Yes, Windows Defender is part of Server 2016. Yes, you can (effectively) disable it (by creating a global exemption for all files and all processes and disabling real-time scanning).
Can't speak to your Tivoli experience. Probably should complain on twitter for more attention. -----Original Message----- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Klaus Hartnegg Sent: Wednesday, November 9, 2016 4:35 PM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] Managed Anti-Malware for Servers Am 09.11.2016 um 07:29 schrieb Kish N Kepi: > I'm looking for recommendations for Anti-Malware software to install > specifically on Windows Servers (2008R2, 2012R2, 2016) NONE. On a normal workstation with dumb users one may hope that the pros outweight the cons, but how should they manage to do this on a server with only admin users, with no web surfing and no email? All anti-virus/malware products have pros an cons. One of the cons is that they create false positives, which sometimes break windows. You don't want this to happen on your servers. On all at once. Another con is that they (and their updaters) have serveral times been shown to be very buggy, they could be tricked into running arbitrary code with system rights. Consider how many different file formats such software must be able to interpret, and that code often can only be judged by letting parts of it actually run (in a sandbox, but still). Antivirus software is maybe the easiest way how an attacker can trick an otherwise secure server into running his code. Just by coping a crafted file to a shared directory. On most servers nobody should be surfing the web or reading emails. Except on terminal servers. And maybe except in Server 2016, if it acts like Win10, where many links in the UI trigger Edge, eventhough they do not look any different than the other options around them. Bad design. But if you disable Explorer and Edge, and do not install any other browser or email software, the server should be pretty safe. Probably safer without anti-something software, than with it. Btw does anybody know if Defender is part of Server 2016? If so can it be disabled? We just get lots of false positives from Defender in Win10. On my own PC such a false positive recently killed the backup process (Tivoli) several days in sequence, eventhough the affected file was already in the whitelist. The data on this machine machine would definitely have been safer without Defender than with it. Finally had to delete that file to make backup work again. How can it be that we have 2016, and there is still backup software around, that aborts when one file is blocked by antivirus software? Please somebody wake up IBM, and make them fix this.
