RE: "On Access" AV scanning of servers

2008-02-29 Thread Kim Longenbaugh 
We're primarily a Citrix shop.  The Citrix servers load apps locally and
from file servers.  The user's profiles are stored on file servers,
along with their data.  They browse the internet from their Citrix
sessions.  They access their email via Outlook in their sessions.
Without AV on the Citrix and file servers, we'd be toast because of
infections from malicious websites and other sources of bad stuff.  
We do exclude certain folders, depending on what's stored there.  For
example, we have to exclude the folder where we keep the "Sysinternals"
files (now from MS, of course), since our AV doesn't like them, LOL.

-Original Message-
From: Ben Scott [mailto:[EMAIL PROTECTED] 
Sent: Thursday, February 28, 2008 5:34 PM
To: NT System Admin Issues
Subject: Re: "On Access" AV scanning of servers


On Thu, Feb 28, 2008 at 4:46 PM, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
>  I don't care for the idea of AV software on a server being setup for
"On
>  Access" so that everytime someone accesses/reads a file, AV checks
it.
>  Especially on ANY server that has a DB such as Exchange, SQL, MSDE,
etc.

  Certainly, if you're going to be running AV on a server, it should
be set to exclude all the "hot" files, like databases for Exchange,
SQL, Active Directory, etc.  There's an MSKB article that addresses
this specifically.

  If configured properly, the AV shouldn't hurt anything on the
server.  Whether it's a security benefit/risk/whatever depends on the
environment and personal preference.  Personally, I like to run the AV
on the servers, as it provides another layer (belt-and-suspenders).
Maybe a client's AV is somehow broken in a way that isn't showing up.
Maybe someone manages to attach their worm-infested home laptop to the
LAN.  Whatever.

  YMMV, etc.

-- Ben

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: "On Access" AV scanning of servers

2008-02-28 Thread Free, Bob 
http://support.microsoft.com/kb/822158/en-us

-Original Message-
From: Angus Scott-Fleming [mailto:[EMAIL PROTECTED] 
Sent: Thursday, February 28, 2008 7:28 PM
To: NT System Admin Issues
Subject: Re: "On Access" AV scanning of servers

On 28 Feb 2008 at 18:34, Ben Scott  wrote:

>   Certainly, if you're going to be running AV on a server, it should 
> be set to exclude all the "hot" files, like databases for Exchange, 
> SQL, Active Directory, etc.  There's an MSKB article that addresses 
> this specifically.

Got the number handy?

>   If configured properly, the AV shouldn't hurt anything on the 
> server.  Whether it's a security benefit/risk/whatever depends on the 
> environment and personal preference.  Personally, I like to run the AV

> on the servers, as it provides another layer (belt-and-suspenders).
> Maybe a client's AV is somehow broken in a way that isn't showing up.
> Maybe someone manages to attach their worm-infested home laptop to the

> LAN.  Whatever.

This is a good place to implement a different AV scanner than what you
use on the workstations, that way you truly have suspenders and belt.

--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
+---+




~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: "On Access" AV scanning of servers

2008-02-28 Thread Michael B. Smith 
I cover them here, for Exchange, SQL, domain controllers, and cluster
servers:

http://theessentialexchange.com/blogs/michael/archive/2007/12/05/file-level-
antivirus-for-exchange.aspx

Regards,

Michael B. Smith
MCSE/Exchange MVP
http://TheEssentialExchange.com


-Original Message-
From: Angus Scott-Fleming [mailto:[EMAIL PROTECTED] 
Sent: Thursday, February 28, 2008 10:28 PM
To: NT System Admin Issues
Subject: Re: "On Access" AV scanning of servers

On 28 Feb 2008 at 18:34, Ben Scott  wrote:

>   Certainly, if you're going to be running AV on a server, it should
> be set to exclude all the "hot" files, like databases for Exchange,
> SQL, Active Directory, etc.  There's an MSKB article that addresses
> this specifically.

Got the number handy?

>   If configured properly, the AV shouldn't hurt anything on the
> server.  Whether it's a security benefit/risk/whatever depends on the
> environment and personal preference.  Personally, I like to run the AV
> on the servers, as it provides another layer (belt-and-suspenders).
> Maybe a client's AV is somehow broken in a way that isn't showing up.
> Maybe someone manages to attach their worm-infested home laptop to the
> LAN.  Whatever.

This is a good place to implement a different AV scanner than what you use
on 
the workstations, that way you truly have suspenders and belt.

--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
+---+




~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

Re: "On Access" AV scanning of servers

2008-02-28 Thread Angus Scott-Fleming 
On 28 Feb 2008 at 18:34, Ben Scott  wrote:

>   Certainly, if you're going to be running AV on a server, it should
> be set to exclude all the "hot" files, like databases for Exchange,
> SQL, Active Directory, etc.  There's an MSKB article that addresses
> this specifically.

Got the number handy?

>   If configured properly, the AV shouldn't hurt anything on the
> server.  Whether it's a security benefit/risk/whatever depends on the
> environment and personal preference.  Personally, I like to run the AV
> on the servers, as it provides another layer (belt-and-suspenders).
> Maybe a client's AV is somehow broken in a way that isn't showing up.
> Maybe someone manages to attach their worm-infested home laptop to the
> LAN.  Whatever.

