Ivanti Workspace Control Antivirus Best Practices

Version 7

    Introduction

    This document describes the exclusions needed for the Ivanti Workspace Control, the Relay Server and VDX. The recommendations apply to Real-Time scanning by antivirus products or monitoring software.

    In any environment running Ivanti Workspace Control and anti-virus products, it is important to achieve a balance between both. This is necessary to maintain a secure environment with stable servers without interference in performance. As virus scanning is one of the most common causes of performance issues, it is recommended to implement the correct exclusions.

     

    Warning

    As this document contains recommendations for anti-virus exclusions, it is important to understand that anti-virus exclusions might expose computers to a variety of real security threats. However, the following guidelines typically represent the best balance between security and performance. It is recommended to test the configuration changes before applying this to a production environment.

     

    General

    When excluding the folders and processes described in this document from real-time and/or on-access scanning, these areas should be scanned on a regular basis. This can be done using a scheduled scan at a chosen time to prevent any performance impact. Rule of thumb is to exclude any executable available in the installation directory to not slow down or interfere with the installed product.

     

     

     

    Exclusions

    On 64- bit systems, by default, the installation directory will exist in “%programfiles(x86)%” instead of “%programfiles%”. The default installation directory for new installation will be “Ivanti\Workspace Control”, upgraded installations are commonly found in a directory called “Res Software\Workspace Manager”. The system variable %respfdir% will present the combination of your program files directory and installation folder.

     

     

    info.png

    When upgrading to Ivanti Workspace Control, executables from previous Workspace versions might still be available in the installation directory. It is not necessary to exclude these processes as they are obsolete.

     

     
     

    Full Installation

    It is recommended to exclude the following processes from real-time/on-access scanning from any Antivirus or monitoring system for machines running the Full Installation of Ivanti Workspace Control:

    Install Type

    Exclusion

    Full installation

    %windir%\system32\pwrgrids.exe

     

    %respfdir%\svc\res.exe

     

    %respfdir%\ConsoleHelper.exe

    %respfdir%\cpushld.exe

    %respfdir%\guardian.exe

    %respfdir%\pfsync.exe

    %respfdir%\pfwsmgr.exe

    %respfdir%\PFXA6.exe

    %respfdir%\PFXA7.exe

    %respfdir%\pwrcache.exe

    %respfdir%\pwrdesk.exe

    %respfdir%\pwrfunc.exe

    %respfdir%\pwrgate.exe

    %respfdir%\PwrGpo.exe

    %respfdir%\pwrgrid.exe

    %respfdir%\pwrhelp.exe

    %respfdir%\pwrinit.exe

    %respfdir%\pwrmail.exe

    %respfdir%\pwrmapi.exe

    %respfdir%\pwrmapi64.exe

    %respfdir%\pwrmenu.exe

    %respfdir%\pwrmlmp.exe

    %respfdir%\PwrRat.exe

    %respfdir%\pwrsnmp.exe

    %respfdir%\pwrstart.exe

    %respfdir%\pwrsync.exe

    %respfdir%\pwrtech.exe

    %respfdir%\pwrtrace.exe

    %respfdir%\pwrx64.exe

    %respfdir%\RES.WorkspaceManager.WMSync.exe

    %respfdir%\ResPesvc.exe

    %respfdir%\ResPesvc64.exe

    %respfdir%\setoutsi.exe

    %respfdir%\setprint.exe

    %respfdir%\StartWiz.exe

    %respfdir%\UserSettingsCaptureWizard.exe

    %respfdir%\wifimon.exe

    %respfdir%\wmedit.exe

    %respfdir%\WMExchAuto.exe

    %respfdir%\WMStartMenu.exe

    %respfdir%\wmwizrds.exe

     

    %respfdir%\Data\DBCache\Resources\custom_resources\

     

     

     

    Agent Only Installation

    It is recommended to exclude the following processes from real-time/on-access scanning from any Antivirus or monitoring system for machines running the Agent Only installation of Ivanti Workspace Control:

    Install Type

    Exclusion

    Ivanti Workspace Control Agent

    %windir%\system32\pwrgrids.exe

     

    %respfdir%\svc\res.exe

     

