As a general best practice, I highly recommend reading the release notes for a product before upgrading to a new version so you can learn about new features and changes and avoid surprises. If you’re skipping versions in between upgrades, you’ll definitely want to review the release notes for those skipped versions to ensure you get all the information on all the changes introduced since the version you are currently running.
With that in mind, there is a significant change we introduced with Citrix Virtual Apps and Desktops 2109 — virtual channel allow list is enabled by default.
If you are not familiar with the virtual channel allow list, we introduced this feature with Citrix Virtual Apps and Desktops 2006 (it’s also available with Citrix Virtual Apps and Desktops 1912 LTSR). With it, you can use an allow list to control which custom/third-party virtual channels you can use in your environment.
With this feature enabled by default, no custom or third-party virtual channels will work in your environment out of the box. Instead, you will have to add them to the allow list so they can be used.
You will find all the information you need related to this feature in the product documentation, including:
- Citrix virtual channel considerations
- How to add virtual channels to the list
- How to obtain the information required to add virtual channels to the list
- List of known third party products that have custom Citrix virtual channels
All built-in Citrix virtual channels are automatically trusted and allowed to open without further configuration. However, I want to point out that two specific features require entries in the allow list due to external dependencies: Multimedia Redirection and HDX RealTime Optimization Pack for Skype for Business (RTOP). If you use either of these two features, please make sure that you review the Citrix virtual channel considerations for details on what to add to the allow list.
Below are a few known third party solutions that use custom Citrix virtual channels along with the information for adding the virtual channels to the list.
DISCLAIMER: Please note that the information shared in this post is accurate as of the time of writing and may not be actively updated. Please refer to the respective vendor’s documentation for the most up-to-date information on the third-party virtual channels mentioned below. You may also leverage the virtual channel allow list logs to obtain the necessary information to add your custom virtual channel to the allow list.
Cisco Jabber
This solution has one virtual channel.
- Virtual channel name: CISCO
- Process: C:\Program Files (x86)\Cisco Systems\Cisco Jabber\hvdagent.exe
- Allow list entry: CISCO,C:\Program Files (x86)\Cisco Systems\Cisco Jabber\hvdagent.exe
Cisco WebEx Teams
This solution uses two virtual channels opened by different processes.
Virtual channel 1:
- Virtual channel name: CSCOMT
- Process: C:\Program Files (x86)\Webex\Webex\Meetings\meetingshvdagent.exe
- Allow list entry: CSCOMT,C:\Program Files (x86)\Webex\Webex\Meetings\meetingshvdagent.exe
Virtual channel 2:
- Virtual channel name: CSCOTM
- Process: C:\Program Files\Cisco Spark\dependencies\teamshvdagent.exe
- Allow list entry: CSCOTM,C:\Program Files\Cisco Spark\dependencies\teamshvdagent.exe
ControlUp
This solution has one virtual channel. Please note that the “#.#.#.#” place holder in the path below needs to be replaced with the version of ControlUp Agent in use.
- Virtual channel name: CUEPUX
- Process: C:\Program Files\Smart-X\ControlUpAgent\Version #.#.#.#\cuAgentHelper.exe
- Allow list entry: CUEPUX,C:\Program Files\Smart-X\ControlUpAgent\Version #.#.#.#\cuAgentHelper.exe
deviceTRUST
This solution has one virtual channel.
- Virtual channel name: DEVTRST
- Process: C:\Program Files\deviceTRUST\Host\Bin\dthost.exe
- Allow list entry: DEVTRST,C:\Program Files\deviceTRUST\Host\Bin\dthost.exe
Epic Slingshot
NOTE: Please refer to CTX464128 for up-to-date information on this solution’s virtual channels.
This solution has two virtual channels:
Virtual channel 1:
- Virtual channel name: EPCHD01
- Process: C:\Program Files (x86)\Epic\Hyperdrive\<version>\Bin\Core\win-x86\Hubcore.exe
- Allow list entry: EPCHD01,C:\Program Files (x86)\Epic\Hyperdrive\<version>\Bin\Core\win-x86\Hubcore.exe
Virtual channel 2:
- Virtual channel name: EPCHD02
- Process: C:\Program Files (x86)\Epic\Hyperdrive\<version>\Bin\Core\win-x86\Hubcore.exe
- Allow list entry: EPCHD02,C:\Program Files (x86)\Epic\Hyperdrive\<version>\Bin\Core\win-x86\Hubcore.exe
Epic Warp Drive
NOTE: Please refer to CTX464128 for up-to-date information on this solution’s virtual channels.
This solution has two virtual channels. Please note that the “#” and “#.#” place holders in the path and processes below need to be replaced with the version of Epic Hyperspace in use.
Virtual channel 1:
- Virtual channel name: EPCUSER
- Process: C:\Program Files (x86)\Epic\v#.#\Shared Files\EpicVCHelper#.exe
- Allow list entry: EPCUSER,C:\Program Files (x86)\Epic\v#.#\Shared Files\EpicVCHelper#.exe
Virtual channel 2:
- Virtual channel name: EPCUSR2
- Process: C:\Program Files (x86)\Epic\v#.#\Shared Files\EpicVCHelper#.exe
- Allow list entry: EPCUSR2,C:\Program Files (x86)\Epic\v#.#\Shared Files\EpicVCHelper#.exe
Imprivata OneSign
This solution has one virtual channel.
- Virtual channel name: IMP1166
- Process: C:\Program Files (x86)\Imprivata\OneSign Agent\x64\SSOManHost.exe
- Allow list entry: IMP1166,C:\Program Files (x86)\Imprivata\OneSign Agent\x64\SSOManHost.exe
Midmark IQPath Client Extensions
This solution has four virtual channels: IQecg, IQspiro, IQvitals, and IQvitalsZone.
Details on the process names are not available at this time, so you will need to get them from your environment or from the vendor.
Nuance
Nuance has various solutions with various virtual channels. In total, they have seven virtual channels: PMICIIB, PspSbEx, PspMix, NuCaAux, nuacom, nuaplay, nuarec.
Details on the process names are not available at this time, so you will need to get them from your environment or from the vendor.
Zoom Meetings for VDI
This solution uses several separate virtual channels, all of which are opened by the same process.
- Virtual channel names: ZOOMHDA, ZOOMHDC, ZOOMHDS, ZOOMHDV, ZOOMHDX, ZOOMPHX, ZOOMCCX, ZOOMCCA, ZOOMAUS
- Process 1: C:\Program Files (x86)\ZoomVDI\bin\Zoom.exe
- Process 2: C:\Program Files (x86)\ZoomVDI\bin\ZoomVDITool.exe
- Allow list entry:
- ZOOMHDX,C:\Program Files (x86)\ZoomVDI\bin\Zoom.exe,C:\Program Files (x86)\ZoomVDI\bin\ZoomVDITool.exe
- ZOOMHDA,C:\Program Files (x86)\ZoomVDI\bin\Zoom.exe
- ZOOMHDC,C:\Program Files (x86)\ZoomVDI\bin\Zoom.exe
- ZOOMHDS,C:\Program Files (x86)\ZoomVDI\bin\Zoom.exe
- ZOOMHDV,C:\Program Files (x86)\ZoomVDI\bin\Zoom.exe
- ZOOMHDX,C:\Program Files (x86)\ZoomVDI\bin\Zoom.exe
- ZOOMPHX,C:\Program Files (x86)\ZoomVDI\bin\Zoom.exe
- ZOOMCCX,C:\Program Files (x86)\ZoomVDI\bin\Zoom.exe
- ZOOMCCA,C:\Program Files (x86)\ZoomVDI\bin\Zoom.exe
- ZOOMAUS,C:\Program Files (x86)\ZoomVDI\bin\Zoom.exe,C:\Program Files (x86)\ZoomVDI\bin\ZoomVDITool.exe
If you have any questions or comments, please share them below!