Antivirus for Windows Server?

Most consumer antivirus products, either free or paid, do not work on Windows Server 2003/2008 (R2). You're expected to buy the $1000+/year "server edition".

For someone like me who's renting a dedicated Windows VM in a datacenter for $39.99 a month, one of those antivirus solutions would triple my expenses. I've been doing without antivirus for a long time now, but does anybody have suggestions for either free or affordable paid antivirus that will work on Windows Server?

 

I was about to ask this same question, glad I searched first.

Someone recommended Symantec Endpoint Protection.

 

MSE doesn't work on Server 2008 R2??? I've installed it on Server 2008 before. Not sure why R2 wouldn't support it.

 

I did a little more research on MSE on Server 2008 R2 and this is what I found.
MSE on Server 2008 x64 - Microsoft Answers

It seems it will install and work fine according to some posters. However, a Microsoft MVP said that it was not supported on server OS's and that using it may produce unexpected results. So use it at your own risk. But I have it in use in a Server 2008 environment and have had no issues.

I have also used Avast and Avira on server OS's before. Both seem to work well.

 

why would one want anti virus on windows server ? For security reason, it should be locked down and used as a headless server (except for occasional admin tasks). The consumer targetting anti-virus is mainly intended for desktop sessions if I am not mistaken.

 

Yeah, that's the gist of it. I'm sure that if I mucked around with the installer a bit or applied a couple of registry tweaks I could probably get it working, but I figured I'd be better off asking around first for something that officially supports Windows Server.

It's impossible to lock down Windows Server in the way Linux can be locked down. For example, you can still install and run Firefox, MS Office, etc. on Server Core 2008 (R2) - basically anything that doesn't require Direct3D will run. As a result, basically any virus targeting Windows XP/Vista/7 will also affect Windows Server.

True, server versions of Windows are generally less susceptible to malware since there's minimal user interaction, but at the end of the day this is still Windows: every malware author's favorite OS.

 

@Peon

Security is about policy. I have practiced this even in the days of NT(for critical servers anyway). Administrative account is restricted to administration(and for a properly secured server, no one should use it unless for real administrative works, not for browsing porns). So no one would be able to install Office, firefox, flash or anything like that.

In fact, there should not be user accounts on a server.

Linux is no difference. You can login as root and start X then you are at the mercy of X which is a big security hole, again due to the display issue.

 

Or, you could just choose a distro that doesn't have X, or for that matter, anything not strictly related to running your particular type of server, installed to begin with, leaving you with JeOS.

You can't do that with Windows. The Windows services that viruses and worms like Conficker typically target are fully intact and in most cases running even on what Microsoft considers a "barebones" server (aka Server Core). Whether or not you install any frivolous software, those services will be there. And that's before we even get to SQL Slammer type worms which specifically target server software.

You won't be seeing any email trojans or drive by downloads on a server, but those aren't the types of malware making headlines in tech news either.

 

If you didn't want an active approach you could use ClamAV I believe and set it up for scheduled scans. I supplement my MSSE with it