Best anti-virus and anti-malware software for WS2012R2?

[riahc3]

I use anti-virus and anti-malware on my PC but recently Im changing to storing everything on a NAS running WS2012R2. I would like to know what recommendations I should put for anti-virus and anti-malware. Should I just use the same I use for my PCs?

Currently Im using Microsoft's Security Essentials and Malwarebyte's Anti-Malware.

Thank you

 

[Ketchup]

This question has been known to space large debate around here. I think MSE would be fine.

Personally, my File Server has access to my local network only. No Internet. Anything I put on it from the Internet (on the local machines) is scanned before I send it over. Therefore, I do not run antivirus on the Server.

 

[smakme7757]

I don't think you can run MSE on a server OS. I tihnk the installer just spits the dummy and exits.

I currently use AVG File Server Edition on my file server running 2012 R2. However as a really cheap solution you can run the home version of Vipre Antivirus, but i found it to really suck CPU cycles so i swapped it out for AVG.

AVG wasn't all that expensive either. Extremely cheap compared to other solutions like Eset or Kaspersky server edition.

 

[Ketchup]

I don't think you can run MSE on a server OS. I tihnk the installer just spits the dummy and exits.

That makes a lot of sense. I have found a lot of software that won't run on Server editions.

 

[gitano]

MSE only works on client OSes, for servers the Microsoft offer its Forefront

http://www.microsoft.com/en-gb/business/products/forefront-server.aspx

I know there was a evaluation version somewhere in microsoft.com but not got the link 🙂
edit: lol to late link to eval version inside the above link O🙂

 

[riahc3]

Is Forefront called Microsoft Forefront Endpoint Protection? Im not sure if that Forefront Server product is another thing or the same thing.

Microsoft Forefront Threat Management Gateway? There are a lot of versions it seems 🙂

 

[ggadrian]

I'm running it without an antivirus.

If you don't use it as a workstation (so you don't look webpages, install untrusted software and stuff), it has a properly configured firewall and it isn't mission-critical it should be fine.

 

[code65536]

I'm running it without an antivirus.

If you don't use it as a workstation (so you don't look webpages, install untrusted software and stuff), it has a properly configured firewall and it isn't mission-critical it should be fine.

I would go further: If the server isn't being used as a workstation, then don't put on antivirus, period. No other qualifications are necessary.

Don't pollute your system with antivirus. You don't need it. You don't want it. And it won't do you a lick of good.

It's extremely unlikely that any form of antivirus is not going to be able to protect you against a blackhat exploiting an unpatched flaw. Patch your server, check its exposure surface, etc. But don't use antivirus, because it likely won't (and most importantly, it likely can't) protect you against the kinds of threats that servers face, which are very different from the kinds of threats faced by a client system or workstation.

 

[riahc3]

I'm running it without an antivirus.

If you don't use it as a workstation (so you don't look webpages, install untrusted software and stuff), it has a properly configured firewall and it isn't mission-critical it should be fine.

What do you store on it?

I store files which come from all different type of sources.

 

[ggadrian]

What do you store on it?

I store files which come from all different type of sources.

Personal stuff mostly. I keep my photographs (I like photography) and videos, movies and tv shows (it's also a Plex server) and stuff from school.

I'd hate to loose it, but if worse comes to worse I can keep on with my live without them. The most important ones are backed up off-site just in case.

 

[BonzaiDuck]

Interesting issue. And because it has been of concern to me firsthand, I'd discovered it's not a new topic from my forum and web searches.

People have taken really opposite positions: "Yes, you should use AV-ware; No-- you don't need it and shouldn't."

I finally settled on ESET's Nod32 on my server, and use the Windows Firewall.

One person pretty much had it spot-on though: If the clients are all protected, and you don't have any connection between server and internet for anything more than Windows Updates, you'd think you're well-fortified all around.

But I have family members on my LAN who . . . don't use their common sense. Mom -- almost 90 -- is obsessed with Publisher's Clearinghouse and thinks she's "won" about five times a year -- she doesn't manage her "junk" mail well; and my Bro' -- who used to visit certain "XXX" sites. When Kaspersky told him of a threat, he dismissed the warning and infected his box with all sorts of malware.

Bro wised up. Mom -- I just have to keep an eye on her computer. But I'm inclined to install AV-ware on my server, even if I wouldn't otherwise need to.

 

[code65536]

What do you store on it?

I store files which come from all different type of sources.

Irrelevant. I could purposefully download gigabytes of malware and stash it all on the server and it would pose no more threat to that server than if all I did was download plain boring text files.

Downloading anything is harmless. Data is inert. Execution is the thing to watch out for, and that's why, if you're using the server as a server and not as a client, there's nothing to worry about. And when something is executed, it hoses the system that executes it, not the system that stores it. So running a piece of malware on a network drive doesn't hose the system that hosts that network drive, but instead the system that did the running. (That having been said, once the system that runs the malware is compromised, it could be used as a springboard from which to attack the server, but that's a possibility regardless of whether the malware is hosted locally on the client or remotely on the server.)

People have taken really opposite positions: "Yes, you should use AV-ware; No-- you don't need it and shouldn't."

Except one of those positions is couched in ignorance and the other is not. 😉

Again, the threats faced by a server are very different than those by a client, because if the user is not doing things, then that means undesired code execution on a server comes from the exploit of security holes, which, if you keep your server OS and software patched, are 0day affairs, and AV is f---ing useless against those kinds of things. And there's a non-zero cost to AV, and I don't mean financially, in the form of false-positives that more often than not do more damage than the (very limited set of) things that they do protect against.

However, something like EMET would help in the kinds of attack scenarios a server would encounter.

 

[Ketchup]

What do you store on it?

I store files which come from all different type of sources.

Do the computers sending the files to the server not have antivirus? I would shift my malware concern to that/those computers.

 

[riahc3]

Irrelevant. I could purposefully download gigabytes of malware and stash it all on the server and it would pose no more threat to that server than if all I did was download plain boring text files.

Downloading anything is harmless. Data is inert. Execution is the thing to watch out for, and that's why, if you're using the server as a server and not as a client, there's nothing to worry about. And when something is executed, it hoses the system that executes it, not the system that stores it.

Your post makes perfect sense.

That being said, wouldn't it be "better protection" to have something detected before it can even run on a client that has antiwhatever installed on it? I see it as a double layer of protection, right?