General discussion


Real-time AV on Servers?

By billbohlen@hallmarkchannl ·
We are using Symantec AV version 10 on all servers and workstations. We are trying to gain support for a task to disable the real-time scanner on all servers except for file & print.
We've noticed through the years that SAV real-time scanning can cause major application problems and performance degradation.
Over the years we've set up scan exclusions for Exchange and domain controllers, but it seems like every server needs a different set of exclusions.
Those of you with a corporate antivirus solution: how is this configured on your servers? Do you have real-time AV scanning enabled or disabled? Why?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by CG IT In reply to Real-time AV on Servers?

The Symantec Corporate AV solution is very scalable. Though the Symantec admin console, you can group computers together and configure then for the type of AV you want which can be different than those not of that group or computers in different groups.

There is no one set of "best practices" on whether you need AV on servers or not. AV boils down to client computers that have internet access and or pose security risks which connect to those server that might introduce a virus, malicious code or whatnot [which by virtue of floppy drives or CD drives or Flash Memory disks, USB connections, all clients are a risk].

We have AV on all computers because of such risks. Yeah, lots of administrative work and planning but then thats our job.

Collapse -

by lowlands In reply to Real-time AV on Servers?

We also use Sym. And even though it sometimes is a nightmare to manage, we also have realtime enabled on all of our systems. Yes, it means at times we'll have to exclude certain directories for some of our systems. And like CG we divide servers in groups where possible. Even though in theory application servers should be less likely to attract virusses then say workstations or file/print server, why run the risk? In our case, I know every now and then an application custodian will run IE from an application server.

Collapse -

by NZ_Justice In reply to Real-time AV on Servers?

we use Trend AV Server protect, Symantec AV kept screwing the servers over. We use Symantec for clients though. No anti-virus on Citrix W2k3 blades though it's just easier to run the citrix servers without AV running on the system as well, they are protected elsewhere. We also going down the path of using application specific AV protection programs like Antigen for WSS.

Collapse -

by Scott James In reply to Real-time AV on Servers?

With SAV 10 (or any AV on a server), one thing that I found useful on servers is to only enable the real time scan to scan on writes, not reads; Along with the usual file extension exclusions. Aside from the mess that SAV can cause on a server, I have come to terms with it since our entire forrest has implemented it and the grouping feature does make things much easier and less time consuming.

SAV 10 has come a long way in my book.

Collapse -

by mipulte In reply to Real-time AV on Servers?

Can anybody say AVAST! Best antivirus ever. It doesn't slow down machines to a crawl (ie. Norton and Mcafee). It is also very inexpensive and manages itself.

Related Discussions

Related Forums