This is a good place to implement a different AV scanner than what you use on 
the workstations, that way you truly have suspenders and belt.

--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
+---+




~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: "On Access" AV scanning of servers

2008-02-28 Thread Ben Scott 
On Thu, Feb 28, 2008 at 4:46 PM, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
>  I don't care for the idea of AV software on a server being setup for "On
>  Access" so that everytime someone accesses/reads a file, AV checks it.
>  Especially on ANY server that has a DB such as Exchange, SQL, MSDE, etc.

  Certainly, if you're going to be running AV on a server, it should
be set to exclude all the "hot" files, like databases for Exchange,
SQL, Active Directory, etc.  There's an MSKB article that addresses
this specifically.

  If configured properly, the AV shouldn't hurt anything on the
server.  Whether it's a security benefit/risk/whatever depends on the
environment and personal preference.  Personally, I like to run the AV
on the servers, as it provides another layer (belt-and-suspenders).
Maybe a client's AV is somehow broken in a way that isn't showing up.
Maybe someone manages to attach their worm-infested home laptop to the
LAN.  Whatever.

  YMMV, etc.

-- Ben

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: "On Access" AV scanning of servers

2008-02-28 Thread Michael B. Smith 
I've covered my opinions on this topic in depth on my blog...

Wrappage:
<http://theessentialexchange.com/blogs/michael/archive/2007/12/05/file-level
-antivirus-for-exchange.aspx>

And

<http://theessentialexchange.com/blogs/michael/archive/2007/12/02/informatio
n-store-antivirus-for-exchange.aspx>

Regards,

Michael B. Smith
MCSE/Exchange MVP
http://TheEssentialExchange.com

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Thursday, February 28, 2008 4:47 PM
To: NT System Admin Issues
Subject: "On Access" AV scanning of servers

Just curious as to people's thoughts about installing AV software on
servers.  I've sorta been against this in the past, ASSUMING that our
clients have up-to-date AV software on them.  

I don't care for the idea of AV software on a server being setup for "On
Access" so that everytime someone accesses/reads a file, AV checks it. 
Especially on ANY server that has a DB such as Exchange, SQL, MSDE, etc.  

Any reason I should change my mind about that?  Do you typically install
"On Access" AV scanning on all your servers?

JR


mail2web.com - What can On Demand Business Solutions do for you?
http://link.mail2web.com/Business/SharePoint



~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: "On Access" AV scanning of servers

2008-02-28 Thread Sam Cayze 
I don't even turn on On-Access scanning for my workstations anymore.

As for the servers, something should be there IMO.  I usually refrain
from Scheduled scans, except on file servers...

Just make sure you set up all the exclusion for AD, Exchange, IIS, ISA,
WSUS, DNS< DHCP, etc etc etc.

What Anti-Virus scanning exclusions should be considered for system and
servers?
http://tinyurl.com/2gwxd8

Virus scanning recommendations for computers that are running Windows
Server 2003, Windows 2000, or Windows XP
http://tinyurl.com/yo76hg










-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Thursday, February 28, 2008 3:47 PM
To: NT System Admin Issues
Subject: "On Access" AV scanning of servers

Just curious as to people's thoughts about installing AV software on
servers.  I've sorta been against this in the past, ASSUMING that our
clients have up-to-date AV software on them.  

I don't care for the idea of AV software on a server being setup for "On
Access" so that everytime someone accesses/reads a file, AV checks it. 
Especially on ANY server that has a DB such as Exchange, SQL, MSDE, etc.


Any reason I should change my mind about that?  Do you typically install
"On Access" AV scanning on all your servers?

JR


mail2web.com - What can On Demand Business Solutions do for you?
http://link.mail2web.com/Business/SharePoint



~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: "On Access" AV scanning of servers

2008-02-28 Thread Louis, Joe 
I'm with you there.  

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Thursday, February 28, 2008 4:47 PM
To: NT System Admin Issues
Subject: "On Access" AV scanning of servers

Just curious as to people's thoughts about installing AV software on
servers.  I've sorta been against this in the past, ASSUMING that our
clients have up-to-date AV software on them.  

I don't care for the idea of AV software on a server being setup for "On
Access" so that everytime someone accesses/reads a file, AV checks it. 
Especially on ANY server that has a DB such as Exchange, SQL, MSDE, etc.  

Any reason I should change my mind about that?  Do you typically install "On
Access" AV scanning on all your servers?

JR


mail2web.com - What can On Demand Business Solutions do for you?
http://link.mail2web.com/Business/SharePoint



~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

"On Access" AV scanning of servers

2008-02-28 Thread [EMAIL PROTECTED] 
Just curious as to people's thoughts about installing AV software on
servers.  I've sorta been against this in the past, ASSUMING that our
clients have up-to-date AV software on them.  

I don't care for the idea of AV software on a server being setup for "On
Access" so that everytime someone accesses/reads a file, AV checks it. 
Especially on ANY server that has a DB such as Exchange, SQL, MSDE, etc.  

Any reason I should change my mind about that?  Do you typically install
"On Access" AV scanning on all your servers?

JR


mail2web.com – What can On Demand Business Solutions do for you?
http://link.mail2web.com/Business/SharePoint



~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~