Those wondering when the Microsoft love-in with Citrix might end will be relieved to learn that Microsoft Defender decided yesterday that Citrix Broker and High Availability Services bore all the hallmarks of a trojan.
Administrators and users alike found that update 1.321.1319.0 of the malware masher left Citrix's platform a tad borked, with the Citrix Broker service gone from the Services console and the
BrokerService.exe whisked away from afflicted systems.
The problem, according to Citrix, can occur on Delivery Servers and Citrix Cloud Connectors with Microsoft Defender installed. Microsoft hurriedly pushed out a fix for its suddenly over-cautious service in the form of definition update 1.321.1341.0 (or later – Microsoft tends to churn out definition updates rapidly in its ongoing arms race with malware miscreants).
Otherwise the broker services used to manage connections and sessions get shunted into quarantine and, alas, Citrix's wares are made unhappy (as are the users).
Workarounds exist for those badly hit, including forcing a definition update and restoring files from the bowels of quarantine. Administrators could also consider adding some antivirus exclusions for Citrix's components.
It is also a reminder that it is good practice, if at all possible, to test updates before allowing them to hit production, although with something receiving new definitions as frequently as Microsoft Defender, that may not be possible.
Still, Citrix administrators will be relieved that at least the update did not sling an animated paperclip onto the screen, saying: "It looks like you're trying to do some virtualization. Would you like some help with that? Maybe with Windows Virtual Desktop in Azure?" ®