Guidelines on configuring Kaspersky Anti-Virus 8.0 for Windows Servers Enterprise Edition working on the same server as Citrix XenApp

 

Kaspersky Anti-Virus 8.0 for Windows Servers Enterprise Edition

 
 
 

Guidelines on configuring Kaspersky Anti-Virus 8.0 for Windows Servers Enterprise Edition working on the same server as Citrix XenApp

Back to "Settings / How to"
2013 Apr 12 ID: 9839
 
 
 
 

This article presents Citrix experts' recommendations on configuring the anti-virus application installed on the same server as Citrix XenApp. The recommendations have been adapted for Kaspersky Anti-Virus 8.0 for Windows Servers Enterprise Edition.

  • In the Real-time file protection task, select the Smart mode of protection (right-click the Real-time file protection task > Properties > the Protection mode tab).
  • In the Real-time file protection task, set scanning of local disks only.
  • In the Real-time file protection task, exclude the pagefile from scanning.
  • In the Real-time file protection task, exclude Print Spooler directory from scanning to speed up the task processing.
    If you agreed to add certain system folders to the Trusted zone (as recommended by Microsoft) when installing Anti-Virus, then this directory has been already excluded from scanning by all Anti-Virus tasks.
  • In the Real-time file protection task, exclude the \Program Files\Citrix folder from scanning. This folder contains access cache of local hosts and the Resource Manager database. It is also recommended to exclude subfolders: \Citrix Resource Manager\LocalDB, \RadeCache and \Deploy.
  • When using ICA pass-through connections, exclude the Presentation Server Client folder and the folder for the bitmap image cache (Documents and Settings\<user _account>\Application Data\ICAClient\Cache) from scanning by the local anti-virus installed on client computers.
  • If users are connecting to a server's published desktop, delete the loading parameter of the Anti-Virus system panel (kavtray.exe) from the following system registry branch HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Run  on a server in order to improve the performance of the server clients.
  • In the trusted zone of Kaspersky Anti-Virus, disable scanning of files that are accessed during the backup copy creation (enable the Do not check files backup operations check box on the Trusted processes tab).

    Exclude the following files from scanning:

    • <sytemroot>windows\system32\drivers\BNNS.sys
    • <sytemroot>windows\system32\drivers\BNNF.sys
    • <sytemroot>windows\system32\drivers\BNPort.sys
    • <sytemroot>windows\system32\drivers\BNNS6.sys
    • <sytemroot>windows\system32\drivers\bnistack.sys
    • ctxcpusched.exe - Citrix XenApp process
  • Add BNDevice.exe to the trusted processes. 
  • In case of using EdgeSight Agent, it is recommended to exclude from scanning:
    • AllUsersProfile\Application Data\Citrix\System Monitoring\Data
    • ProgramFiles\Citrix\System Monitoring\Agent\Core\rscorsvc.exe
    • ProgramFiles\Citrix\System Monitoring\Agent\Core\Firebird\bin\fbserver.exe

 Citrix experts recommend performing a full test cycle on a test rig prior to installing the anti-virus application on the main server.

 
 
 
 
Was this information helpful?
Yes No
Thank you
 

 
 

How can we improve this article?

Your feedback will be used for content improvement purposes only. If you need assistance, please contact technical support.

Submit Submit

Thank you for your feedback!

Your suggestions will help improve this article.

OK