Server Av (windows)

[cbodor]

Hello

First post so be kind if I commit some sort of faux pas. I admin several large windows networks for SaaS providers. My track record is great, even with things like code red etc, never (so far as I know) had any intrusion. I use several UTM solutions (namely Astaro which I love) on the perimeter. My question is this, in a enterprise server only environment, with no "user access" (IE me and my team of admins are the only ones on these systems) do you other admins out there use any sort of anti virus? I have always stayed away from AV on servers as I dont see it really being needed so long as your admins are not noobs and the general performance hit of running AV on things like SQL or HTTP servers, but the other side of me thinks its maybe a hole I have ignored. Should AV be deployed on server infrastructure? if so, what AV solution would would suggest? If not, (and assuming you agree with me) what are your reasons for not running AV?

Thanks.

[Infiltrator]

Hi cbodor,

The enterprise that I work for, all their servers currently have Microsoft Security Essentials installed (known as forefront). With regards to your question above whether servers should or not have av installed. One of the reasons I can think of is performance wise. As AVs are constantly monitoring and scanning the system files, it may cause a slight degradation in performance.

But as server are getting faster and faster nowadays it should no longer be an issue. I think at all costs a server should have an Anti-virus installed.

[iisjman07]

By choice I'd install ESET Antivirus; great performance, great detection, generally a great all-rounder

[Infiltrator]

By choice I'd install ESET Antivirus; great performance, great detection, generally a great all-rounder

I've heard of it before, but don't know how well it ranks up.

I know Kaspersky is on the top and Avast in second and AVG in third or fourth.

Edited April 19, 2010 by Infiltrator

[Netshroud]

I've used it before, it's great, but I dont know how it would stack up on servers.

[MRGRIM]

I use NOD32 on my personal servers, seems to work ok and no noticeable performance drop, keep in my that these are far from high availability production servers, we’re talking about SQL for a few obscure websites / test systems e.t.c.

I had a manager who was of the same mind set as you people working on servers should know what they’re doing and to a point I agree, but for the sake of £300 a year I’d stick some AV on there. The last thing I would want to have to do is explain why our servers / network is down for the sake of a few hundred pounds.

[dongle]

Boy, having AV on servers can be a tricky thing sometimes if those servers have services like Exchange or SharePoint running. If the AV isin't configured correctly to skip files that are in use, it can corrupt entire databases or installations in a flash!

Wile I agree that for admin servers there should be little to no threat since we all know admin's never use servers to browse websites or check email : ), but in the real world I prefer to TNO (Trust No One) and have a good defense in depth strategy in place.

That said, we've had great luck with Trend Micro Office Scan which offer real time scanning and scheduled scans, daily definition updates (sometimes multiple per day) and never has interfered with any critical services.

Edited June 14, 2010 by dongle

[nykon]

Here we have Trend OfficeScan on all servers. The benchmarking team have noticed minimal impact on server performance. Deployment is extremely straight forward.

Just like any product update though, I would highly advise testing product updates for some time in a test environment prior to installation on production - as a couple of times in the past year we have had Trend libraries crash.

[lickfrog]

It is always better to error on the side of caution! I do however understand were your coming from. Although most newer systems are more than capable it is my experience that many business do not understand or are not willing to justify the extra expense when for all intense and purposes their current legacy systems are more than adiquit from an executives point-of-view. However many Enterprise level AV products are designed with this in mind. NOD32/ESET is in my opinion the best on the market. They're unique use/implementation of the highly regarded heuristics scanning is light years ahead of the competition. And they are the only AV provider that I know of that can claim 0 missed In-The-Wild viruses and (last I heard) less than 5% missed Zero-Day viruses. The only real down side to this particular product is that it doesn't have most of the more advanced features of current market leaders like Symantec, Norton, and Trendmicro. But lets face it people... this is the vary crap thats slowing down AV products and nodes everywhere!

Back to my original point... don't make the mistake of assuming your safe just because you and your staff are the only ones intended to have access to the Server and remember how stupid you'll feel when everything blows up in your face! We've all done it! Good luck hunting!