Protect Citrix Workspace environments using process hierarchy control 编辑
Protect Citrix Workspace environments using process hierarchy control
In a Citrix Workspace environment, some applications might be launched not as intended. This situation can pose security risks, especially if powerful Windows tools such as CMD and PowerShell are launched.
As an administrator, you might want to restrict your users only to launching allowed applications. Workspace Environment Management (WEM) provides you with the process hierarchy control feature, which helps prevent end users from launching child processes.
You can control whether certain child processes can be started from their parent processes in a Citrix Workspace environment. The feature is useful in scenarios where you want to prevent unintended processes from running through published applications.
This article uses CMD as an example. With process hierarchy control, you can protect against attacks launched through CMD in a Citrix virtual app environment by preventing CMD from being started through the published app. A general workflow for using the feature is as follows:
Enable process hierarchy control on the WEM agent
Configure process hierarchy control rules in the WEM console
Recommendation
We recommend that you use the WEM tool VUEMAppCmd to publish applications. The tool ensures that the WEM agent finishes processing process hierarchy control rules before published applications start.
Use the Full Configuration management interface to edit the application settings and then add an executable file path that points to VUEMAppCmd.exe. For more information, see Applications
.
Enable process hierarchy control on the WEM agent
To enable the feature, use the AppInfoViewer tool on the agent machine. The tool is located in the agent installation folder. A machine restart is required after you enable or disable the feature.
Configure process hierarchy control rules in the WEM console
Suppose you want to block CMD from launching through Notepad. To create process hierarchy control rules, complete the following steps:
Go to Legacy Console > Security > Process Hierarchy Control and select Enable Process Hierarchy Control.
Click Add Rule, configure settings as follows, and click Next.
Note:
In this example, you create a rule to prevent CMD from launching through Notepad. You can use one of the three rule types (Path, Publisher, and Hash) to specify parent and child processes. Under Assignments, you choose the users to which you want to apply the rule. For more information about the settings, see Process hierarchy control
.Configure Notepad as the parent process and click Next.
Note:
The user interface differs depending on which rule type you select in step 2.
Add multiple child processes in the rule as needed and click Create.
This completes creating the rule. The agent will prevent CMD from launching through Notepad in the Citrix Workspace environment.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论