Jump to content
Welcome to our new Citrix community!
  • 0

How to exclude a registry key and/or multiple keys from being affected by elastic layering


Question

I have been attempting to get Palo Alto Traps (now called Cortex XDR) to work on Windows 10 with App Layering version 20.3.0.12. I have added it as an app layer. I have installed it as part of the OS layer. I have set AlwaysOnBoot in an attempt to prevent 'elastic layering' from disrupting things. If I disable elastic layering entirely, everything works great. When disabled it works as an app layer just like it used to on Unidesk 2. I am finally looking at trying to exclude the registry location HKLM\Software\Cyvera\Traps or just HKLM\Software\Cyvera. 

 

How do you exclude a registry key and everything under it to hopefully do the same thing as AlwaysOnBoot does for the file system? Also, how would you do it for multiple locations in the registry?

Link to comment

3 answers to this question

Recommended Posts

  • 0
On 5/4/2020 at 9:13 PM, Terry Cuppett1709159819 said:

I have been attempting to get Palo Alto Traps (now called Cortex XDR) to work on Windows 10 with App Layering version 20.3.0.12.

 

Did you manage to get this sorted? I'm also having trouble with Cortex XDR (7.4.2,) Windows 10 (21H1) and App Layering (21.7.0.1006 with Full User layers). I've used Palo Alto's guidelines from here to install Cortex in the OS layer, with the VDI_ENABLED=1 flag, and it works fine inside that layer as long as it's just the layer open. But when I finalize the layer and publish an image from it, Cortex no longer works: the icon is red, I can't open the console (I get a message saying that the console is disabled by policy), and when I try to do a cytool vdi update, I get the message that this only works on VDI enabled images. So somewhere along the image publication process this gets scrambled.

 

Even though this shouldn't be needed anymore since Cortex 7.2, I have also removed the two update folders, but this didn't help at all.

 

Edit: Turns out I had Cortex XDR installed in an app layer too; perhaps it had auto-updated itself while I had that layer open. I have now created an exclusion for the app layerering master images to not auto-update. Once I removed that layer and re-built it, the Cortex console is again available, and it connects to the server just fine. But I'm still not able to run cytool vdi update, getting that same message about RpcClient: SendRequest: Error 13: VDI Update command is applicable for a vdi enabled instance only. But this is perhaps a different issue.

Edited by Patrick Hjelt
Figured it out (kind of)
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...