Citrix虚拟桌面安全和防病毒最佳实践(下)

编者按：下篇，咱们主要讨论防病毒排除

防病毒排除

最多见的（一般也是最重要的）防病毒优化是正肯定义全部组件的防病毒排除。虽然有些供应商能够自动检测Citrix组件并应用排除，但对于大多数环境，这是须要在管理控制台中手动配置。

排除一般建议用于实时扫描；可是Citrix建议使用定时扫描和按期扫描，须要排除特定的文件和文件夹。为了减轻任何潜在的性能影响，建议在非业务或非高峰时间执行计划扫描。

排除的文件和文件夹应始终保持完整性。组织应考虑利用商业文件完整性监控或主机***预防解决方案来保护已从实时或访问扫描中排除的文件和文件夹的完整性。值得注意的是，数据库和日志文件不该包括在这种类型的数据完整性监视中，由于这些文件可能会更改。若是必须从实时或访问扫描中排除整个文件夹，Citrix建议密切监视排除文件夹中新文件的建立。

仅扫描本地驱动器-或禁用网络扫描。假设全部远程位置（可能包括承载用户配置文件和重定向文件夹的文件服务器）都受到防病毒和数据完整性解决方案的监控。若是不是这样，建议排除全部已配置计算机访问的网络共享。示例包括托管重定向文件夹或用户配置文件的共享。

建议：与您的供应商和安全团队一块儿审查这些建议。

-检查全部要排除的文件/文件夹，并在建立排除策略以前确认它们存在。

-为不一样的组件实现多个排除策略，而不是为全部组件建立一个大型策略。

-要最小化机会窗口，请实现实时扫描和计划扫描的组合.

Virtual Apps and Desktops 

Delivery Controllers

Files:

• %SystemRoot%ServiceProfilesNetworkServiceHaDatabaseName.mdf (7.12+)

•%SystemRoot%ServiceProfilesNetworkServiceHaImportDatabaseName.mdf (7.12+)

•%SystemRoot%ServiceProfilesNetworkServiceHaDatabaseName_log.ldf (7.12+)

•%SystemRoot%ServiceProfilesNetworkServiceHaImportDatabaseName_log.ldf (7.12+)

Folders:

• %ProgramData%CitrixBrokerCache (7.6+)

Processes:

• %ProgramFiles%CitrixBrokerServiceBrokerService.exe

•%ProgramFiles%CitrixBrokerServiceHighAvailabilityService.exe (7.12+)

• %ProgramFiles%CitrixConfigSyncConfigSyncService.exe (7.12+)

Virtual Delivery Agents

Files:

• %UserProfile%AppDataLocalTempCitrixHDXRTConnector**.txt

Processes:

• %ProgramFiles%CitrixUser Profile ManagerUserProfileManager.exe

• %ProgramFiles%CitrixVirtual Desktop AgentBrokerAgent.exe

• %SystemRoot%System32spoolsv.exe

• %SystemRoot%System32winlogon.exe

• %ProgramFiles%CitrixICAServicepicaSvc2.exe (Desktop OS only)

• %ProgramFiles%CitrixICAServiceCpSvc.exe (Desktop OS only)

Workspace app / Receiver for Windows

Files:

•%UserProfile%AppDataLocalTempCitrixRTMediaEngineSRVMediaEngineSRVDebugLogs**.txt

Processes:

• %ProgramFiles(x86)%CitrixICA ClientMediaEngineService.exe

• %ProgramFiles(x86)%CitrixICA ClientCDViewer.exe

• %ProgramFiles(x86)%CitrixICA Clientconcentr.exe

• %ProgramFiles(x86)%CitrixICA Clientwfica32.exe

• %ProgramFiles(x86)%CitrixICA ClientAuthManagerAuthManSvr.exe

• %ProgramFiles(x86)%CitrixICA ClientSelfServicePluginSelfService.exe

•%ProgramFiles(x86)%CitrixICA ClientSelfServicePluginSelfServicePlugin.exe

Please note that these exclusions for Receiver typically are not needed. We have only seen a need for these in environments when the antivirus is configured with policies that are more strict than usual, or in situations in which multiple security agents are in use simultaneously (AV, DLP, HIP, etc.)

Provisioning

Provisioning Server

Files:

• *.vhd

• *.avhd

• *.vhdx

• *.avhdx

• *.pvp

• *.lok

• %SystemRoot%System32driversCvhdBusP6.sys (Windows Server 2008 R2)

• %SystemRoot%System32driversCVhdMp.sys (Windows Server 2012 R2)

• %SystemRoot%System32driversCfsDep2.sys

• %ProgramData%CitrixProvisioning ServicesTftpbootARDBP32.BIN

Processes:

• %ProgramFiles%CitrixProvisioning ServicesBNTFTP.EXE

• %ProgramFiles%CitrixProvisioning ServicesPVSTSB.EXE

• %ProgramFiles%CitrixProvisioning ServicesStreamService.exe

• %ProgramFiles%CitrixProvisioning ServicesStreamProcess.exe

• %ProgramFiles%CitrixProvisioning Servicessoapserver.exe

• %ProgramFiles%CitrixProvisioning ServicesInventory.exe

• %ProgramFiles%CitrixProvisioning ServicesNotifier.exe

• %ProgramFiles%CitrixProvisioning ServicesMgmntDaemon.exe

• %ProgramFiles%CitrixProvisioning ServicesBNPXE.exe (only if PXE is used)

Provisioning Target Device

Files:

• .vdiskcache

• vdiskdif.vhdx (7.x and above when using RAM cache with overflow)

• %SystemRoot%System32driversnistack6.sys

• %SystemRoot%System32driversCfsDep2.sys

• %SystemRoot%System32driversCVhdBusP6.sys

• %SystemRoot%System32driverscnicteam.sys

• %SystemRoot%System32driversCVhdMp.sys (7.x only)

StoreFront

Files:

•%SystemRoot%ServiceProfilesNetworkServiceAppDataRoamingCitrixSubscriptionsStore**PersistentDictionary.edb

Processes:

•%ProgramFiles%CitrixReceiver StoreFrontServicesSubscriptionsStoreServiceCitrix.DeliveryServices.SubscriptionsStore.ServiceHost.exe

•%ProgramFiles%CitrixReceiver StoreFrontServicesCredentialWalletCitrix.DeliveryServices.CredentialWallet.ServiceHost.exe

Cloud Connector

Files:

• %SystemRoot%ServiceProfilesNetworkServiceHaDatabaseName.mdf

•%SystemRoot%ServiceProfilesNetworkServiceHaImportDatabaseName.mdf

•%SystemRoot%ServiceProfilesNetworkServiceHaDatabaseName_log.ldf

•%SystemRoot%ServiceProfilesNetworkServiceHaImportDatabaseName_log.ldf

Folders:

• %SystemDrive%LogsCDF

• %ProgramData%CitrixWorkspaceCloudLogs

Processes:

• %ProgramFiles%CitrixXaXdCloudProxyXaXdCloudProxy.exe

• %ProgramFiles%CitrixBrokerServiceHighAvailabilityService.exe

• %ProgramFiles%CitrixConfigSyncConfigSyncService.exe

Workspace Environment Management

Processes:

• Norskale Broker Service.exe

• Norskale Broker Service Configuration Utility.exe

• Norskale Database Management Utility.exe

参考

Citrix Ready Workspace Security Program

Citrix Guidelines for Antivirus Software Configuration

Provisioning Services Antivirus Best Practices

Antivirus layering with Citrix App Layering