Am 09.11.2016 um 07:29 schrieb Kish N Kepi:
I’m looking for recommendations for Anti-Malware software to install
specifically on Windows Servers (2008R2, 2012R2, 2016)
NONE.
On a normal workstation with dumb users one may hope that the pros
outweight the cons, but how should they manage to do this on a server
with only admin users, with no web surfing and no email?
All anti-virus/malware products have pros an cons. One of the cons is
that they create false positives, which sometimes break windows. You
don't want this to happen on your servers. On all at once.
Another con is that they (and their updaters) have serveral times been
shown to be very buggy, they could be tricked into running arbitrary
code with system rights. Consider how many different file formats such
software must be able to interpret, and that code often can only be
judged by letting parts of it actually run (in a sandbox, but still).
Antivirus software is maybe the easiest way how an attacker can trick an
otherwise secure server into running his code. Just by coping a crafted
file to a shared directory.
On most servers nobody should be surfing the web or reading emails.
Except on terminal servers. And maybe except in Server 2016, if it acts
like Win10, where many links in the UI trigger Edge, eventhough they do
not look any different than the other options around them. Bad design.
But if you disable Explorer and Edge, and do not install any other
browser or email software, the server should be pretty safe. Probably
safer without anti-something software, than with it.
Btw does anybody know if Defender is part of Server 2016? If so can it
be disabled?
We just get lots of false positives from Defender in Win10. On my own PC
such a false positive recently killed the backup process (Tivoli)
several days in sequence, eventhough the affected file was already in
the whitelist. The data on this machine machine would definitely have
been safer without Defender than with it. Finally had to delete that
file to make backup work again.
How can it be that we have 2016, and there is still backup software
around, that aborts when one file is blocked by antivirus software?
Please somebody wake up IBM, and make them fix this.
