- A  Citrix Provisioned VDI, both MCS and PVS provisioned devices may consume most of its available cache disk space soon after boot, with or without any user interaction.

- A machine left unattended appears to be consuming cache disk space while Procmon and Resource Monitor do not show significant Write IO to C:\

- All efforts to minimize application and Windows Updates along with disabling Microsoft Defender and 3rd party security scanning show no significant difference in Target Device Write Cache disk consumption.

Caution! Using Registry Editor incorrectly can cause serious problems that might require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it.

The PVS cache in RAM to hard disk overflow functionality is shared by MCS devices.  Both Citrix provisioning methods are affected by this matter.  

The optimizer still sets the correct values for some operating systems.  Read the current value and only change it if it is currently set to something other than "disabled" (0x3).

When the Target Device operating system is running Windows 10 1803 or newer or Windows 2019 Server the registry should look like this:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem
"NTFSDisableLastAccessUpdate"=dword:80000001

Windows 10 versions prior to 1803, Windows 2008R2, Windows 2012R2 and Windows 2016 continue to use the other values.  The optimizer sets these values correctly for these operating systems.  
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem
"NTFSDisableLastAccessUpdate"=dword:00000001

Use Fsutil to configure this value to disable NTFSDisableLastAccessUpdate:

>fsutil behavior set disablelastaccess 3

Here is the help for that command:

PS C:\> fsutil behavior set disablelastaccess
Usage: fsutil behavior set disableLastAccess <0-3>

 Values: 0x0 - User Managed, Last Access Updates Enabled
         0x1 - User Managed, Last Access Updates Disabled
         0x2 - System Managed, Last Access Updates Enabled
         0x3 - System Managed, Last Access Updates Disabled

 * When "System Managed" is enabled it allows the system to enable/disable
   last access time updates based on system policy.
 * If group policy is in effect or this registry key is uninitialized then
   the "System Managed" state can not be set and is not displayed.

---

Problem Cause

The PVS Device Optimizer and the Citrix Optimizer need to be updated to include the correct values when configuring this setting.

The NTFSDisableLastAccessUpdate settings determines if Windows updates file-last-access values.  The act of updating the time stamp results in additional IOPs that leads to the unforeseen cache disk usage.  In testing we also found that AV scanning generates significant file-last-access based IOPs and can lead to the same disk consumption concerns.

In the PVS AV Best Practices KB you can find a link to the Windows Defender VDI Handbook that describes how Defender definition updates will trigger a mass scan on all devices unless configured accordingly, as well as other tips that may help to improve VDI performance.
https://support.citrix.com/article/CTX124185

Updating of the Last Access Time Stamp when directories are located on an NTFS volume:
https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/fsutil-behavior