Hyper V and AntiVirus Software


I run Windows 2008 with the Hyper V service installed and running. I have 3 Virtual windows 2003 server running within Heper V and all is good.
My question is we run McAfee TOPS on our host windows 2008 server do i also need to install anti virus software on the virtual servers even though its already installed on the physical hosts?

Who is Participating?
FunktopusConnect With a Mentor Commented:
Uninstall the McAfee TOPS package from any physical hosts that you have. Create another VM (or use an existing one) to reinstall the TOPS console onto. Use this VM as your anti virus management server.

Push the client package onto the other VMs - but not to the physical hosts.

You do not need to worry about protection for the physical hosts because they do no other work except for hold the virtual machines. It's the virtual machines that are exposed - hence they need protection.

Hope that clears it up.

JohnBusiness Consultant (Owner)Commented:
Yes, you need it on each machine. The virtual machines are independent of each other.  ... Thinkpads_User
You should install anti virus software on each of your virtual machine.

Well depends upon the usage of the 3 2003 VMs, as if your server are going to be used for browsing, surfing, searching and email access etc, than certainly you should have AV on these machines whereas you are not going to perform / should not perform such tasks on Host machine/Server machines.

AV software is a balance of risk and cost. On a desktop the risk of getting a virus by email, web browsing or something like a USB stick is very high. On a VM host it's extremely low.
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

You need to do the exact opposite of what you're currently doing. Hyper-V hosts should be bare bones according to best practice - meaning they should have absolutely nothing but the Hyper-V role applied.

Anti viral software may affect performance of the host server if scans etc are initiated - in turn this will affect the performance of the VMs. Even worse is if you AV software on the hyper-v host removes a required file and breaks a VM or two - you're going to have lots of fun rebuilding the host and restoring your VMs etc.

Hence the host should have nothing on it.

Each virtual machine however should have anti virus protection.

Hope that helps - Nick
I agree with the previous poster. I run my Hyper-V hosts on server core with no antivirus (since they do not host file shares and are never used for any kind of browsing, they're less vulnerable, and I found antivirus caused some strange issues with VMs), but all my virtual machines run antivirus, just as if they were physical.
kingcastleAuthor Commented:
so whats it to be unistall AV from the hyper v physical hosts?

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.