Protect Citrix Workspace environments using process hierarchy control 编辑

August 18, 2022 Contributed by:  C

Protect Citrix Workspace environments using process hierarchy control

In a Citrix Workspace environment, some applications might be launched not as intended. This situation can pose security risks, especially if powerful Windows tools such as CMD and PowerShell are launched.

As an administrator, you might want to restrict your users only to launching allowed applications. Workspace Environment Management (WEM) provides you with the process hierarchy control feature, which helps prevent end users from launching child processes.

You can control whether certain child processes can be started from their parent processes in a Citrix Workspace environment. The feature is useful in scenarios where you want to prevent unintended processes from running through published applications.

This article uses CMD as an example. With process hierarchy control, you can protect against attacks launched through CMD in a Citrix virtual app environment by preventing CMD from being started through the published app. A general workflow for using the feature is as follows:

  1. Enable process hierarchy control on the WEM agent

  2. Configure process hierarchy control rules in the WEM console


Recommendation

We recommend that you use the WEM tool VUEMAppCmd to publish applications. The tool ensures that the WEM agent finishes processing process hierarchy control rules before published applications start.

Use the Full Configuration management interface to edit the application settings and then add an executable file path that points to VUEMAppCmd.exe. For more information, see Applications
.

Application settings


Enable process hierarchy control on the WEM agent

To enable the feature, use the AppInfoViewer tool on the agent machine. The tool is located in the agent installation folder. A machine restart is required after you enable or disable the feature.

Application Info Viewer


Configure process hierarchy control rules in the WEM console

Suppose you want to block CMD from launching through Notepad. To create process hierarchy control rules, complete the following steps:

  1. Go to Legacy Console > Security > Process Hierarchy Control and select Enable Process Hierarchy Control.

    Process hierarchy control

  2. Click Add Rule, configure settings as follows, and click Next.

    Note:

    In this example, you create a rule to prevent CMD from launching through Notepad. You can use one of the three rule types (Path, Publisher, and Hash) to specify parent and child processes. Under Assignments, you choose the users to which you want to apply the rule. For more information about the settings, see Process hierarchy control
    .

    Add process hierarchy control rule 1

  3. Configure Notepad as the parent process and click Next.

    Note:

    The user interface differs depending on which rule type you select in step 2.

    Add process hierarchy control rule 2

  4. Add multiple child processes in the rule as needed and click Create.

    Add process hierarchy control rule 3

This completes creating the rule. The agent will prevent CMD from launching through Notepad in the Citrix Workspace environment.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

词条统计

浏览:16 次

字数:4980

最后编辑:7 年前

编辑次数:0 次

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文