<div>
Services have errors, all the time. So if your webserver suffers from some 0-day explout, attackers might be able to run code using the service account (of the web service). Not quite what I'd call &quot;low risk&quot;. AV software might stop that code.<br />
<br />
But AV software is not the best measure. You should turn on applocker and whitelist only the components needed by the web server.
</div>


Services have errors, all the time. So if your webserver suffers from some 0-day explout, attackers might be able to run code using the service account (of the web service). Not quite what I'd call "low risk". AV software might stop that code.

But AV software is not the best measure. You should turn on applocker and whitelist only the components needed by the web server.

<div>
<div class="content wysiwyg-content">
Is there any logic why you would not put AV apps on internet-facing web servers? I would have thought due to their public exposure they are a higher risk for AV infection.
</div>
</div>


Is there any logic why you would not put AV apps on internet-facing web servers? I would have thought due to their public exposure they are a higher risk for AV infection.

AV on internet-facing servers

IIS is Internet Information Services, the web server included with Windows Server operating systems. All current versions are built on a modular architecture; modules can be added or removed individually so that those required for specific functionality are installed. The full installation of IIS includes HTTP, security, content, compression, caching, logging and diagnostics.

Microsoft IIS Web Server

Anti-virus software was originally developed to detect and remove computer viruses. However, with the proliferation of other kinds of malware, antivirus software started to provide protection from other computer threats. In particular, modern antivirus software can protect from malicious browser helper objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious layered service providers (LSPs), dialers, fraud tools, adware and spyware. Some products also include protection from other computer threats, such as infected and malicious URLs, spam, scam and phishing attacks, online identity theft (privacy), online banking attacks, social engineering techniques, Advanced Persistent Threat (APT), botnets and DDoS attacks.

Anti-Virus Apps

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.