To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Realtime protection on write only

lap17 W/ Alumni Posts: 1 Security Scout



Citrix recommends to set realtime protection to only work while writing to disc.

I can't find that option Policy Manager anymore - using version 12.31


  • MJ-perComp
    MJ-perComp W/ Alumni Posts: 669 Firewall Master

    THAT is a bad idea!
    if the malware is new, it it might get written to disk because the signatures are old. And then it wil not be detected ever again!


    Do not follow any such recommendations! F-Secure is designed to work "Out of the Box". If something is not working it is a bug and needs fixing. Following some recommended exclusion guides is a bad idea, as attackers will try these places first.


    Please read and anderstand this (copied from Citrix ):


    Warning! This article contains antivirus exclusions. It is important to understand that antivirus exclusions and optimizations increase the attack surface of a system and might expose computers to a variety of real security threats. However, the following guidelines typically represent the best tradeoff between security and performance. Citrix does not recommend implementing any of these exclusions or optimizations until rigorous testing has been conducted in a lab environment to thoroughly understand the tradeoffs between security and performance. Citrix also recommends organizations to engage their antivirus and security teams to review the following guidelines before proceeding with any type of production deployment.

  • etomcat
    etomcat W/ Alumni Posts: 1,172 Firewall Master



    > And then it wil not be detected ever again!


    I think it is recommended to conduct scheduled full-computer virus scans once every 1-2 weeks and that would discover the threat retro-actively, since "manual scan" policies uses a separate set of configuration compared to real-time protection.


    I think it must be admitted that anti-virus scanning engines, like the Aquarius are consuming so much system resources and a terminal server (Citrix, M$ or otherwise), that deals with possibly dozens or hundreds of remote desktops, may have serious reasons to minimize real-time scanning impact, because the end-user experience must not become sluggish.


    Maybe the F-Secure Ultra Core will arive one day and lift the resource burden, but until that time compromises must be made and accepted.


    Best Regards: Tamas Feher, Hungary.

This discussion has been closed.