Citrix Virtual Apps and Desktops

Virtual Channel Allow List for DVC

You can use the Virtual channel allow list for DVC to control which custom dynamic virtual channels are allowed in your environment. By default, no dynamic virtual channels are allowed. If there is a need to dynamic virtual channels, these need to be explicitly added to the allow list.

Configuration

The virtual channel allow list for DVC is enabled by default. You can configure this feature using the following setting in the Citrix policy:

  • Virtual channel allow list for DVC: to enable or disable the feature and to add dynamic virtual channels to the list.
  • Virtual channel allow list log throttling: sets the throttling period for the virtual channel allow list event logging.
  • Virtual channel allow list logging: sets the logging level for the virtual channel allow list.

Adding dynamic virtual channels to the allow list

To add a dynamic virtual channel to the allow list, you need the following information:

  1. The name of the DVC plug-in on the client. For example, DvcPlugin1.dll.
  2. The name of the DVC listener(s). For example, ListenerName1.
  3. The paths to the processes that accesses the dynamic virtual channel on the VDA machine. For example, C:\Program Files\Application\run.exe.

Once you have the required information, you must add the dynamic virtual channel to the allow list using the Virtual channel allow for DVC list policy setting. To add a dynamic virtual channel to the list, enter the path to the process that accesses the DVC in the session host followed by a comma, then the client-side plugin name followed by a comma, and the name of the listener used by the plugin. Multiple listener names can be added separated by commas.

For single listener

Using the previous examples, add the following entry to the list: C:\Program Files\App\run1.exe,DvcPlugin1,ListenerName1

For multiple listeners

If there are multiple listeners, add the following entry to the list: C:\Program Files\App\run1.exe,DvcPlugin1,ListenerName1,ListenerName2

Using wildcards

The use of wildcards (*) is supported. You can use wildcards when the names of directories or executables change based on the version of the application, or if the third-party component is installed in the users’ profiles.

You can use wildcards in the following scenarios:

  • To replace the full directory name. For example: C:\Program Files\App\*\run1.exe
  • To replace part of the directory name. For example: C:\Program Files\App\v*\run1.exe
  • To replace the executable’s name. For example: C:\Program Files\App\v1.2\*.exe
  • To replace part of the executable’s name. For example: C:\Program Files\App\v1.2\run*.exe

The following restrictions apply:

  • The wildcard can only be used to replace a single directory. For example, if the executable is located in C:\Program Files\App\v1.2\run1.exe
    • Allowed: C:\Program Files\App\*\run1.exe
    • Not allowed: C:\Program Files\*\run1.exe
  • Entries must contain the file name extension.
    • Allowed: C:\Program Files\App\v1.2\*.exe
    • Not allowed: C:\Program Files\App\v1.2\*
  • All paths must be local.
Virtual Channel Allow List for DVC