Anti-virus/malware related configuration recommendations
- Make sure you setup Anti-virus/Malware exclusions for the following SoftGrid/App-v files and folders:
C:\Users\Public\Documents\SoftGrid Client, or wherever user profiles or appdata may be redirected to.
The App-V Terminal Server client may require custom settings depending on whether you have redirected user profiles (%userprofile%) and Application Data (%appdata%) folders. Because the App-V user cache can became very large in a Citrix/Terminal Server environment, TS Admins sometimes redirect the %appdata% to another location this is controlled either by the following registry key or the General Tab of the App-V client on localhost Properties page:
- Exclude the Q: drive even though this will be unavailable to the Antivirus scanner (attempted access will generate an Access Denied error).
- If you are running McAfee Antivirus, please see if you have the registry key below. If so then Buffer Overflow Protection is enabled. If Buffer Overflow Protection (BOP) is enabled this could potentially cause issue. Both McAfee & Symantec have this feature.
HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\VSCore\On Access Scanner\BehaviourBlocking\BOPEnabled
Please refer to the following blog post for specific information regarding this issue:
For more information, refer to the App-V Security Best Practices guide (http://download.microsoft.com/download/f/7/8/f784a197-73be-48ff-83da-4102c05a6d44/APP-V/AppV_Security_Best_Practices.docx)
General Terminal Server Recommendations when running the App-V client
- Pre-cache all applications 100%.
- If you use Windows Server 2003 or older, implement a reboot cycle of the Terminal Servers. The right reboot interval will be different for different environments. For example, a two week reboot cycle may work for one situation whereas another site needs to reboot once a week. The concern is around Paged Pool memory and the potential to exhaust system resources over time.
Note Windows Server 2008 manages memory dynamically.
See the Advanced Windows Debugging and Troubleshooting blog at the following Web MSDN Web site for a detailed walkthrough on identifying pool memory usage:
- Implement UPHClean on the Terminal servers.
- Implement the following registry changes and reboot the servers (Page Pool Memory settings)
System Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control
Value Name: RegistrySizeLimit
Data Type: REG_DWORD
Value Data: FFFFFFFF
UPDATE: This RegistrySizeLimit setting should not be set for Windows 2003 servers and above, if this key exists on a Windows 2003 server please set the value to zero or delete the RegistrySizeLimit key altogether. Only set this value for Windows 2000 servers and below.
Value name: PagedPoolSize
Data type: REG_DWORD
Value data: FFFFFFFF
Value name: PoolUsageMaximum
Data type: REG_DWORD
Value data: 60
UPDATE: Start with a PoolUsageMaximum setting of 60 decimal and lower this value by increments of 10 until an optimum value is determined by performance improvement. It is recommended that PoolUsageMaximum be set to a value no lower than 30 decimal. An acceptable range is between 60-30 decimal.
Sessionviewsize Reg_Dword = 60 Decimal
SessionPoolSize Reg_Dword = 30 Decimal
Please refer to the following for additional information:
- Verify that none of the App-V Application packages have following Virtual services if so remove them or set them to disabled.
- .NET Runtime Optimization Service v2.0
- Machine Debug Manager
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MICROSOFT AND/OR ITS SUPPLIERS DISCLAIM AND EXCLUDE ALL REPRESENTATIONS, WARRANTIES, AND CONDITIONS WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING BUT NOT LIMITED TO REPRESENTATIONS, WARRANTIES, OR CONDITIONS OF TITLE, NON INFRINGEMENT, SATISFACTORY CONDITION OR QUALITY, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE MATERIALS.