEngineSRVMediaEngineSRVDebugLogs**.txt
Processes:
• %ProgramFiles(x86)%CitrixICA ClientMediaEngineService.exe
• %ProgramFiles(x86)%CitrixICA ClientCDViewer.exe
• %ProgramFiles(x86)%CitrixICA Clientconcentr.exe
• %ProgramFiles(x86)%CitrixICA Clientwfica32.exe
• %ProgramFiles(x86)%CitrixICA ClientAuthManagerAuthManSvr.exe
• %ProgramFiles(x86)%CitrixICA ClientSelfServicePluginSelfService.exe
•%ProgramFiles(x86)%CitrixICA ClientSelfServicePluginSelfServicePlugin.exe
Please note that these exclusions for Receiver typically are not needed. We have only seen a need for these in environments when the antivirus is configured with policies that are more strict than usual, or in situations in which multiple security agents are in use simultaneously (AV, DLP, HIP, etc.)
Provisioning
Provisioning Server
Files:
• *.vhd
• *.avhd
• *.vhdx
• *.avhdx
• *.pvp
• *.lok
• %SystemRoot%System32driversCvhdBusP6.sys (Windows Server 2008 R2)
• %SystemRoot%System32driversCVhdMp.sys (Windows Server 2012 R2)
• %SystemRoot%System32driversCfsDep2.sys
• %ProgramData%CitrixProvisioning ServicesTftpbootARDBP32.BIN
Processes:
• %ProgramFiles%CitrixProvisioning ServicesBNTFTP.EXE
• %ProgramFiles%CitrixProvisioning ServicesPVSTSB.EXE
• %ProgramFiles%CitrixProvisioning ServicesStreamService.exe
• %ProgramFiles%CitrixProvisioning ServicesStreamProcess.exe
• %ProgramFiles%CitrixProvisioning Servicessoapserver.exe
• %ProgramFiles%CitrixProvisioning ServicesInventory.exe
• %ProgramFiles%CitrixProvisioning ServicesNotifier.exe
• %ProgramFiles%CitrixProvisioning ServicesMgmntDaemon.exe
• %ProgramFiles%CitrixProvisioning ServicesBNPXE.exe (only if PXE is used)
Provisioning Target Device
Files:
• .vdiskcache
• vdiskdif.vhdx (7.x and above when using RAM cache with overflow)
• %SystemRoot%System32driversnistack6.sys
• %SystemRoot%System32driversCfsDep2.sys
• %SystemRoot%System32driversCVhdBusP6.sys
• %SystemRoot%System32driverscnicteam.sys
• %SystemRoot%System32driversCVhdMp.sys (7.x only)
StoreFront
Files:
•%SystemRoot%ServiceProfilesNetworkServiceAppDataRoamingCitrixSubscriptionsStore**PersistentDictionary.edb
Processes:
•%ProgramFiles%CitrixReceiver StoreFrontServicesSubscriptionsStoreServiceCitrix.DeliveryServices.SubscriptionsStore.ServiceHost.exe
•%ProgramFiles%CitrixReceiver StoreFrontServicesCredentialWalletCitrix.DeliveryServices.CredentialWallet.ServiceHost.exe
Cloud Connector
Files:
• %SystemRoot%ServiceProfilesNetworkServiceHaDatabaseName.mdf
•%SystemRoot%ServiceProfilesNetworkServiceHaImportDatabaseName.mdf
•%SystemRoot%ServiceProfilesNetworkServiceHaDatabaseName_log.ldf
•%SystemRoot%ServiceProfilesNetworkServiceHaImportDatabaseName_log.ldf
Folders:
• %SystemDrive%LogsCDF
• %ProgramData%CitrixWorkspaceCloudLogs
Processes:
• %ProgramFiles%CitrixXaXdCloudProxyXaXdCloudProxy.exe
• %ProgramFiles%CitrixBrokerServiceHighAvailabilityService.exe
• %ProgramFiles%CitrixConfigSyncConfigSyncService.exe
Workspace Environment Management
Processes:
• Norskale Broker Service.exe
• Norskale Broker Service Configuration Utility.exe
• Norskale Database Management Utility.exe
参考
Citrix Ready Workspace Security Program
Citrix Guidelines for Antivirus Software Configuration
Provisioning Services Antivirus Best Practices
Antivirus layering with Citrix App Layering