Configure Anti-DLL Injection

By default, the Anti-DLL Injection feature is disabled. You can enable this feature using the following:

Configure using Group Policy Object

The following policies are added to configure the Anti-DLL Injection feature:

Using the Anti-DLL Injection policy

Use this policy to enable or disable the Anti-DLL Injection feature. When this policy is not configured, the Anti-DLL Injection feature is disabled. The possible values are:

  • Enabled – The Anti-DLL Injection feature is enabled for Citrix Authentication Manager, Citrix Workspace app UI, and Citrix Virtual Apps and Desktops. Administrators can select the required components to enable the Anti-DLL Injection feature.
  • Disabled – The Anti-DLL Injection feature is disabled for Citrix Authentication Manager, Citrix Workspace app UI, and Citrix Virtual Apps and Desktops.

To enable the Anti-DLL Injection policy, do the following steps:

  1. Open the Citrix Workspace app Group Policy Object administrative template by running the following command:

    gpedit.msc

  2. Under the Computer Configuration node, go to Administrative Templates > Citrix Components > Citrix Workspace > App Protection > Anti-DLL Injection.

    Enable Anti-DLL Injection policy

  3. Click the Anti-DLL Injection policy and select Enabled. All the components are selected. However, you can modify the selection of the components from the Options section.

    Enable Anti-DLL Injection policy

  4. Click OK.

Using the Anti-DLL Injection Module Allow List policy

As an Administrator, you can use this policy to exclude any DLL from the Anti-DLL Injection feature. Citrix recommends you to use this policy only to handle any exceptional scenario. When this policy is not configured, no DLL is part of the allow list. All the DLLs are included for the anti-DLL protection. The possible values are:

  • Enabled - Excludes DLLs that are added in the allow list from the anti-DLL protection.
  • Disabled - Clears the list of DLLs added to the allow list.

To enable the Anti-DLL Injection Module Allow List policy, do the following steps:

  1. Open the Citrix Workspace app Group Policy Object administrative template by running the following command:

    gpedit.msc

  2. Under the Computer Configuration node, go to Administrative Templates > Citrix Components > Citrix Workspace > App Protection > Anti-DLL Module Allow List.

    Enable Anti-DLL Injection policy

  3. Click the Anti-DLL Module Allow List policy and select Enabled.

    Enable Anti-DLL Module Allow List policy

  4. Add the list of modules that you want to exclude from the anti-DLL protection in the Anti-DLL Injection Module Allow List field. Sample format to add DLL to the allow list:

    [
        {
            "filePath":"C:\\Program Files (x86)\\trusted\\messagebox.dll"
        },
        {
            "filePath":"%PROGRAMFILES%\\trusted\\logging.dll"
        }
    ]
    <!--NeedCopy-->
    
  5. Click OK.

Configure using the Global App Configuration service

The Administrators can use GACS to configure the Anti-DLL Injection feature. The settings are as follows:

  • anti dll injection – Add the required modules that you want to enable the anti-DLL Injection feature
  • anti dll module allow list – Add the required DLLs that you want to exclude from the anti-DLL protection

For more information, see Global App Configuration service.

The following is a sample JSON file for enabling anti dll injection and anti dll module allow list for Citrix Workspace app for Windows in GACS:

{
  "serviceURL": {
    "url": "https://tuleshtest.cloudburrito.com:443"
  },
  "settings": {
    "appSettings": {
      "windows": [
        {
          "category": "App Protection",
          "userOverride": false,
          "assignedTo": [
            "AllUsersNoAuthentication"
          ],
          "assignmentPriority": 0,
          "settings": [
            {
              "name": "anti dll injection",
              "value": [
                "Citrix Auth Manager",
                "Citrix Virtual Apps And Desktops",
                "Citrix Workspace app UI"
              ]
            },
            {
              "name": "anti dll module allow list",
              "value": [
                {
                  "filePath": "C:\\Program Files (x86)\\Citrix\\ICA Client\\wfica32.exe"
                },
                {
                  "filePath": "C:\\Program Files (x86)\\Citrix\\ICA Client\\AuthManager\\AuthManSvr.exe"
                }
              ]
            }
          ]
        }
      ]
    },
    "name": "name",
    "description": "desc",
    "useForAppConfig": true
  }
}
<!--NeedCopy-->
Configure Anti-DLL Injection