Sophos Citrix


Sophos Authentication for Thin Client Enables transparent authentication for users in Citrix or Terminal Services environment whereby network credentials can be used to authenticate and a user has to sign in only once to access network resources. You can deploy the XG Firewall virtual appliance on Citrix XenApp platform.

  1. Sophos Citrix Free
  2. Sophos Citrix Pvs
downloadWhy can't I download this file?

Applicable Products

  • Provisioning Services

Sophos Citrix Free

Symptoms or Error

Sophos xg 85. Servers and targets may experience one or more of the following symptoms if antivirus software is not properly tuned for your Provisioning Services (PVS) environment:

  • Target Device or Server appears sluggish or generally slower than normal.

  • Prolonged, excessive CPU or memory utilization.

  • Significant change in the Write Cache Disk I/O Performance. For example, when using Perfmon, the percentage of disk write time or disk write queue length increases significantly.

  • Target device software indicates excessive retries in its console.

  • In the console, Inventory shows that the replication status is incorrect for a vDisk.

  • A target device fails to boot to the vDisk, however, it boots to the local disk and displays a red X on the client status tray.

  • During boot, target device performance remains poor for a short time while antivirus definitions are updated.

Symptoms may vary greatly and are not limited to this brief list.


Limit Antivirus definition updates to only the Master Target Device or Update Target Device. Create a plan to upgrade the vDisk periodically using manual or Automatic vDisk updates. This can significantly reduce network bandwidth and overall performance. Avoid scanning the vDisk Write Cache file and streaming disk IO that makes up the operating system for a given Target. Disk IO that has been altered, tampered, or corrupted should cause an application or operating system to fail immediately.

Avoid scanning the following process and system drivers on PVS 7.x Target Devices:
  • BNDevice.exe: handles client functions, licensing, etc
  • BNIstack6.sys: IO protocol driver UDP port 6911-6930
  • CNicTeam.sys: network NIC teaming, if being used
  • CFsDep2.sys: file system minifilter
  • CVhdMp.sys: storage miniport driver
Avoid scanning, whitelist or permission the following processes on PVS Server 7.x:
  • Streamprocess.exe: Streaming engine UDP port 6901-6910
  • Streamservice.exe: Service manager for streaming services
  • Soapserver.exe: handles Database connectivity and AD authentication
  • Inventory.exe: vDisk Inventory UDP port 6895
  • MgmtDaemon.exe: Inter-server communication UDP port 6898
  • Notifier.exe: Inter-server communication UDP port 6903
  • BNTFTP.exe: TFTP service delivers bootstrap UDP port 69
  • PVSTSB.exe: Two Stage Boot delivers bootstrap UDP port 6969
  • BNPXE.exe: PXE service Broadcast Protocol
  • CdfSvc.exe: Citrix Diagnostic Facility COM Server

Avoid scanning the vDisk Write Cache file on either the target or server side; the write cache file names for target local disk cache are .vdiskcache or vdiskdif.vhdx

Problem Cause

1. In general, most antivirus product defaults are configured to scan all files IO andor processes on a disk. Like an operating system that runs locally to its hardware, all PVS streaming IO operations are subject to real-time scanning until specified otherwise. If an antivirus program scans the continuously active data stream that consists of the operating system, then this impedes the normal operation of PVS by causing disk IO delays and read-write failures, HA problems, and so on. In extreme cases, the PVS target device and server can consume more resources than necessary or become inactive.

2. When a virtual disk is running in standard image mode or Read-Only mode, AV application and virus definition updates should be avoided. This is a common scenario that causes serious degradation when target devices are restarted in mass and immediately perform an update, often causing IO bottlenecks and slow server response times. Windows Updates can have this same effect and should be disabled in Read-Only mode. Update the Read-Write image with the latest definitions and perform a full scan before switching vdisk modes back to Read-Only.

Additional Resources

Sophos Citrix Pvs

When installing or upgrading antivirus client software or any other software that alters the target’s network stack, PVS 7.x. requires that you first uninstall the PVS Client Software and reinstall it last, the target software should be the last thing that gets installed prior to re-imaging. The PVS software becomes unusable if another software product alters or interferes with the target's BNistack.sys. Windows Updates can have this affect and may require a reverse image to be performed prior to installation. Antivirus software varies from vendor to vendor. Check with your antivirus software vendor for specific instructions on configuring scanning exceptions. Citrix recommends that you test antivirus client software and its configuration prior to placing it into a provisioned environment. Obtaining a performance baseline early may help prove useful in the event future performance troubleshooting.

Sophos citrix gold image Windows Defender VDI Best Practices -
Citrix CVAD AV Guide -


Citrix is not responsible for and does not endorse or accept any responsibility for the contents or your use of these third party Web sites. Citrix is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement by Citrix of the linked Web site. It is your responsibility to take precautions to ensure that whatever Web site you use is free of viruses or other harmful items.
downloadWhy can't I download this file?Sky Go Masterchef
  • Sky Go Update
  • Macos Evernote
  • How To Clean Out Computer Memory
  • Samsung S10 Kies