Security

Do You Need Antivirus on Your Servers?

Servers that are not used interactively are at less risk of being infected with malware, but that doesn’t mean that they should be left unprotected.

While servers are less likely to be infected with malware than end user systems, the ability to detect malicious files on File and Print Servers, or infected attachments on Exchange Servers, can limit the damage or even stop an outbreak before a malicious file reaches users’ PCs.

Most malware requires some kind of interaction for a successful attack, often relying on social engineering to trick users into taking actions that could infect their PC. But depending on the vulnerability being exploited, servers can also become infected without any human interaction, so it’s worth making sure that servers are also protected by AV.

Performance and Operational Issues

Antivirus is sometimes left off servers because of performance issues caused by real-time scanning, or the risk that AV software may quarantine files critical for line-of-business operations. To improve performance, servers should have sufficient memory so that they are able to serve commonly used files from memory, rather than having access hard disks. AV disk scans can be scheduled out-of-hours to make sure there is no impact on performance.

Sponsored Content

Maximize Value from Microsoft Defender

In this ebook, you’ll learn why Red Canary’s platform and expertise bring you the highest possible value from your Microsoft Defender for Endpoint investment, deployment, or migration.

Antivirus on Servers

OS and application updates can be complicated by the presence of antivirus. Anybody who has worked in desktop support will likely be familiar with antivirus occasionally blocking genuine application or system files after an update, or preventing an upgrade from installing. As with any server application, changes to critical systems or applications must be tested in a lab environment to ensure there are no conflicts with antivirus.

Nevertheless, AV definition updates can still cause problems on production servers, and they usually can’t be tested before being applied. You can reduce the risk of potential problems by excluding some carefully chosen folders from AV scans. Microsoft provides some information about exclusions that should be made for different versions of Windows Server. You might also consider excluding some application directories, with advice from vendors.

Antivirus and Virtualization

If you are using a traditional AV solution, it should be installed in the virtualization host partition and in each virtual machine (VM). However, you might consider a specialist product, such as McAfee Management for Optimized Virtual Environments (MOVE) AntiVirus, that can be installed on the host server and provide real-time scanning without installing individual agents installed on each VM. MOVE also provides considerably reduced disk I/O over traditional AV, which can be crucial for virtualized workloads.

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (2)

2 responses to “Do You Need Antivirus on Your Servers?”

  1. […] Originally Posted by KungFooBob But if the clients are fully AV'ed up, then the file won't get to the NAS? Until someone visits with a laptop which isn't. One of many scenarios. Kung-fu alnalogy? It's like saying you never need to learn to fight because there are bouncers on the door. The server needs to be able to defend itself, with the assumption that at any time, a dirty machine could connect to it. The proper answer to this is long and boring. The short answer it that it's just bad practice, supported by many tales of woe and regret for not having done this, cos once it's on a server, it'll shortly be in your backups and attempting to get on all your clients. For instance, get the conficker worm and it's there forever. Originally Posted by KungFooBob Also, there isn't a user instance on the NAS executing the file? There doesn't need to be. E.g. Videos are shared on the nas and the client maps the share to drive "V:" for watching videos. This won't work without permissions. No-one ever types in their password each time, so users always click "remember password". In order for this to work, the user needs to create a user account on the server with the same name and password as the client, so they can use the same credentials to save file to the share. So by watching a film or playing music "on the client", there is actually a user account operating on the NAS Where is goes really wrong is this. The user connects up the mapped share for the first time, and can't be bothered to log in to the server to make a matching account, so they choose the "connect as someone else" option and enter the admin user/pass for the server. Oh dear. Now a file run on the client can infect the the server with full admin access. Just as bad is the user creates a matching user account on the server but gives it full admin permission "cos that's what everyone does on windows". Same problem. Just one scenario of many. Is Antivirus Software Necessary on Servers? […]

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.
External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: