Recommendations on configuring Kaspersky Security 10.x for Windows Server on the same server as Citrix XenApp

 

Kaspersky Security 10.x for Windows Server

 
 
 

Recommendations on configuring Kaspersky Security 10.x for Windows Server on the same server as Citrix XenApp

Back to "Settings and Features"
Latest update: September 29, 2020 ID: 9839
 
 
 
 

This article concerns:

  • Kaspersky Security 10.1.2 for Windows Server
  • Kaspersky Security 10.1.1 for Windows Server
  • Kaspersky Security 10.1.0 for Windows Server
 
 
 
 

This article provides Citrix experts' recommendations on configuring the antivirus application installed on the same server as Citrix XenApp. The recommendations have been adapted for Kaspersky Security for Windows Server.

  • If Citrix uses pass-through authentication, in the Real-time file protection and File Threat Protection tasks (tasks can be named differently, see the documentation for the antivirus application on the client device), exclude the following folders from scanning:
    • %ProgramFiles%\Citrix\ICA Client\Presentation Server Client
    • %UserProfile%\Application Data\ICAClient\Cache
  • If users are connecting to a server's published desktop, delete the kavtray.exe parameter from the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Run system registry key on a server.
  • In the Trusted Zone of Kaspersky Security, disable scanning of files that are accessed during the backup copy creation. To do so, go to the Trusted processes tab and select the Do not check files backup operations checkbox. Exclude the following files from scanning:
    • %SystemRoot%\system32\drivers\BNNS.sys
    • %SystemRoot%\system32\drivers\BNNF.sys
    • %SystemRoot%\system32\drivers\BNPort.sys
    • %SystemRoot%\system32\drivers\BNNS6.sys
    • %SystemRoot%\system32\drivers\bnistack.sys
    • ctxcpusched.exe
    • BNDevice.exe

We recommend the following settings for the Real-time file protection task:

  • Select the Smart mode of protection. To do so:
    1. Open the Kaspersky Security for Windows Server Console.
    2. Right-click the Real-time file protection node and select Properties.
    3. Go to the Protection mode tab and select Smart mode.
  • Set scanning of local drives only. To do so, in the Real-time file protection section, add the Local hard drives protection scope and remove My computer.
  • Add the pagefile.sys file to the exclusions. For instructions on how to add files or folders to exclusions, see this article.
  • Add the %SystemRoot%\System32\spool\PRINTERS folder to the exclusions.
If during the installation of Kaspersky Security for Windows Server you agreed to add some system folders to the Trusted Zone (according to Microsoft recommendations), that folders are already excluded from scanning for all tasks.
  • Add the %ProgramFiles%\Citrix folder to the exclusions.
    It stores the access cache of local hosts and the Resource Manager database. We also recommend to exclude from scanning the following internal folders:
    • %ProgramFiles%\Citrix\Citrix Resource Manager\LocalDB
    • %ProgramFiles%\Citrix\RadeCache
    • %ProgramFiles%\Citrix\Deploy
  • If you are using EdgeSight Agent, exclude from scanning the following files and folders:
    • %AllUsersProfile%\Application Data\Citrix\System Monitoring\Data
    • %ProgramFiles%\Citrix\System Monitoring\Agent\Core\rscorsvc.exe
    • %ProgramFiles\Citrix%\System Monitoring\Agent\Core\Firebird\bin\fbserver.exe
We recommend performing a full test cycle on a test rig prior to installing the application on the main server.

For more information and recommendations on managing exclusions for other applications, see the Citrix support website.

 
 
 
 
Was this information helpful?
Yes No
Thank you
 

 
 

How can we improve this article?

Your feedback will be used for content improvement purposes only. If you need assistance, please contact technical support.

Submit Submit

Thank you for your feedback!

Your suggestions will help improve this article.

OK