Video Screencast Help

SEP 12.1.2 Best Practices on Citrix Virtual Desktops ( Provisioning Services) -Part 1-

Created: 25 Jun 2013 • Updated: 11 Jun 2014 | 12 comments
Language Translations
Rodrigo Calvo's picture
+20 20 Votes
Login to vote

A few days ago I did a little research about possible configurations when we are using SEP 12.1.2 under Citrix Provisioning Services.

I share with you the first part of this research that used as a sources: Citrix and Symantec web sites.

Scenario 1


  • The Target Device seems sluggish or generally slower than normal after installing or upgrading your antivirus client.
  • You notice prolonged high CPU use.
  • You notice a significant change in the write cache Disk I/O Performance. For example, if the percentage of disk write time or disk write queue length increase significantly.

Best Practices:

  • Set up the Manager content revisions to at least 45
  • Create a new SEPM Domain for just the Citrix Virtual Desktops ( Provisioning Services)
  • Create a new Group in this new SEPM Domain (For example could be: My Company>Default>Citrix Environment
  • Move from the old Domain all the Citrix Virtual Desktops to the new
  • --> At this point you could have two situations:
  • ----> Fresh Installation:
  • ---------> Then Create the Domain and add the SEP clients directly
  • ----> Existing Installation:
  • ---------> Then Use SylinkDrop
  • ---------------> it is recommended that you use the SylinkDrop included on the second installation download (Tools and Documents, \Tools\SylinkDrop)
  • ---------------> Or Export Communication Settings from the group recently created ( Citrix Environment)
  • In the Group for Citrix Environment set the communicatiosn to
      • Use Pull Mode
      • Use a Heartbeat of 120 minutes
      • Enable Download Randomization
  • Exclude the following files/process/drivers from all types of Scanning
    •  Write Cache
    • Process: BNDevice.exe
    • Following Drivers: BNNS.sys, BNNF.sys, BNPort.sys, bnistack.sys, and BNITDI.sys  ó bnistack6.sys,CvhdBusP6.sys, CFsDep2 .sys
      • Can be found at:   <systemroot>\windows\system32\drivers
    • At Provisioning Service:
      • StreamService.exe, StreamProcess.exe and the soapserver.exe
  • Apply  Virtual Exception Tool
  • Use Active Scan instead of  Full --> Update June 2014:  Some colleagues told me that a Schedule Scan ( Active, Full, etc) could not be necessary with an implemented Virtual Desktops environment, the reason?  Virtual Desktops Image will return to a basic state when the user shut down the terminal. That means a schedule or ondemand probably will review the same files every time.
    But ... Remember, if you do a new Base/Master Image,,, it's highly recommended that before deployment you execute a Full Scan to the image.
  • Enable Random  Scan  in the Antivirus Policy of this Group
  • Enable Shared Insight Cache

I hope this helps

Information Source :

 Virtualization Best Practices

Comments 12 CommentsJump to latest comment

Mithun Sanghavi's picture


This is such a wonderful and much needed series of Best Practice..!! 

Thank you.

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Login to vote
Ambesh_444's picture

Nice one it will going to help us....Grt one.

Thumbsup !!

Thank& Regards,


"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as   solved."

Login to vote
RicheeDiaz's picture

Thank you.Wonderful and to the point.



Login to vote
Rao's picture

1 up for being precise and informative.

Thanks and Regards,


Login to vote
Chetan Savade's picture

Nice job.

Chetan Savade
Social Media Support Lead
Enterprise Technical Support

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Login to vote
John Santana's picture

Thanks for the posting here man !

Kind regards,

John Santana
IT Professional


The author cannot accept liability for any loss or damage sustained as a result of the content of this post.

Login to vote