App Protection Citrix

Posted on  by admin
  • Citrix Workspace licensing with App Protection? What would the minimum licensing package that would need to be purchased to get App Protection against screen scraping and key logging that can be installed on BYOD laptops to remotely connect to our own desktops.
  • May 05, 2020 With App Protection, an add-on to Citrix Virtual Apps and Desktops, organisations can add a critical layer of defense to their apps and data to help prevent data breaches. Increase in cyber-attacks as a result of COVID-19 More employees than ever are working from home right now, many accessing popular enterprise apps from their personal devices.
  • Protect corporate data against key logging and screen capture malware with Citrix App Protection.
  1. App Protection Citrix Cloud
  2. Citrix Cloud App Protection

Citrix Web App and API Protection is rated 8.6, while Cloudflare is rated 8.0. The top reviewer of Citrix Web App and API Protection writes 'Runs behind the scenes, in the background and keeps everything running smoothly'. On the other hand, the top reviewer of Cloudflare writes 'Robust, secure and innovative; technical support needs to be.

When remote work moved from something a few people did on occasion to a mandate for nearly all employees, companies around the world scrambled to scale up their resources and enable it. Many fell short, leaving employees to use personal devices to access the systems and information they need to do their jobs. And that’s created a gaping security hole.

To help plug it, Citrix Systems has launched App Protection, which enables companies to protect apps and data on unmanaged endpoints and ensure their corporate systems and information remain safe.

“Endpoints are the penultimate control point for the implementation of device, application, and data security. The rapid acceleration of remote work sparked by the COVID-19 pandemic and proliferation of unmanaged personal devices being used for business has created a special challenge, as decentralization is not the friend of security,” said Frank Dickson, Program Vice President, Security & Trust, IDC. “And specialized and sophisticated tools are required to overcome it.”

Dion Hinchcliffe, VP and Principal Analyst at Constellation Research – and Executive Fellow, Tuck School of Business, Center for Digital Strategies, agrees. “The recent mass global shift to remote work has in part been enabled by the ability to use available devices at hand, including unmanaged ones. Yet this has opened up a vast new cybersecurity attack surface area and put even more burdens on workers struggling to adapt to their new environment,” he says.

“App Protection provides an invaluable safety net so both workers and employers can rest assured that remote work devices are not leaking critical information, allowing everyone to focus on what matters most: a safe, secure, and productive digital workplace.”

App Protection Citrix

Business is now personal

As employees around the world adjust to the new normal of working from home, many are using whichever endpoint gives them the quickest access to the resources they need to get work done. And this often includes personal devices such as laptops, tablets and phones.

“Key logging and screen capture malware are common on these endpoints and provide bad actors with easy entry to corporate networks and sensitive information,” said Eric Kenney, Senior Product Marketing Manager, Citrix.

Malware beware

When present on a device, key logging malware captures each key stroke entered by a user, including user names and passwords. Screen-capture malware periodically takes a snapshot of the user’s screen, saving it to a hidden folder on the device or directly uploading it to the attacker’s server where the information can be exploited. App Protection is uniquely designed to prevent this.

A blank stare

The unique feature thwarts keylogging and screen-capturing malware that may live on personal devices by scrambling keystrokes entered into a device and sending the attacker undecipherable text. It also prevents data exfiltration from screen shot malware by turning all screen shots into blank pictures.

With App Protection enabled, employees can stay productive by working on a personal, unmanaged endpoint without sacrificing security.

downloadWhy can't I download this file?

Solution

Citrix is aware of a potential issue impacting the Citrix Broker and Citrix HighAvailability services on the Delivery Controllers and Citrix Cloud Connectors respectively with Microsoft Defender installed. Please see the following article for best practices to configure Microsoft Windows Defender: https://docs.citrix.com/en-us/tech-zone/build/tech-papers/antivirus-best-practices.html.
On-Premises Deployment
Microsoft has released an updated Antivirus Definition 1.321.1341.0 to address this issue.
Please follow the below steps to clear the current cache and trigger an update, use a batch script that runs the following commands as an administrator:
cd %ProgramFiles%Windows Defender
MpCmdRun.exe -removedefinitions -dynamicsignatures
MpCmdRun.exe -SignatureUpdate

Reference :
https://www.microsoft.com/en-us/wdsi/defenderupdates
If you continue to see the issue, please follow the below workarounds:
Workaround 1
The following steps can help restore the service:
  1. Restore the quarantined files from Windows Defender by following this article: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus
  2. This includes the Citrix Broker Service, the Citrix High Availability Service and the Citrix Configuration Sync service.
  1. Change the Log On for these services to Network Service.
  2. Apply the exclusion list described in the article: https://docs.citrix.com/en-us/tech-zone/build/tech-papers/antivirus-best-practices.html.
  3. Reboot the Citrix Delivery Controller machine
Try the below steps if the above workaround does not resolve the issue.App Protection Citrix
Workaround 2
  1. Mount the Citrix Virtual Apps and Desktop ISO.
  2. Navigate to the 'x64Citrix Desktop Delivery Controller' folder.
  3. Right ClickBroker_Service_x64.msi and choose Repair.
  4. During the Repair, add the BrokerService.exe and the HighAvailabilityService.exe to the exclusion list in Microsoft Windows Defender Pop-up wizard.
  5. If Microsoft Windows Defender Wizard does not pop-up automatically during the BrokerService.exe Repair , then follow https://docs.citrix.com/en-us/tech-zone/build/tech-papers/antivirus-best-practices.html. to add the exclusions manually.
  6. In cases where SSL is enabled on Delivery Controllers, please follow the steps mentioned in the below article to re-configure SSL on Delivery Controllers.

https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/secure/tls.html#install-tls-server-certificates-on-controllers
https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/secure/tls.html#change-http-or-https-ports
Workaround 3
  • Disable/downgrade Microsoft Windows Defender Version.Refer to below Microsoft articles to add exclusions or roll back the update.

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus
https://support.microsoft.com/en-in/help/4052623/update-for-microsoft-defender-antimalware-platform
  • Ensure Citrix Recommended AV exclusions are in place as per Citrix article: https://docs.citrix.com/en-us/tech-zone/build/tech-papers/antivirus-best-practices.html#antivirus-exclusions

Citrix Virtual Apps and Desktop Service
Citrix app protection downloadWorkaround
Please follow the below steps on all Citrix Cloud Connector machines:

App Protection Citrix Cloud

  1. Restore the quarantined files from Windows Defender by following this article: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus
  2. This includes the Citrix High Availability Service and the Citrix Configuration Sync service.
  3. Change the Log On for these services to Network Service.
  4. Apply the exclusion list described in the article: https://docs.citrix.com/en-us/tech-zone/build/tech-papers/antivirus-best-practices.html#cloud-connector
  5. Reboot the Citrix Cloud Connector.
  6. In cases where SSL is enabled on Citrix Cloud Connectors, please follow the steps mentioned in the below article to re-configure SSL on Citrix Cloud Connectors:
https://support.citrix.com/article/CTX221671
Note: If the files for Citrix High Availability Service and the Citrix Configuration Sync service are no longer present in Windows Defender Quarantined files, then uninstall and reinstall the Citrix Cloud connector.

Problem Cause

Citrix Cloud App Protection

Microsoft Windows Defender is detecting Citrix Broker Service as well as HighAvalabilityService.exe as Trojan and deleting them.