Need Malware, Virus, and Ransomware protection for older Windows Server 2008

computerlarry
computerlarry used Ask the Experts™
on
I need malware protection for an older Windows Server:

The user has an older Windows Server:
Windows Server Standard FE, Service Pack 2  Copyright 2007

Is this a Small Business Server 2008?

What can I use for Virus, Malware, and Ransomware protection?

I have a license for Malwarebytes Endpoint Protection, but I can't locate a version of Malwarebytes that supports this system.

This server will be migrated soon.  I need to protect it for a while.
Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2016

Commented:
FE indicates Foundation Edition of WS 2008, a limited version of SBS 2008 with only 15 users are available which went out of support April 2017. Time to replace this product as it is a security hazard. How much is your business worth to you?
Most Valuable Expert 2013
Commented:
You already know that 2008 is full of security holes

Do you already have an upgrade plan with Microsoft?
You may be able to swing Extended Support through it for critical patches to cover you until you upgrade
https://download.microsoft.com/download/C/8/5/C851D4E2-ED1F-4F56-AEC0-1561D85AB489/Extended_Security_Updates_for_Windows_Server_2008_and_SQL_Server_2008_End_of_Service_FAQ.pdf

The last MBAM that supported Server 2008 went out of support itself in 2015, you can download it from OldApps but it almost certainly won't activate with the Endpoint licence you have so what active protection you have (which will look for heuristics but only recognise signatures through to 2015) will be subject to a trial period.

Otherwise the best you'll achieve is to ensure you're up to SP2
https://www.microsoft.com/en-us/download/details.aspx?id=16468

Consider blocking SMBv1 via PS as that's certainly one of your biggest vulnerabilities
https://support.microsoft.com/en-us/help/2696547/detect-enable-disable-smbv1-smbv2-smbv3-in-windows-and-windows-server

Am certain you're aware this cannot be made completely "safe" so you need users onboard to use caution and move to a supported OS ASAP.
AntzsInfrastructure Services

Commented:
Since the server OS is already without support, it may not make a big difference if it is installed with and AV or not.  

But still no harm in installing and AV for it.  You can try ClamWin, which does support Windows 2008.  http://www.clamwin.com/

Still, better migrate soon.
Shaun VermaakSenior Consultant
Awarded 2017
Distinguished Expert 2018

Commented:
This is my general advice for Ransomware protection

Best prevention to Ransomware is only allowing whitelisted application access to sensitive paths, such as My Documents, and version controlled/air capped backup. Never pay the ransom because you have no guarantee that you will actually get the decryption key and the funds are almost always used for organized crime.

If I encrypt a file, for security or malicious intent and I use proper encryption the following is true
Breaking a symmetric 256-bit key by brute force requires 2128 times more computational power than a 128-bit key. Fifty supercomputers that could check a billion billion (1018) AES keys per second (if such a device could ever be made) would, in theory, require about 3×1051 years to exhaust the 256-bit key space.
https://en.wikipedia.org/wiki/Brute-force_attack

Here are some articles related to security hardening that you might find useful

Get rid of over-privileged users, such as ones in DA
https://www.experts-exchange.com/articles/29596/Securing-Active-Directory-Administrators-Groups.html

Implement a delegation model
https://www.experts-exchange.com/articles/29366/Delegation-the-proper-way.html

Securely manage local admin passwords, and administrator members
https://www.experts-exchange.com/articles/31583/Active-Directory-Securely-Set-Local-Account-Passwords.html
https://www.experts-exchange.com/articles/30617/How-to-manage-local-account-passwords-from-Active-Directory-without-LAPS.html
https://www.experts-exchange.com/articles/29652/Strategy-to-centrally-manage-Local-Administrators-group-from-Active-Directory.html

Get rid of old accounts that might be used maliciously
https://www.experts-exchange.com/articles/30820/Active-Directory-Cleanup-Tool-ADCleanup.html

Implement tier-isolation to prevent tier jumps from lateral movement
https://www.experts-exchange.com/articles/29515/Active-Directory-Simple-Tier-Isolation.html

Create intelligence password policies
https://www.experts-exchange.com/articles/33078/How-to-create-an-Intelligent-Password-Policy-for-Active-Directory.html

Utilize host-based firewalls, Windows or otherwise
https://www.experts-exchange.com/articles/31687/Windows-Firewall-as-Code.html

Do AD password audits
https://www.experts-exchange.com/articles/29515/Active-Directory-Simple-Tier-Isolation.html

Create your file server structure using the least privilege principle
https://www.experts-exchange.com/articles/32349/FSMainFolder-Files-Server-Structure-Automation-Tool.html

and implement a security framework such as CIS
https://www.cisecurity.org/

Author

Commented:
Will be transferring to Server 2016 next week.  I was hoping to have some effective protection until then.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial