Microsoft Defender Update Causing Issues with Citrix Delivery Controllers and Cloud Connectors

Citrix has announced an issue impacting the Citrix Broker and Citrix HighAvailability services on the Delivery Controllers and Citrix Cloud Connectors with Microsoft Defender installed.


The problem:

The Microsoft Defender update is causing Defender to detect Citrix Broker Service And Citrix High Availability Service as Trojan and deleting them.


Your environment may be affected if you see these symptoms:

  • Citrix Broker service is not present in Services console.
  • exe is also missing from c:\program files\Citrix\Broker\Services\
  • Citrix Studio states – re-enter the delivery controller address with Error “Could not contact the Broker Service.”



For on-premises deployment, Microsoft has released an updated Antivirus Definition 1.321.1341.0 to address this issue. Please follow the steps below to clear the current cache and trigger an update, using a batch script that runs the following commands as an administrator:


cd %ProgramFiles%\Windows Defender

MpCmdRun.exe -removedefinitions -dynamicsignatures

MpCmdRun.exe -SignatureUpdate


If the issue persists, you can find several other workarounds here.