4 Replies Latest reply on Jul 8, 2010 5:32 AM by orbit99

    Which Windows Servers should I install VirusScan 8.7i on?

    steven.medeiros

      First I apologize in advance if this subject has come up before.

      On upon making a proposal to install VirusScan 8.7i on our corporate server infrastructure via EPO 4.5, I have been caught up in a political storm from upper management.

      I have done all the research and have seen all the best practice exceptions rules for the various MS servers out there. However, the thinking from upper management is (1) They don't want to sacrafice performance for a antivirus product and (2) since some servers don't hold read/write data, then why put an antivirus on that server?

      I just wanted to get a general consensus from the McAfee community on your feelings about deploying VirusScan on MS Servers. The servers in question are: MS SQL 2008, DCs (2008), Sharepoint, Exchange 2007, etc.

      Thanks in advance for your input.

        • 1. Re: Which Windows Servers should I install VirusScan 8.7i on?
          wwarren

          My 2c and a dash of common sense: The role of the server doesn't matter; it needs protecting.

           

          It is not common that malware will have code akin to saying, "Oh you're an SQL server, I couldn't possibly do any harm or replicate there, I'll leave you alone".

          Or even "I see you are a busy Exchange server, too busy for me to think about interrupting you... as you were."

           

          If it's a Windows box, it needs anti-virus protection

          • 2. Re: Which Windows Servers should I install VirusScan 8.7i on?


            Every server in the organization requires antivirus protection. The latest versions of antivirus products will run without compromising performance on the same hardware eligible to run SQL 2008, Exchange 2007 and Sharepoint. you may want to exclude sql database files and log files from on-access scan. the same applies to exchange. on exchange, we do not use e-mail antivirus (we do have file AV). it's done on the perimeter and on the clients. this is done to less complicate exchange server (damn sensitive) and also to save on performance. sharepoint also has special antivirus.

             

            if you want to prove to management, install a windows pc, connect it to internet and keep it connected for few weeks. scan the pc after and see how many spywares and viruses popup. thats what I did (I did it to prove one more thing; that symnatec av (at that time) was not efficient in catching viruses).

             

            avoiding few servers is not going to save you lot of money on the licensing side. we bought 101 clients eventhough our clientbase is around 80. above 100, per user license price is lesser than below 100. so its cheaper for your if you have more clients.

             

            Hope this helps.

             

            regards,

            1ndian

            • 3. Re: Which Windows Servers should I install VirusScan 8.7i on?
              jmcleish

              steven.medeiros wrote:

               

              Which servers should i install VirusScan 8.7i on?

               

              Answer: ALL OF THEM.

               

              I have 208 servers (W2000/W2003/W2008)- currently all of them have 8.5ip8 on them (except our one W2008 R2 box) just purely because I haven't had the time to upgrade them (all my staff machines except W7 are at 8.5p8 as well) and will be moved onto 8.7 eventually too.

              Ours include SQL, DCs, Exchange etc

               

              All windows boxes are vulnerable unless you lock them down immensely- e.g. having a closed network with no external usb/ data storage devices allowed etc (which then becomes unusable to work with).

               

              You can add exclusions, low risk processes for your servers to reduce any overhead.

               

              Viruses and worms can spread throughout a network in a matter of minutes. Its no longer safe just to have the machine patched up to date with security fixes. You need protection.

               

              Having seen all machines reboot on a network with the Blaster virus and machines getting remotely password hacked with an infiltration of Conficker. Anti-Virus software is essential.

               

              Regards

              Jane

              • 4. Re: Which Windows Servers should I install VirusScan 8.7i on?

                As previous posts mentioned, all the servers would need an antivirus. A good question to enforce the need is to ask; can I afford having those servers down/unavailable/spreading malware if they are infected?


                Potential performance issues can be dealt with by certain configuration changes. See KB for exclusions on Exchange server and other products.

                 

                If your tests results reveals that these changes are not enough, you can move to a more radical approach by not installing certain components. For example, you can install (silently) only On-Access Scan and AutoUpdate using the following command:

                SetupVSE.exe ADDLOCAL=OnAccessScanner,AutoUpdate /q


                More details available on product guide of VSE 8.7i p13 (English ver.).


                I've seen this works well on servers where workarounds can not be made on i.e. Access Protection or BufferOverflow. However, you are loosing the additional protection provided by these components, so use it only when you have to and when it's in compliance with you internal security policy.