App Protection Citrix

Posted on by



downloadWhy can't I download this file?

Applicable Products

  • Citrix Virtual Apps and Desktops
  • CloudPlatform
  • Citrix Cloud

Symptoms or Error

  • You notice that Citrix Broker service is not present in Services console.
  • BrokerService.exe is also missing from c:program filesCitrixBrokerServices
  • The issue is seen with multiple Windows Defender Versions
    installed on Delivery Controllers.
  • Citrix Studio states - re-enter the delivery controller address with Error 'Could not contact the Broker Service.'

Solution

Citrix is aware of a potential issue impacting the Citrix Broker and Citrix HighAvailability services on the Delivery Controllers and Citrix Cloud Connectors respectively with Microsoft Defender installed. Please see the following article for best practices to configure Microsoft Windows Defender: https://docs.citrix.com/en-us/tech-zone/build/tech-papers/antivirus-best-practices.html.
On-Premises Deployment
Microsoft has released an updated Antivirus Definition 1.321.1341.0 to address this issue.
Please follow the below steps to clear the current cache and trigger an update, use a batch script that runs the following commands as an administrator:
cd %ProgramFiles%Windows Defender
MpCmdRun.exe -removedefinitions -dynamicsignatures
MpCmdRun.exe -SignatureUpdateApp
Reference :
https://www.microsoft.com/en-us/wdsi/defenderupdates
If you continue to see the issue, please follow the below workarounds:
Workaround 1
The following steps can help restore the service:

App Protection Citrix Workspace

  1. Restore the quarantined files from Windows Defender by following this article: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus
  2. This includes the Citrix Broker Service, the Citrix High Availability Service and the Citrix Configuration Sync service.
  1. Change the Log On for these services to Network Service.
  2. Apply the exclusion list described in the article: https://docs.citrix.com/en-us/tech-zone/build/tech-papers/antivirus-best-practices.html.
  3. Reboot the Citrix Delivery Controller machine
Try the below steps if the above workaround does not resolve the issue.
Workaround 2
  1. Mount the Citrix Virtual Apps and Desktop ISO.
  2. Navigate to the 'x64Citrix Desktop Delivery Controller' folder.
  3. Right ClickBroker_Service_x64.msi and choose Repair.
  4. During the Repair, add the BrokerService.exe and the HighAvailabilityService.exe to the exclusion list in Microsoft Windows Defender Pop-up wizard.
  5. If Microsoft Windows Defender Wizard does not pop-up automatically during the BrokerService.exe Repair , then follow https://docs.citrix.com/en-us/tech-zone/build/tech-papers/antivirus-best-practices.html. to add the exclusions manually.
  6. In cases where SSL is enabled on Delivery Controllers, please follow the steps mentioned in the below article to re-configure SSL on Delivery Controllers.

Apphttps://docs.citrix.com/en-us/citrix-virtual-apps-desktops/secure/tls.html#install-tls-server-certificates-on-controllers
https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/secure/tls.html#change-http-or-https-ports
Workaround 3
  • Disable/downgrade Microsoft Windows Defender Version.Refer to below Microsoft articles to add exclusions or roll back the update.

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus

Citrix App Protection Registry

https://support.microsoft.com/en-in/help/4052623/update-for-microsoft-defender-antimalware-platformCitrix
  • Ensure Citrix Recommended AV exclusions are in place as per Citrix article: https://docs.citrix.com/en-us/tech-zone/build/tech-papers/antivirus-best-practices.html#antivirus-exclusions

Citrix Virtual Apps and Desktop Service
WorkaroundCitrix app protection service
Please follow the below steps on all Citrix Cloud Connector machines:
  1. Restore the quarantined files from Windows Defender by following this article: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus
  2. This includes the Citrix High Availability Service and the Citrix Configuration Sync service.
  3. Change the Log On for these services to Network Service.
  4. Apply the exclusion list described in the article: https://docs.citrix.com/en-us/tech-zone/build/tech-papers/antivirus-best-practices.html#cloud-connector
  5. Reboot the Citrix Cloud Connector.
  6. In cases where SSL is enabled on Citrix Cloud Connectors, please follow the steps mentioned in the below article to re-configure SSL on Citrix Cloud Connectors:
https://support.citrix.com/article/CTX221671
Note: If the files for Citrix High Availability Service and the Citrix Configuration Sync service are no longer present in Windows Defender Quarantined files, then uninstall and reinstall the Citrix Cloud connector.

Problem Cause

Microsoft Windows Defender is detecting Citrix Broker Service as well as HighAvalabilityService.exe as Trojan and deleting them.
Skip to end of metadataGo to start of metadata
  1. Install “Citrix Workspace” from “https://www.citrix.com/downloads/workspace-app/windows/workspace-app-for-windows-latest.html”by selecting “Download Citrix Workspace app for Windows” and following installation steps. Do not enable Single Sign On or App Protection during the install. Only need to complete this step along with account setup the first time.
  1. Select “Add Account” after installation is complete.
  1. Enter “apphub.coeit.osu.edu” for the server address and select “Add”.
  1. “Sign In” with OSU University name.# credentials.
  1. Select “COEStore” and click “Select”.

App Protection Citrix

  1. “Log On” with OSU University name.# credentials.
  1. Select the “COE” or specific image from the Desktops tab or selected Favorites tab. “Desktop Viewer” will begin launching a session. You may also have virtualized applications under the Apps tab.
  1. Ensure your data is saved to U: or remote drive and select “Sign out” from start menu after completing session.