Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud Windows Sensor: How to add Citrix exclusions in Windows registry for CBC Sensor

Carbon Black Cloud Windows Sensor: How to add Citrix exclusions in Windows registry for CBC Sensor

Environment

  • Carbon Black Cloud Windows Sensor: All Supported Versions
  • Microsoft Windows: All Supported Versions
  • Citrix: All Versions

Objective

  • Slow logon times with CBC sensor enabled
  • Unstable Citrix Server Performance

Resolution

The following entries should be added into the registry for Citrix to exclude CBC processes
  • REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\CtxHook" /f /t REG_SZ /v ExcludedImageNames /d "repmgr.exe,scanhost.exe,reputils.exe,repcli.exe,repux.exe,bladerunner.exe,repwsc.exe,repwav.exe,ctifile.sys,ctinet.sys,cbc_plugin_extension.ext.exe,osqueryi.exe,vhostcomms.exe"
  • REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\CtxHook" /f /t REG_SZ /v ExcludedImageNames /d "repmgr.exe,scanhost.exe,reputils.exe,repcli.exe,repux.exe,bladerunner.exe,repwsc.exe,repwav.exe,ctifile.sys,ctinet.sys,cbc_plugin_extension.ext.exe,osqueryi.exe,vhostcomms.exe"
  • REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\CtxHook64" /f /t REG_SZ /v ExcludedImageNames /d "repmgr.exe,scanhost.exe,reputils.exe,repcli.exe,repux.exe,bladerunner.exe,repwsc.exe,repwav.exe,ctifile.sys,ctinet.sys,cbc_plugin_extension.ext.exe,osqueryi.exe,vhostcomms.exe"
  • REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CtxUvi" /f /t REG_SZ /v UviProcessExcludes /d "repmgr.exe;scanhost.exe;reputils.exe;repcli.exe;repux.exe;bladerunner.ex;repwsc.exe;repwav.exe;ctifile.sys;ctinet.sys;cbc_plugin_ext;osqueryi.exe;vhostcomms.exe"

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎04-06-2021
Views:
2850
Contributors