    %respfdir%\cpushld.exe

    %respfdir%\guardian.exe

    %respfdir%\pfsync.exe

    %respfdir%\pfwsmgr.exe

    %respfdir%\PFXA6.exe

    %respfdir%\PFXA7.exe

    %respfdir%\pwrcache.exe

    %respfdir%\pwrdesk.exe

    %respfdir%\pwrfunc.exe

    %respfdir%\pwrgate.exe

    %respfdir%\PwrGpo.exe

    %respfdir%\pwrgrid.exe

    %respfdir%\pwrhelp.exe

    %respfdir%\pwrinit.exe

    %respfdir%\pwrmail.exe

    %respfdir%\pwrmapi.exe

    %respfdir%\pwrmapi64.exe

    %respfdir%\pwrmenu.exe

    %respfdir%\pwrmlmp.exe

    %respfdir%\PwrRat.exe

    %respfdir%\pwrsnmp.exe

    %respfdir%\pwrstart.exe

    %respfdir%\pwrtrace.exe

    %respfdir%\pwrx64.exe

    %respfdir%\RES.WorkspaceManager.WMSync.exe

    %respfdir%\ResPesvc.exe

    %respfdir%\ResPesvc64.exe

    %respfdir%\setoutsi.exe

    %respfdir%\setprint.exe

    %respfdir%\wifimon.exe

    %respfdir%\0WMExchAuto.exe

    %respfdir%\WMStartMenu.exe

     

    %respfdir%\Data\DBCache\Resources\custom_resources\

     

     

    Console Only Installation

    It is recommended to exclude the following processes from real-time/on-access scanning from any Antivirus or monitoring system for machines running the Console Only installation of Ivanti Workspace Control:

    Install Type

    Exclusion

    Console only

    %respfdir%\svc\res.exe

     

    %respfdir%\ConsoleHelper.exe

    %respfdir%\PFXA6.exe

    %respfdir%\PFXA7.exe

    %respfdir%\pwrfunc.exe

    %respfdir%\pwrmail.exe

    %respfdir%\PwrRat.exe

    %respfdir%\pwrsnmp.exe

    %respfdir%\pwrtech.exe

    %respfdir%\pwrtrace.exe

    %respfdir%\pwrx64.exe

    %respfdir%\StartWiz.exe

    %respfdir%\UserSettingsCaptureWizard.exe

    %respfdir%\wmedit.exe

    %respfdir%\WMExchAuto.exe

    %respfdir%\wmwizrds.exe

      

     

    Relay Server Installation

    It is recommended to exclude the following processes from real-time/on-access scanning from any Antivirus or monitoring system for machines running the Relay Server installation of Ivanti Workspace Control:

    Install Type

    Exclusion

    Relay Server

    C:\Program Files\Ivanti\Workspace Control\Relay Server\Relay Server.exe

     

    C:\ProgramData\Ivanti\Relay Server\

     

     

     

    Virtual Desktop Extender (VDX)

    It is recommended to exclude the following processes from real-time/on-access scanning from any Antivirus or monitoring system for machines running VDX:

    Install Type

    Exclusion

    VDX Plugin

    C:\Program Files(x86)\RES Software\VDX Plugin\VDXPluginHelper.exe

    or

    C:\Program Files\RES Software\VDX Plugin\VDXPluginHelper.exe

    VDX Engine

    C:\Program Files(x86)\RES Software\VDX Engine\VDXEngine.exe

    C:\Program Files(x86)\RES Software\VDX Engine\VDXEngineHelper.exe

     

    or

    C:\Program Files\RES Software\VDX Engine\VDXEngine.exe

    C:\Program Files\RES Software\VDX Engine\VDXEngineHelper.exe

     

     

    info.png

    For RES Subscriber for VDX, there are no specific recommendations for exclusion.

     

     

     

    Application Whitelist Monitor (AWM)

    It is recommended to exclude the following processes from real-time/on-access scanning from any Antivirus or monitoring system for machines running the Ivanti Workspace Control Application Whitelist Monitor:

    Install Type

    Exclusion

    AWM

    C:\Program Files (x86)\Ivanti\Workspace Control Application Whitelist Monitor\FileHashMonitor.exe

    Working DirectoryC:\Users\%username%\AppData\Local\Temp\
    Output file

    C:\Program Files (x86)\Ivanti\Workspace Control Application Whitelist Monitor\FileHashes.csv

    or

    C:\Program Files (x86)\Ivanti\Workspace Control Application Whitelist Monitor\FileHashes.xml

    info.png

    Working directory and Output file can be configured using the Ivanti Application Whitelist Monitor - Configuration utility.

    Please note, the Microsoft Windows Assembly Cache might also contain copies of executables / DLL files. It might be needed to also exclude these files.

    The location of these files is randomized by Microsoft as shown in the example below.

    pfwsmgr.ni.exe  might be located in C:\Windows\assembly\NativeImages_v4.0.30319_32\pfwsmgr\54eca8937e84edae7ca021737048307e


    Third party documentation

    Other relevant documentation: