I would suggest Trend Micro's Server Security Agent, it is quite efficient, and also is able to provide client computers (if required) protection as well.
Main Topics
Browse All Topics
Loading Advertisement...
Question
What are best practices for installing antivirus protection on servers?
What are best practices for installing antivirus protection on servers? Is there a certain type of server where that's just a bad idea (like a AD DC)? What about IIS web servers (a huge enterprise server, with over 200 Host Header sites, Perl, PHP, .NET, etc. ISAPIIs, all going on it)? What are the best solutions for this?
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Subscribe now for full access to Experts Exchange and get
Instant Access to this Solution
- Plus...
- 30 Day FREE access, no risk, no obligation
- Collaborate with the world's top tech experts
- Unlimited access to our exclusive solution database
- Never be left without tech help again
Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.
- "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
- "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
- "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.
See what Experts Exchange can do for you.
Got a question?
We've got the answer.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
Need individual assistance?
Our experts are ready to help.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Want to learn from the best?
Read articles from industry experts.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Working on a long term project?
Store your work and research.
Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
What Makes Experts Exchange Unique?
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Trusted by the world's most respected brands.
Faithfully serving IT professionals since 1996.
Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Free Tech Articles
-
WARNING: 5 Reasons why you should NEVER fix a computer for free.
It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
-
SCCM OSD Basic troubleshooting
SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
-
Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
-
Create a Win7 Gadget
This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
-
Outlook continually prompting for username and password
There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
-
Backup Exchange 2010 Information Store using Windows Backup
There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...
Cloud Class Webinars
- Avoiding Bugs in Microsoft Access
Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
- Top 10 Best New Features in Visio 2010
Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
- IT Consultant Business Secrets Revealed
Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
- Disaster Recovery and Business Continuity
Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
- Organize Your Visio Diagrams with Containers and Lists
Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
- How to Us Objects, Properties, Events and Methods in Microsoft Access
Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...
Join the Community
Give a Little. Get a Lot.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
Answers
I don't know about best practices, the following is just my personal opinion:
In most cases I would suggest not installing any AV software on a server.
This seems counter-intituitive, but most AV programs are geared towards the end-user desktop. They are most useful in protecting against a user clicking on email attachments, dubious freeware, web links etc. A server should not be used for any these things (email, web surfing, games etc.) so the AV program won't have much to do.
On the down side, an AV program often installs low-level device drivers that scan every file as it is opened. If you're lucky it will only cause a minor slowdown. At worst I've seen it interfere severely with important functions, such as security updates, version updates, halting mail flow, mystery crashes, etc.
The real threat a server faces is from network-borne malware and hacks, so it would be better to focus on securing it in other ways, such as secure passwords, disable unnecessary services, firewall, security patches, etc.
There are two possible cases in which it may be tempting to install AV software on a server - if you're using it as mail server with MS Exchange, or if you're using as a file server. On closer examination I think even these are not necessary. In the case of Exchange server, the AV program must be "exchange-aware", but in my view it is more useful, and more effective, to just install an anti-spam solution that can also block specific attachment types, such as .exe, .zip, .bat etc. In the case of the file server, install the AV where it belongs - on the user desktops. That way if they try to open an infected file from the file-share it will be caught.
The one exception would be if your server is a terminal server. That is is the only scenario in which AV on the server makes sense.
Just my .02. You should weigh the pros and cons for your situation, of course.
as you can see you're going to get differenent answers b/c this really comes down to a matter of personal preference. r-k does make some good points, but in my personal view I put the AV software on the servers b/c I take the approach that the users generally don't know any better & even though they have some sort of AV app, the "bad people" will always be a step ahead.. so why take a chance? but like i said before. this all comes down to what you feel most comfortable with.
r-k and I have disagreed on this before - but that's OK - and one of the neat things about EE.
I put AV on every computing device in the Domain. If I could trust every user (Administrator or others) to always do the right thing, I might change my approach.
Unfortunately, we live in a world where you are better off safe than sorry.
One of the things they talk about extensively in Security seminars is that we must try to be prepared for 'future unknowns'. Even if it might be safe to not run AV on a server right now, we have no way of knowing what the Black Hats will turn loose on the world tomorrow.
AV everywhere and ABS (Anything But Symantec).
Vic
For Installing Antivirus Software on Microsoft Servers needs some attention.
Therefore, it has always been a long argument to install and configure different antivirus software on different Microsoft Server Platforms.
Some IT consultants do not even recommend installing antivirus software on Critical Servers.
Of course vendor documentation is very important and must be analyzed before installing any antivirus products to servers.
But Microsoft has its own recommendations and Best Practices to take into consideration.
Therefore it is better to take a closer look to below Microsoft Articles.
