This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Cortex XDR on Citrix non-persistent multi-user server

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Cortex XDR on Citrix non-persistent multi-user server

Remo
L7 Applicator

‎11-19-2024 01:32 PM

Hi community

Quite often we have issues with cortex xdr on citrix infrastructure. Currently meinly with windows server 2022 we are in the situation where it is not possible to run cortex at all because of possibel servercrashes which are not yet analyzed and resolved. So we needed to - at least temporary - change to microsoft defender. I wanted to ask here what are your solutions to let cortex xdr run properly on citrix servers without bothering the user too much? Do you use exceptions for different paths or specific configurations?
Would be great to collect some informations on how to do this properly as I assume this could also help others here.

 

Looking forward to your replies 🙂
Remo

0 Likes Likes
4 REPLIES 4

jmazzeo
L5 Sessionator

‎11-22-2024 10:00 AM

Hi @Remo, thanks for reaching us using the Live Community.

 

Have you installed the agents following our specific procedure fore VDI environments?: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/8.6/Cortex-XDR-Agent-Administrator-Guide/Corte...

 

Pay attention to this note in the linked doc:

jmazzeo_0-1732298433429.png

 

If this post answers your question, please mark it as the solution.

 

JM

Remo
L7 Applicator
In response to jmazzeo

‎11-22-2024 04:49 PM

Hi @jmazzeo 

Thanks for your answer. Yes we installed cortex according to this document. But on server 2022 we still have big issues. At least until version 8.5.0.

We actually always used the TS_ENABLED=1 param for these multi-user servers, but TAC told us to use the VDI_ENABLED=1 option for out installation, so since about 2 month. Which option would you recommend and are there other hints on how to successfully use cortex xdr on citrix servers?

 

0 Likes Likes

E.Jafarov
L2 Linker

‎11-22-2024 09:56 PM

Hi  Remo 

You can disable event collector ("cytool event_collection disable")  to reduce CPU usage if high. If does not work , you could create support ticket. The support team will provide YARA rule to map exception profiles, but protection capability performance will reduce slightly

SmartIT
0 Likes Likes

Remo
L7 Applicator
In response to E.Jafarov

‎11-23-2024 12:07 AM

@E.Jafarov to be honest, this does not really help. The issues we have seem to be quite complex as support so far is still analyzing the issue. It is not only the high cpu (even if disabling event collection is also not a solution as if you have cortex xdr you probably want this feature), the servers simply and then need to rebooted. Which results in hours of work lost for our customers every time it happens ...

0 Likes Likes
  • 141 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks