1. Target Device (TD) boot times increase when Cylance Protect 2.1 is installed within the vDisk.  The boot delay is after the OS has been delivered to the Target Device and is now resident in RAM.  This is after our Target has transitioned from Single IO to Multi IO mode in a BIOS based TD deployment.  The Target has entered Multi IO when the Windows splash screen is interrupted by the BNIstack to show you Target IP, Server IP & applied TD cache type.

Boot Process Reference:
https://support.citrix.com/content/dam/supportWS/kA460000000CcClCAK/Provisioning_Services_Boot_Process.pdf

2.  Server CPU spikes to near 100% resulting in a delayed IO Read reply.  If a TD were booting while the CPU has spiked the boot process in Single IO is severely impacted resulting in an extended boot delay for a given TD.  Target Devices that are up and running may start to underperform, resulting in end-user observed keyboard /mouse latency and overall underwhelming performance.  

3.  After the BNistack loads the Target Device starts reporting an increase in retries that does not subside.  Retries are a direct correlation of either packet loss or slow storage response, both manifest itself within the TD by causing an immediate negative impact to overall performance.

Citrix is not responsible for and does not endorse or accept any responsibility for the contents or your use of these third party Web sites. Citrix is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement by Citrix of the linked Web site. It is your responsibility to take precautions to ensure that whatever Web site you use is free of viruses or other harmful items.

Cylance Optics is not supported within the Target Device as outlined in the Cylance Protect VDI Best Practices Handbook.  

Cylance requires that there are two policies for the Background Threat Detection (BTD) functionality where the policy for the Read/Write image enables BTD and the policy for the Read-Only Image disables BTD.  The PVS AV Exclusions Best Practices should be applied for the BTD Engine. 

Please Reference
https://support.citrix.com/article/CTX124185 and https://docs.citrix.com/en-us/tech-zone/build/tech-papers/antivirus-best-practices.html

Disable Cylance Protect 2.1 within the vDisk if necessary.

---

Problem Cause

The main purpose of the PVS drivers within the image is to redirect disk IO to the PVS Server.  The Target requests a specific amount of data, from a specific location of the vDisk, its a block based operation.  PVS has no knowledge of what that data consists of.  This IO Request has 1 second to be fulfilled, if there is storage latency or packet loss and the TD doesn't see the PVS Server IO reply, or the Server never saw the original IO request the TD will "retry" for that same block of data.  

Security solutions within the vDisk can be intrusive and have a tendency to impede the IO redirect delivery process.  Please follow the Citrix AV best practices guide and Cylance Protect VDI Handbook for optimal results.

The Cylance VDI handbook should be available with a valid customer account at https://www.blackberry.com