You want to deploy Symantec Data Loss Prevention (DLP) Endpoint Prevent in a Citrix environment.
You need the steps involved, best practice recommendations, or version support information.
Citrix XenApp or XenDesktop
Note: To ensure that you have the most up-to-date support information for Citrix with DLP Endpoint Prevent, refer to the on-line help page About Citrix XenDesktop and Citrix XenApp support and Symantec Data Loss Prevention System Requirements and Compatibility Guide. (Select the version deployed in your environment from the version drop-down menu.)
DLP Endpoint Prevent can monitor virtual desktops that are hosted by Citrix XenDesktop and Citrix XenApp/Application servers. Prevent also prevents remote users from copying any sensitive data that is accessible through a virtual desktop. A DLP Agent can be installed in each virtual desktop. By running a DLP Agent in the virtual host, you can prevent a user from copying any confidential data that is accessible from the hosted virtual desktop to a remote computer or device that may not be secure. You can configure the DLP Agent to monitor storage volumes, print and fax requests, clipboards, and network activity on the virtual desktop.
The DLP Agent is installed on Citrix XenDesktop and Citrix XenApp/Application servers, where it can detect confidential data that is sent to a Citrix client computer.
Refer to the Symantec Data Loss Prevention System Requirements and Compatibility Guide for supported versions.
The DLP Agent monitors the following locations and activities on the Citrix virtualized endpoint:
All incidents that are generated on Citrix drives by the DLP Agent display as Removable Storage Device incidents. In the Enforce Server administration console, you cannot deselect the Removable Storage event for Citrix drives. The Removable Storage event always gets monitored by the agents that are deployed to Citrix servers. Note: The IP addresses in incident snapshots contain the IP address of the XenDesktop virtual machine or XenApp server and not a Citrix client.
Symantec does not recommend using a single Endpoint Prevent detection server with both physical endpoint computers and Citrix XenApp servers. When you use the Enforce Server administration console to configure endpoint events to monitor, you must deselect CD/DVD and Local Drive events for Citrix XenApp agents. (These items are present on the Agent Configuration screen, but they are not supported for Citrix XenApp.) Using the same Endpoint Server for non-Citrix agents limits the functionality of those agents. You must disable Local Drive and CD/DVD events for the server as a whole. To support the DLP Agent on both Citrix XenApp servers and physical endpoint computers, Symantec recommends that you deploy two Endpoint Servers. Ensure that each server is reserved for either Citrix XenApp agents or physical endpoint agent installations.
You may also want to review Article ID: 206132 Managing the DLP Agent in a VDI environment