10-31-2023 09:08 AM
Hello, does anyone know if there is any document that tells us which folders and subfolders we should exclude from XDR when using Citrix and VMware Horizon with non-persistent VDI?
In Palo Alto's documentation, I don't see anything specific except for the app layers. However, both Citrix and VMware request the exclusion of many folders from the AV system. Can someone help?
11-01-2023 05:04 AM - edited 11-01-2023 05:08 AM
Hi @tlmarques ,
Thank you for writing to live community!
Besides what @aspatil mentioned, it really depends on Citrix variants that are available in your infrastructure. For example, there are some types of Citrix devices as below:
Storefront
Cloud Connector
Receiver for Windows
HVD Servers etc.
Based on the above and there could be many more, some whitelists that are generally made in Pre-execution modules of Cortex XDR Malware Profiles could be under the Citrix folders(eg. C:\ProgramData\Citrix\*,C:\Program Files (x86)\Citrix\*,C:\Program Files\Citrix\*)
However, we know that these are very broad whitelists and hence, you can ask your vendor to provide you with more granular whitelists which would definitely be a good use case to make under scanning and pre-execution allowlists.
Hope this helps. Please mark the response as "Accept as Solution" if it answers your query.
Regards
11-01-2023 01:13 AM
Hello Tiago,
Thank you for writing to Live community.
Could you please refer below article and discussion and let me know if that helps.
Please mark the response as "Accept as Solution" if it answers your query.
Regards.
11-01-2023 05:04 AM - edited 11-01-2023 05:08 AM
Hi @tlmarques ,
Thank you for writing to live community!
Besides what @aspatil mentioned, it really depends on Citrix variants that are available in your infrastructure. For example, there are some types of Citrix devices as below:
Storefront
Cloud Connector
Receiver for Windows
HVD Servers etc.
Based on the above and there could be many more, some whitelists that are generally made in Pre-execution modules of Cortex XDR Malware Profiles could be under the Citrix folders(eg. C:\ProgramData\Citrix\*,C:\Program Files (x86)\Citrix\*,C:\Program Files\Citrix\*)
However, we know that these are very broad whitelists and hence, you can ask your vendor to provide you with more granular whitelists which would definitely be a good use case to make under scanning and pre-execution allowlists.
Hope this helps. Please mark the response as "Accept as Solution" if it answers your query.
Regards
11-17-2023 06:51 AM
I've put the whitelist you share (eg. C:\ProgramData\Citrix\*,C:\Program Files (x86)\Citrix\*,C:\Program Files\Citrix\*) on "Portable Executable and DLL Examination"
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
