We help IT Professionals succeed at work.

Anivirus on a Domain Controller

197 Views
Last Modified: 2018-10-13
I need an experts opinion on installing anti-virus on domain controllers.  Would you recommend to install antivirus on DCs if so do we have to exclude any folders?
I took over the AD admin and noticed the users log on take a while. The network has all new DCs with plenty of memory. I seen the GPs part loading for long time.
Can that be with antivirus and need to be excluded some folders?
Comment
Watch Question

A lack of information provides a lack of a decent solution.
CERTIFIED EXPERT
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
Paul MacDonaldDirector, Information Systems
CERTIFIED EXPERT

Commented:
"Would you recommend to install antivirus on DCs..."
Yes.

"...if so do we have to exclude any folders?"
Not unless you were having problems with false positives.

There can be many reasons for a long  login process.  I wouldn't assume it was the antivirus.  Does your product have a firewall with it, or do you use the built-in Windows Firewall?  Something like that might be an issue.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
Would you recommend to install antivirus on DCs if so do we have to exclude any folders?

Yes, on all servers.   In addition to the above suggestions, you may need to make exclusions for applications as well. Anti Virus can ruthlessly quarantine good applications that it does not know about, making you reinstall the applications. I have had to do this.

But server antivirus picks up files with viruses that users have (inadvertently) uploaded.

So do not go without protection.
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
I need an experts opinion on installing anti-virus on domain controllers.  Would you recommend to install antivirus on DCs if so do we have to exclude any folders?
YES YES YES install AV. You probably do need sets of exclusions. Alex's post probably has a lot of what you need. But whatever AV you get, make sure that it's a version that's designed for servers!

I took over the AD admin and noticed the users log on take a while. The network has all new DCs with plenty of memory. I seen the GPs part loading for long time.
Can that be with antivirus and need to be excluded some folders?
This could be a number of things, including AV. But exclusions MIGHT help. You should look at the log of what is getting scanned. Adjust appropriately for your environment. Better yet, work with support from your antivirus vendor.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions