Kaseya Community

KAV blocking source IP address of Citrix Client causing Citrix XenApp Policies to fail

  • We ran into this issue and wanted to share the resolution in case others experienced the same thing.  The scenario is that we have a client who uses Citrix XenApp 5 and right after installing KAV on the client system all our Citrix printing policies seemed to stop working.  After some troubleshooting we realized that KAV was blocking or changing the source IP address of the client system.  In the Citrix Management console you would see clients source IP's as either the IP of the Citrix server or  We base our citrix policies on location by IP address. So branch office A's subnet is and our policies are set to apply printers for that location to users logging in from that location. 

    After a few call's with Kaseya we found that if we add the Citrix ICA to the global exceptions list in KAV the issue stopped happening.  Here is a link to the instructions on adding a global exceptions list (http://community.kaseya.com/kb/w/wiki/creating-a-global-list-of-trusted-applications-for-kav.aspx) and below are the paths to the Citrix client app on windows XP and windows 7.

        <trustedApp name="wfica32.exe" path="C:\program files\citrix\ICA client\wfica32.exe"  addRemove="add" />
        <trustedApp name="wfica32.exe" path="C:\users\%username%\appdata\local\Citrix\ICA client\wfica32.exe"  addRemove="add" />

    I hope this saves other some time.

  • I wanted to confirm that adding wfica32.exe as a Trusted App did resolve the problem for us.  It only existed in the Program Files/Program Files (x86) folder for us.  This is using the current latest version of KAV ( (mr3)).  As a workaround, we had to disable Mail, Web, and IM Protection for the Client IP to be correct.  Otherwise, it was reported as as the OP stated.  We also discovered this was happening with the classic version of KAV.  The same fix worked for that as well.

    I found a link to this article from this Kaspersky forum thread: forum.kaspersky.com/index.php.

    Added additional details about where the EXE was found in a more current environment.
    [edited by: afriedli at 11:45 AM (GMT -7) on Oct 4, 2016]