First of all I would like start with the most important part of Microsoft Infrastructure. (Domain Controllers)
1. If your Server holds the domain controller role and there are DNS, DHCP services then we have to review the Microsoft KB article http://support.microsoft.c
a.) %systemroot%\Sysvol folder (include all the sub-folders and files)
b.) %systemroot%\system32\dhcp
c.) %systemroot%\system32\dns folder (include all the sub-folders and files)
d.) %systemroot%\ntds
2. If File Replication (NTFR) service is running on your system, make sure your Anti-Virus software is compatible: KB815263 - Antivirus, backup, and disk optimization programs that are compatible with the File Replication Service http://support.microsoft.c
a.) %systemroot%\ntfrs folder (include all the sub-folders and files)
b.) Files that have the .log and .dit extension
3. If you have IIS installed, exclude:
a.) The IIS compression directory (default compression directory is %systemroot%\IIS Temporary Compressed Files)
b.) %systemroot%\system32\inet
c.) Files that have the .log extension
Refer to the following knowledge base articles for reference:
KB817442 - IIS 6.0: Antivirus Scanning of IIS Compression Directory May Result in 0-Byte File
http://support.microsoft.c
KB821749 - Antivirus software may cause IIS to stop unexpectedly
http://support.microsoft.c
4. If you have SQL installed, you may want to exclude the SQL folder and databases files (or database file types) from scanning for performance reasons:
KB309422 - Guidelines for choosing antivirus software to run on the computers that are running SQL Server
http://support.microsoft.c
5. If you have Exchange installed, perform the relevant file-based scanning exclusions listed in Knowledge Base articles:
KB328841 - Exchange and antivirus software
http://support.microsoft.c
KB823166 - Overview of Exchange Server 2003 and antivirus software
http://support.microsoft.c
KB245822 - Recommendations for troubleshooting an Exchange Server computer with antivirus software installed
http://support.microsoft.c
6. If you have Cluster services, make sure your Anti-Virus software is compatible:
KB250355 - Antivirus Software May Cause Problems with Cluster Services
http://support.microsoft.c
NOTE: If you have a SQL cluster, make sure that you exclude these locations from virus scanning:
a.) Q:\ (Quorum drive)
b.) %systemroot%\Cluster
c.) SQL Server data files that have the .mdf extension, the .ldf extension, and the .ndf extension
7. If you have Sharepoint installed, you should exclude:
a.) Drive:\Program Files\SharePoint Portal Server
b.) Drive:\Program Files\Common Files\Microsoft Shared\Web Storage System
c.) Drive:\MSDEDatabases (particularly on SBS) (where Drive: is the drive letter where you installed SharePoint Portal Server)
Refer to the following knowledge base articles for reference:
KB320111 - Random Errors May Occur When Antivirus Software Scans Microsoft Web Storage System
http://support.microsoft.c
KB322941 - Microsoft's Position on Antivirus Solutions for Microsoft SharePoint Portal Server
http://support.microsoft.c
8. If you have a Systems Management Server (SMS), you should exclude folders:
a.) SMS\Inboxes
b.) SMS_CCM\ServiceData
Refer to the following knowledge base articles for reference:
KB327453 - Antivirus programs may contribute to file backlogs in SMS 2.0 and in SMS 2003
http://support.microsoft.c
NOTE: If you exclude the SMS\Inboxes directory from virus scanning or remove the antivirus software, you may make the site server and all clients vulnerable to potential virus risks. The client base component files reside in the SMS\Inboxes directory
9. If you have a MOM (Microsoft Operations Manager) Server, you consider excluding:
a.) Drive:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Operations Manager
b.) Drive:\Program Files\Microsoft Operations Manager 2005 (where Drive: is the drive letter where profiles are located)
10. If you have an Internet Security and Acceleration Server (ISA) Server, you should exclude:
a.) The ISALogs folder. By default, the ISALogs folder is located in the folder where you installed ISA Server. Typically, this location is Drive:\Program Files\Microsoft ISA Server.
Refer to the following knowledge base articles for reference:
KB887311 - Event ID 5, event ID 14079, and event ID 14176 are logged in the Application log on your Internet Security and Acceleration Server 2000 computer
http://support.microsoft.c
11. If you have a Windows Software Update Services (WSUS) Server role, you consider excluding:
a.) Drive:\MSSQL$WSUS
b.) Drive:\WSUS
(where Drive: is the drive letter where you installed Windows Software Update
Services)
Also refer to the following knowledge base articles for reference:
KB900638 - Multiple symptoms occur if an antivirus scan occurs while the Wsusscan.cab file is copied
http://support.microsoft.c
For More Information you can check the below links.
KB49500 - List of antivirus software vendors
http://support.microsoft.c
KB129972 - Computer viruses: description, prevention, and recovery
http://support.microsoft.c
r-k:
I have to disagree with you. Yes, you should not be surfing or checking email with one of your production servers, but if a worm should get inside your network, then your servers are surely compromised. I have SAV installed on all servers except for SQL and Exchange. In order to install on SQL and Exchange you would have to follow special installation methods so that there arent any issues.
3 Ways to Join
Business Accounts
- Perfect for organizations
- Multiple users
- Save over 36%
- Create a Business Account
Answer for Membership
- Earn free access
- Showcase your knowledge
- No credit card required
- Sign Up to Answer
Loading Advertisement...
by: wfcraven12Posted on 2007-11-29 at 13:14:58ID: 20377394
I have AV installed on all my servers (except Exchange since it has it's own). I have no issues with SAV 10.1.6 at all. I recently tried Symantec's Endpoint Protection & it was a DISASTER. Anyway, on our phone, & backup servers I did disable Auto-Protect, but that's pretty much it.