Citrix虛擬桌面安全和防病毒最佳實踐(下)

編者按：下篇，咱們主要討論防病毒排除

防病毒排除

最多見的（一般也是最重要的）防病毒優化是正肯定義全部組件的防病毒排除。雖然有些供應商能夠自動檢測Citrix組件並應用排除，但對於大多數環境，這是須要在管理控制檯中手動配置。

排除一般建議用於實時掃描；可是Citrix建議使用定時掃描和按期掃描，須要排除特定的文件和文件夾。爲了減輕任何潛在的性能影響，建議在非業務或非高峯時間執行計劃掃描。

排除的文件和文件夾應始終保持完整性。組織應考慮利用商業文件完整性監控或主機***預防解決方案來保護已從實時或訪問掃描中排除的文件和文件夾的完整性。值得注意的是，數據庫和日誌文件不該包括在這種類型的數據完整性監視中，由於這些文件可能會更改。若是必須從實時或訪問掃描中排除整個文件夾，Citrix建議密切監視排除文件夾中新文件的建立。

僅掃描本地驅動器-或禁用網絡掃描。假設全部遠程位置（可能包括承載用戶配置文件和重定向文件夾的文件服務器）都受到防病毒和數據完整性解決方案的監控。若是不是這樣，建議排除全部已配置計算機訪問的網絡共享。示例包括託管重定向文件夾或用戶配置文件的共享。

建議：與您的供應商和安全團隊一塊兒審查這些建議。

-檢查全部要排除的文件/文件夾，並在建立排除策略以前確認它們存在。

-爲不一樣的組件實現多個排除策略，而不是爲全部組件建立一個大型策略。

-要最小化機會窗口，請實現實時掃描和計劃掃描的組合.

Virtual Apps and Desktops 

Delivery Controllers

Files:

• %SystemRoot%ServiceProfilesNetworkServiceHaDatabaseName.mdf (7.12+)

•%SystemRoot%ServiceProfilesNetworkServiceHaImportDatabaseName.mdf (7.12+)

•%SystemRoot%ServiceProfilesNetworkServiceHaDatabaseName_log.ldf (7.12+)

•%SystemRoot%ServiceProfilesNetworkServiceHaImportDatabaseName_log.ldf (7.12+)

Folders:

• %ProgramData%CitrixBrokerCache (7.6+)

Processes:

• %ProgramFiles%CitrixBrokerServiceBrokerService.exe

•%ProgramFiles%CitrixBrokerServiceHighAvailabilityService.exe (7.12+)

• %ProgramFiles%CitrixConfigSyncConfigSyncService.exe (7.12+)

Virtual Delivery Agents

Files:

• %UserProfile%AppDataLocalTempCitrixHDXRTConnector**.txt

Processes:

• %ProgramFiles%CitrixUser Profile ManagerUserProfileManager.exe

• %ProgramFiles%CitrixVirtual Desktop AgentBrokerAgent.exe

• %SystemRoot%System32spoolsv.exe

• %SystemRoot%System32winlogon.exe

• %ProgramFiles%CitrixICAServicepicaSvc2.exe (Desktop OS only)

• %ProgramFiles%CitrixICAServiceCpSvc.exe (Desktop OS only)

Workspace app / Receiver for Windows

Files:

•%UserProfile%AppDataLocalTempCitrixRTMediaEngineSRVMediaEngineSRVDebugLogs**.txt

Processes:

• %ProgramFiles(x86)%CitrixICA ClientMediaEngineService.exe

• %ProgramFiles(x86)%CitrixICA ClientCDViewer.exe

• %ProgramFiles(x86)%CitrixICA Clientconcentr.exe

• %ProgramFiles(x86)%CitrixICA Clientwfica32.exe

• %ProgramFiles(x86)%CitrixICA ClientAuthManagerAuthManSvr.exe

• %ProgramFiles(x86)%CitrixICA ClientSelfServicePluginSelfService.exe

•%ProgramFiles(x86)%CitrixICA ClientSelfServicePluginSelfServicePlugin.exe

Please note that these exclusions for Receiver typically are not needed. We have only seen a need for these in environments when the antivirus is configured with policies that are more strict than usual, or in situations in which multiple security agents are in use simultaneously (AV, DLP, HIP, etc.)

Provisioning

Provisioning Server

Files:

• *.vhd

• *.avhd

• *.vhdx

• *.avhdx

• *.pvp

• *.lok

• %SystemRoot%System32driversCvhdBusP6.sys (Windows Server 2008 R2)

• %SystemRoot%System32driversCVhdMp.sys (Windows Server 2012 R2)

• %SystemRoot%System32driversCfsDep2.sys

• %ProgramData%CitrixProvisioning ServicesTftpbootARDBP32.BIN

Processes:

• %ProgramFiles%CitrixProvisioning ServicesBNTFTP.EXE

• %ProgramFiles%CitrixProvisioning ServicesPVSTSB.EXE

• %ProgramFiles%CitrixProvisioning ServicesStreamService.exe

• %ProgramFiles%CitrixProvisioning ServicesStreamProcess.exe

• %ProgramFiles%CitrixProvisioning Servicessoapserver.exe

• %ProgramFiles%CitrixProvisioning ServicesInventory.exe

• %ProgramFiles%CitrixProvisioning ServicesNotifier.exe

• %ProgramFiles%CitrixProvisioning ServicesMgmntDaemon.exe

• %ProgramFiles%CitrixProvisioning ServicesBNPXE.exe (only if PXE is used)

Provisioning Target Device

Files:

• .vdiskcache

• vdiskdif.vhdx (7.x and above when using RAM cache with overflow)

• %SystemRoot%System32driversnistack6.sys

• %SystemRoot%System32driversCfsDep2.sys

• %SystemRoot%System32driversCVhdBusP6.sys

• %SystemRoot%System32driverscnicteam.sys

• %SystemRoot%System32driversCVhdMp.sys (7.x only)

StoreFront

Files:

•%SystemRoot%ServiceProfilesNetworkServiceAppDataRoamingCitrixSubscriptionsStore**PersistentDictionary.edb

Processes:

•%ProgramFiles%CitrixReceiver StoreFrontServicesSubscriptionsStoreServiceCitrix.DeliveryServices.SubscriptionsStore.ServiceHost.exe

•%ProgramFiles%CitrixReceiver StoreFrontServicesCredentialWalletCitrix.DeliveryServices.CredentialWallet.ServiceHost.exe

Cloud Connector

Files:

• %SystemRoot%ServiceProfilesNetworkServiceHaDatabaseName.mdf

•%SystemRoot%ServiceProfilesNetworkServiceHaImportDatabaseName.mdf

•%SystemRoot%ServiceProfilesNetworkServiceHaDatabaseName_log.ldf

•%SystemRoot%ServiceProfilesNetworkServiceHaImportDatabaseName_log.ldf

Folders:

• %SystemDrive%LogsCDF

• %ProgramData%CitrixWorkspaceCloudLogs

Processes:

• %ProgramFiles%CitrixXaXdCloudProxyXaXdCloudProxy.exe

• %ProgramFiles%CitrixBrokerServiceHighAvailabilityService.exe

• %ProgramFiles%CitrixConfigSyncConfigSyncService.exe

Workspace Environment Management

Processes:

• Norskale Broker Service.exe

• Norskale Broker Service Configuration Utility.exe

• Norskale Database Management Utility.exe

參考

Citrix Ready Workspace Security Program

Citrix Guidelines for Antivirus Software Configuration

Provisioning Services Antivirus Best Practices

Antivirus layering with Citrix App Layering