Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Citrix SEP 12 Recommendations

Created: 31 Jan 2013 • Updated: 21 Feb 2013 | 3 comments
This issue has been solved. See solution.

Hello,

Our XEN / Citrix administrator is referring us to this link on Citrix's website that was last updated on January 4th of this year.  Below is the summary of the recommendation that is from Citrix that we are considering.  My question is:  Are these exceptions still required with the latest SEP 12 RU 2?  or are these built in so that the client is Citrix aware?  Thank you!

 

Exclude the pagefile from being scanned.

•              Exclude the Print Spooler directory from being scanned.  

•              Exclude specific files and folders within the \Program Files\Citrix directory that are accessed heavily or modified frequently. Including, the Local Host Cache (imalhc.mdb).   The local Resource Manager Summary Database file (RMLocalDatabase.mdb) might also need to be excluded from the \Citrix Resource Manager\LocalDB sub-directory.   While entire directories can be excluded, it should be noted that this is not considered a best practice by most antivirus vendors. In high-security environments, organizations should consider excluding specific files using exact names, such as ‘imalhc.mdb’. If exact file names cannot be used, Citrix recommends using wildcard exclusions to limit the attack surface area.

•              If pass-through authentication is being used, for example in a XenDesktop or Shared Hosted desktop scenario, exclude the XenApp Online Plug-in bitmap cache directory (typically %AppData%\ICAClient\Cache).

Comments 3 CommentsJump to latest comment

.Brian's picture

Check this guide as well

Best Practices for Symantec Endpoint Protection on Citrix and Terminal Servers

Article:TECH91070  |  Created: 2008-01-24  |  Updated: 2012-12-20  |  Article URL http://www.symantec.com/docs/TECH91070

 

AttachmentSize
SEP_Citrix-Terminal_Servers.pdf 494.95 KB

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Adamster's picture

Thank you for that link, I should have mentioned in my orignal post that I have already been to that link, the problem is that the pdf that link refers to is for SEP 11, my question is are these still needed in SEP 12 RU 2?

.Brian's picture

Yes these still apply to 12.1.2

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SOLUTION