Citrix users have run into problems with an update for the Windows Defender antivirus program from Microsoft, which erronously flags two files as Trojan horse malware, and stops the desktop virtualisation software from working.
The problem is seen with Windows Defender that has received the antivirus definition 1.321.1319.0 update, and which is installed on Citrix Delivery Controllers.
Two files, HighAvailabilityService.exe and BrokerService.exe are detected by Defender as Trojans and deleted, users reported.
Update: it breaks the f*** out of Citrix. BrokerService.exe gets tagged as malware and quarantined. Our prod environment with over 3000 users is hard down cc @SwiftOnSecurity https://t.co/3xijuqYcvi
— frontier_anon (@frontier_anon) August 13, 2020
Citrix is aware of the issue and suggests that users who are affected by the problem try to restore the deleted files from Defender's quarantine, and change the Log On for the files to Network Service in Windows.
The files should also be excluded from Defender's anti-virus scans, Citrix suggested.
After the files have been restored, the Citrix Delivery Controller needs to be rebooted.
