Configure Policy Tampering Detection

Prerequisites

To configure Policy Tampering Detection feature, make sure that you have the following:

  • For cloud deployments - Cloud Desktop Delivery Controller version 115 or later
  • For on-premises deployments - Citrix Virtual Apps and Desktops version 2308 or later
  • Windows Virtual Delivery Agent Installer version 2308 or later
  • For Windows - Citrix Workspace app for Windows 2309 or later
  • For Mac - Citrix Workspace app for Mac 2308 or later
  • For Linux - Citrix Workspace app for Linux 2308 or later

To enable Policy Tampering Detection, the admin must start the Citrix AppProtection Service on the TS/WS VDAs which are hosting the virtual apps and desktops configured with App Protection.

Do one of the following steps to enable Policy Tampering Detection:

  • Using the command prompt:

    1. On the leftmost of the taskbar, click the Search Search icon icon. Type cmd and then click Run as administrator. The Command Prompt screen appears.

    2. Run the following commands:

      
      sc config ctxappprotectionsvc start=auto
      sc start ctxappprotectionsvc
      
      <!--NeedCopy-->
      
  • Using the user interface:

    1. On the leftmost of the taskbar, click the Search Search icon icon. Type services.msc and press Enter. The Services screen appears.

      App Protection Services

    2. Select Citrix AppProtection Service and then click Start.

    3. Right-click Citrix AppProtection Service and then select Properties.

    4. Select General > Startup type > Automatic and then click OK to make sure that the service starts automatically when the system starts.

      App Protection Services - Properties

Policy Tampering Detection feature is enabled successfully.

To detect and block prior versions of Citrix Workspace app that do not support Policy Tampering Detection, configure App Protection Posture Check. For more information about App Protection Posture Check, see App Protection Posture Check.

Expected behavior if App Protection Policy Tampering Detection fails

  • If the Policy Tampering Detection VDA Citrix Policy is enabled and you’re using a Citrix Workspace app version that does not support the Policy Tampering Detection feature, then the session terminates without displaying any error message.
  • If you’re using a Citrix Workspace app version that supports the Policy Tampering Detection feature, then the session terminates displaying the following error message based on the OS you are using:
    • Windows:

      Posture check error in Windows

    • Mac

      Posture check error in Mac

    • Linux

      Posture check error in Linux

Configure Policy Tampering Detection