https://worldofeuc.com logo
Join Slack
Powered by
This message was deleted.
# citrix-vad
s
This message was deleted.
r
I did
n
We do, and while our CrowdStrike team repeatedly insists that no exclusions are needed, we have been working on troubleshooting issues and crashes that always seem to contain CrowdStrike processes.
r
Even for a EDR use case.
I fought this hard at my last place. In the end, they were needed. Even though it may not be a AV, but the EDR will stop processes that pertain to the Citrix parts. By putting in the exclusions, it helps.
n
how do i prove that the exclusions are needed? are there any logs i can show them? what about process explorer? can i use that to check the citrix process?
n
They can enable verbose logging on the agent to get detailed logs if you suspect it's slowing down the system or causing crashes. But IMO I would try and force them to simply add the required exclusions per Citrix's own documentation.
n
okay, thanks
r
I had another product called Carbon Black. I had the same issues. @newbie1998 off hand, do you know if the product was installed with the VDI switch?
You can check on the VDA for that.
n
Yeah, CrowdStrike has a specific VDI install string.
🎯 1
⤴️ 2
And I see that Ray posted it, lol
r
When I use to install it, I did this.
n
And for non-persistent, I think you also need to use "NO_START=1" in the install string. This is probably in their documentation. I'm going off notes I was passed.
r
Yea, you do. I am actually looking for my installers. I had issues and I had them laid out lol
How can I correct an image or template used to create persistent or non-persistent virtual machines (VM/VDI) that did not include NO_START=1 or VDI=1 when installing the Falcon sensor for Windows? https://supportportal.crowdstrike.com/s/article/ka16T000000wv6QQAQ
Here it is.
☝️ 1
n
where did you get that from?
what's falcon sensor?
r
That is from when I setup it up before. The Sensor is the actual agent
n
oh ok
p
We do use CS. We don’t have exclusions. Depending on how you are packaging it, for non-persistent machines along with the VDI=1 NO_START=1 you need to wipe a couple reg keys. This explains all options. https://crowdstrike.wistia.com/medias/he1qicxcft
@Ray Davis thanks for mentioning "carbon black".. I still have flashbacks... Nuked a whole farm within two hours.
r
LOL, yea I have them as well 😞
d
Carbon Black commiseration here too. Was not sad to see it go.
l
Using crowdstrike for many years and no exclusions, even on PVS targets and PVS server. Works great. I do not miss the days of trend microscan
r
Well darn. I’m wondering why some have good experience and some don’t. I know it was a pain for me in the past.
@Jon Bucud what was your experience?
j
No exclusions here either for CS Falcon
r
Okay, thanks for the input. @newbie1998 the results are in lol.
n
Yeah, same old adage... test, test, test.
⤴️ 1
m
CS will tell you until they are blue in the face that you don’t need exclusions but in my experience with CVAD and FSLogix you do
I’ve been super unimpressed with CS support so they would not be my first choice in AV
j
FWIW, CS support was a nightmare until we uplifted to Complete. Now they're actually pretty damn good and super responsive...
m
@Jon Bucud Complete?
j
Falcon Complete, it's their full managed service
Open in Slack
PreviousNext
Powered by