Avatar of sara2000
sara2000
 asked on

Anivirus on a Domain Controller

I need an experts opinion on installing anti-virus on domain controllers.  Would you recommend to install antivirus on DCs if so do we have to exclude any folders?
I took over the AD admin and noticed the users log on take a while. The network has all new DCs with plenty of memory. I seen the GPs part loading for long time.
Can that be with antivirus and need to be excluded some folders?
InstallationNetworkingActive Directory

Avatar of undefined
Last Comment
masnrock

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Alex

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Paul MacDonald

"Would you recommend to install antivirus on DCs..."
Yes.

"...if so do we have to exclude any folders?"
Not unless you were having problems with false positives.

There can be many reasons for a long  login process.  I wouldn't assume it was the antivirus.  Does your product have a firewall with it, or do you use the built-in Windows Firewall?  Something like that might be an issue.
John

Would you recommend to install antivirus on DCs if so do we have to exclude any folders?

Yes, on all servers.   In addition to the above suggestions, you may need to make exclusions for applications as well. Anti Virus can ruthlessly quarantine good applications that it does not know about, making you reinstall the applications. I have had to do this.

But server antivirus picks up files with viruses that users have (inadvertently) uploaded.

So do not go without protection.
masnrock

I need an experts opinion on installing anti-virus on domain controllers.  Would you recommend to install antivirus on DCs if so do we have to exclude any folders?
YES YES YES install AV. You probably do need sets of exclusions. Alex's post probably has a lot of what you need. But whatever AV you get, make sure that it's a version that's designed for servers!

I took over the AD admin and noticed the users log on take a while. The network has all new DCs with plenty of memory. I seen the GPs part loading for long time.
Can that be with antivirus and need to be excluded some folders?
This could be a number of things, including AV. But exclusions MIGHT help. You should look at the log of what is getting scanned. Adjust appropriately for your environment. Better yet, work with support from your antivirus vendor.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck