When you read the documentation for Small Buisness Server, or anything
running with Exchange or ISA, there is always a warning that the admin should
make sure that certain folders should be excluded from real-time virus
monitoring.

Since Defender is an MS product, is it clever enough to follow MS's own
guidelines? Or do I have to go and exclude all these folders manually?

Another question that doesn't seem to be answered in the WD docs is: when
you exclude a folder, are all of the sub-folders excluded as well? Some AV
programs will only exclude the root of any folder you specify, such as Avira.

In Particular, I'm using Small Business Server 2003 with Exchange and ISA
running.

Some articles I've read suggest that you not run real-time virus gards at
all on your servers. Opinions?

I think MS Forefront might be a better option for your business needs. Try
taking a look here:

http://www.microsoft.com/forefront/e...formation.aspx

Hope this helps

Stu



"Raybo58" wrote:

> When you read the documentation for Small Buisness Server, or anything
> running with Exchange or ISA, there is always a warning that the admin should
> make sure that certain folders should be excluded from real-time virus
> monitoring.
>
> Since Defender is an MS product, is it clever enough to follow MS's own
> guidelines? Or do I have to go and exclude all these folders manually?
>
> Another question that doesn't seem to be answered in the WD docs is: when
> you exclude a folder, are all of the sub-folders excluded as well? Some AV
> programs will only exclude the root of any folder you specify, such as Avira.
>
> In Particular, I'm using Small Business Server 2003 with Exchange and ISA
> running.
>
> Some articles I've read suggest that you not run real-time virus gards at
> all on your servers. Opinions?

I don’t know the answer as to the scan exclusion, but I have run Defender on
the same software set you have there with no observed issues, fwiw.
I have also run servers without antivirus. Currently, I have antivirus
running on my SBS 2003 server, and what it catches is always email
attachments. It caught those during full-text indexing overnight, mostly,
and I've now turned off full-text indexing...

I wouldn't say that antivirus on the server is redundant--if you get a
network infection that touches the server, you'll be very glad that the
server was looking at it.

In general, I like packages that include antivirus for the server, the
clients, and an admin monitoring app to track what's caught and whether
everybody is up to date. So far, Microsoft has not produced a package that
does this cost effectively for SBS customers.

Anyway--I've run Defender on SBS 2003 premium servers without issues, but
I'm not at all sure that it does those exclusions. Maybe it just works
well, or maybe I was lucky!


"Raybo58" <(E-Mail Removed)> wrote in message
news:8E767BC2-A6BF-4903-AEE5-(E-Mail Removed)...
> When you read the documentation for Small Buisness Server, or anything
> running with Exchange or ISA, there is always a warning that the admin
> should
> make sure that certain folders should be excluded from real-time virus
> monitoring.
>
> Since Defender is an MS product, is it clever enough to follow MS's own
> guidelines? Or do I have to go and exclude all these folders manually?
>
> Another question that doesn't seem to be answered in the WD docs is: when
> you exclude a folder, are all of the sub-folders excluded as well? Some AV
> programs will only exclude the root of any folder you specify, such as
> Avira.
>
> In Particular, I'm using Small Business Server 2003 with Exchange and ISA
> running.
>
> Some articles I've read suggest that you not run real-time virus gards at
> all on your servers. Opinions?

I think you were lucky. When are these guys going to really reveal those
parts of our systems they scan other than a fleeting glimpse (of a registry
entry or folder) as it whizzes by in real time? They call me ` Noddy` at
work as I try to comprehend the scan. We hear, essential areas but to the
average user means nothing! Igorance is bliss? Seems to me the AU and
developers are not talking to one another. On the one hand you have `whizz
kids` totally engrossed in developing and AS/AV application designed to
combat the latest threats. On the other, an end user (most of which are not
IT literate) trying to interpret the scan while playing `catch up`. That
would seem to imply. No need to know about these things. Just be aware and do
as we tell you. How condescending? Call in a professional?

Stu

"Bill Sanderson" wrote:

> I don’t know the answer as to the scan exclusion, but I have run Defender on
> the same software set you have there with no observed issues, fwiw.
> I have also run servers without antivirus. Currently, I have antivirus
> running on my SBS 2003 server, and what it catches is always email
> attachments. It caught those during full-text indexing overnight, mostly,
> and I've now turned off full-text indexing...
>
> I wouldn't say that antivirus on the server is redundant--if you get a
> network infection that touches the server, you'll be very glad that the
> server was looking at it.
>
> In general, I like packages that include antivirus for the server, the
> clients, and an admin monitoring app to track what's caught and whether
> everybody is up to date. So far, Microsoft has not produced a package that
> does this cost effectively for SBS customers.
>
> Anyway--I've run Defender on SBS 2003 premium servers without issues, but
> I'm not at all sure that it does those exclusions. Maybe it just works
> well, or maybe I was lucky!
>
>
> "Raybo58" <(E-Mail Removed)> wrote in message
> news:8E767BC2-A6BF-4903-AEE5-(E-Mail Removed)...
> > When you read the documentation for Small Buisness Server, or anything
> > running with Exchange or ISA, there is always a warning that the admin
> > should
> > make sure that certain folders should be excluded from real-time virus
> > monitoring.
> >
> > Since Defender is an MS product, is it clever enough to follow MS's own
> > guidelines? Or do I have to go and exclude all these folders manually?
> >
> > Another question that doesn't seem to be answered in the WD docs is: when
> > you exclude a folder, are all of the sub-folders excluded as well? Some AV
> > programs will only exclude the root of any folder you specify, such as
> > Avira.
> >
> > In Particular, I'm using Small Business Server 2003 with Exchange and ISA
> > running.
> >
> > Some articles I've read suggest that you not run real-time virus gards at
> > all on your servers. Opinions?
>
>

http://blogs.technet.com/mmpc/archiv...orums-too.aspx

To an extent, what is scanned probably comes under the heading of
"proprietary information" as mentioned in the article above. If you make it
crystal clear exactly where you look, the bad guys will figure out how to
keep that area looking innocent, and hide the real payload elsewhere.


"Stu" <(E-Mail Removed)> wrote in message
news:5865BE54-FF6F-45A5-A443-(E-Mail Removed)...
> I think you were lucky. When are these guys going to really reveal those
> parts of our systems they scan other than a fleeting glimpse (of a
> registry
> entry or folder) as it whizzes by in real time? They call me ` Noddy` at
> work as I try to comprehend the scan. We hear, essential areas but to the
> average user means nothing! Igorance is bliss? Seems to me the AU and
> developers are not talking to one another. On the one hand you have `whizz
> kids` totally engrossed in developing and AS/AV application designed to
> combat the latest threats. On the other, an end user (most of which are
> not
> IT literate) trying to interpret the scan while playing `catch up`. That
> would seem to imply. No need to know about these things. Just be aware and
> do
> as we tell you. How condescending? Call in a professional?
>
> Stu
>
> "Bill Sanderson" wrote:
>
>> I don’t know the answer as to the scan exclusion, but I have run Defender
>> on
>> the same software set you have there with no observed issues, fwiw.
>> I have also run servers without antivirus. Currently, I have antivirus
>> running on my SBS 2003 server, and what it catches is always email
>> attachments. It caught those during full-text indexing overnight,
>> mostly,
>> and I've now turned off full-text indexing...
>>
>> I wouldn't say that antivirus on the server is redundant--if you get a
>> network infection that touches the server, you'll be very glad that the
>> server was looking at it.
>>
>> In general, I like packages that include antivirus for the server, the
>> clients, and an admin monitoring app to track what's caught and whether
>> everybody is up to date. So far, Microsoft has not produced a package
>> that
>> does this cost effectively for SBS customers.
>>
>> Anyway--I've run Defender on SBS 2003 premium servers without issues, but
>> I'm not at all sure that it does those exclusions. Maybe it just works
>> well, or maybe I was lucky!
>>
>>
>> "Raybo58" <(E-Mail Removed)> wrote in message
>> news:8E767BC2-A6BF-4903-AEE5-(E-Mail Removed)...
>> > When you read the documentation for Small Buisness Server, or anything
>> > running with Exchange or ISA, there is always a warning that the admin
>> > should
>> > make sure that certain folders should be excluded from real-time virus
>> > monitoring.
>> >
>> > Since Defender is an MS product, is it clever enough to follow MS's own
>> > guidelines? Or do I have to go and exclude all these folders manually?
>> >
>> > Another question that doesn't seem to be answered in the WD docs is:
>> > when
>> > you exclude a folder, are all of the sub-folders excluded as well? Some
>> > AV
>> > programs will only exclude the root of any folder you specify, such as
>> > Avira.
>> >
>> > In Particular, I'm using Small Business Server 2003 with Exchange and
>> > ISA
>> > running.
>> >
>> > Some articles I've read suggest that you not run real-time virus gards
>> > at
>> > all on your servers. Opinions?
>>
>>

Well, since all it requires is a simple process monitor to see what's going
on then persistance will defeat any obtuse interface. And we all know
they've got persistance in spades.

Since this server is mission critical, I'm more afraid of Microsoft
oversight than I am of getting thugged by one of the clients.

So I think I'm going I think I'm going to run her unfettered for awhile and
just keep a close eye.

Thanks for the input.

Raymond.

"Bill Sanderson" wrote:

> http://blogs.technet.com/mmpc/archiv...orums-too.aspx
>
> To an extent, what is scanned probably comes under the heading of
> "proprietary information" as mentioned in the article above. If you make it
> crystal clear exactly where you look, the bad guys will figure out how to
> keep that area looking innocent, and hide the real payload elsewhere.
>
>
> "Stu" <(E-Mail Removed)> wrote in message
> news:5865BE54-FF6F-45A5-A443-(E-Mail Removed)...
> > I think you were lucky. When are these guys going to really reveal those
> > parts of our systems they scan other than a fleeting glimpse (of a
> > registry
> > entry or folder) as it whizzes by in real time? They call me ` Noddy` at
> > work as I try to comprehend the scan. We hear, essential areas but to the
> > average user means nothing! Igorance is bliss? Seems to me the AU and
> > developers are not talking to one another. On the one hand you have `whizz
> > kids` totally engrossed in developing and AS/AV application designed to
> > combat the latest threats. On the other, an end user (most of which are
> > not
> > IT literate) trying to interpret the scan while playing `catch up`. That
> > would seem to imply. No need to know about these things. Just be aware and
> > do
> > as we tell you. How condescending? Call in a professional?
> >
> > Stu
> >
> > "Bill Sanderson" wrote:
> >
> >> I don’t know the answer as to the scan exclusion, but I have run Defender
> >> on
> >> the same software set you have there with no observed issues, fwiw.
> >> I have also run servers without antivirus. Currently, I have antivirus
> >> running on my SBS 2003 server, and what it catches is always email
> >> attachments. It caught those during full-text indexing overnight,
> >> mostly,
> >> and I've now turned off full-text indexing...
> >>
> >> I wouldn't say that antivirus on the server is redundant--if you get a
> >> network infection that touches the server, you'll be very glad that the
> >> server was looking at it.
> >>
> >> In general, I like packages that include antivirus for the server, the
> >> clients, and an admin monitoring app to track what's caught and whether
> >> everybody is up to date. So far, Microsoft has not produced a package
> >> that
> >> does this cost effectively for SBS customers.
> >>
> >> Anyway--I've run Defender on SBS 2003 premium servers without issues, but
> >> I'm not at all sure that it does those exclusions. Maybe it just works
> >> well, or maybe I was lucky!
> >>
> >>
> >> "Raybo58" <(E-Mail Removed)> wrote in message
> >> news:8E767BC2-A6BF-4903-AEE5-(E-Mail Removed)...
> >> > When you read the documentation for Small Buisness Server, or anything
> >> > running with Exchange or ISA, there is always a warning that the admin
> >> > should
> >> > make sure that certain folders should be excluded from real-time virus
> >> > monitoring.
> >> >
> >> > Since Defender is an MS product, is it clever enough to follow MS's own
> >> > guidelines? Or do I have to go and exclude all these folders manually?
> >> >
> >> > Another question that doesn't seem to be answered in the WD docs is:
> >> > when
> >> > you exclude a folder, are all of the sub-folders excluded as well? Some
> >> > AV
> >> > programs will only exclude the root of any folder you specify, such as
> >> > Avira.
> >> >
> >> > In Particular, I'm using Small Business Server 2003 with Exchange and
> >> > ISA
> >> > running.
> >> >
> >> > Some articles I've read suggest that you not run real-time virus gards
> >> > at
> >> > all on your servers. Opinions?
> >>
> >>
>

I was going to see if I could say that Microsoft's own server-oriented
malware protection apps use the same "engine" as Windows Defender, but I'm
not quite certain that I can--mostly out of lack of experience with their
server-oriented apps.

Defender is built in to Server 2008 in a similar way as it is to Vista.

And, Windows Server 2003 is an explicitly supported OS platform for Windows
Defender:

http://www.microsoft.com/windows/pro...er/sysreq.mspx

That's different from saying that it is safe to run on an Exchange 2003
server, however.

There's always a risk of a false positive with anti-malware of any kind,
Windows Defender included.



"Raybo58" <(E-Mail Removed)> wrote in message
news03CC1E3-ED27-4FC2-8A53-(E-Mail Removed)...
> Well, since all it requires is a simple process monitor to see what's
> going
> on then persistance will defeat any obtuse interface. And we all know
> they've got persistance in spades.
>
> Since this server is mission critical, I'm more afraid of Microsoft
> oversight than I am of getting thugged by one of the clients.
>
> So I think I'm going I think I'm going to run her unfettered for awhile
> and
> just keep a close eye.
>
> Thanks for the input.
>
> Raymond.
>
> "Bill Sanderson" wrote:
>
>> http://blogs.technet.com/mmpc/archiv...orums-too.aspx
>>
>> To an extent, what is scanned probably comes under the heading of
>> "proprietary information" as mentioned in the article above. If you make
>> it
>> crystal clear exactly where you look, the bad guys will figure out how to
>> keep that area looking innocent, and hide the real payload elsewhere.
>>
>>
>> "Stu" <(E-Mail Removed)> wrote in message
>> news:5865BE54-FF6F-45A5-A443-(E-Mail Removed)...
>> > I think you were lucky. When are these guys going to really reveal
>> > those
>> > parts of our systems they scan other than a fleeting glimpse (of a
>> > registry
>> > entry or folder) as it whizzes by in real time? They call me ` Noddy`
>> > at
>> > work as I try to comprehend the scan. We hear, essential areas but to
>> > the
>> > average user means nothing! Igorance is bliss? Seems to me the AU and
>> > developers are not talking to one another. On the one hand you have
>> > `whizz
>> > kids` totally engrossed in developing and AS/AV application designed to
>> > combat the latest threats. On the other, an end user (most of which are
>> > not
>> > IT literate) trying to interpret the scan while playing `catch up`.
>> > That
>> > would seem to imply. No need to know about these things. Just be aware
>> > and
>> > do
>> > as we tell you. How condescending? Call in a professional?
>> >
>> > Stu
>> >
>> > "Bill Sanderson" wrote:
>> >
>> >> I don’t know the answer as to the scan exclusion, but I have run
>> >> Defender
>> >> on
>> >> the same software set you have there with no observed issues, fwiw.
>> >> I have also run servers without antivirus. Currently, I have
>> >> antivirus
>> >> running on my SBS 2003 server, and what it catches is always email
>> >> attachments. It caught those during full-text indexing overnight,
>> >> mostly,
>> >> and I've now turned off full-text indexing...
>> >>
>> >> I wouldn't say that antivirus on the server is redundant--if you get a
>> >> network infection that touches the server, you'll be very glad that
>> >> the
>> >> server was looking at it.
>> >>
>> >> In general, I like packages that include antivirus for the server, the
>> >> clients, and an admin monitoring app to track what's caught and
>> >> whether
>> >> everybody is up to date. So far, Microsoft has not produced a package
>> >> that
>> >> does this cost effectively for SBS customers.
>> >>
>> >> Anyway--I've run Defender on SBS 2003 premium servers without issues,
>> >> but
>> >> I'm not at all sure that it does those exclusions. Maybe it just
>> >> works
>> >> well, or maybe I was lucky!
>> >>
>> >>
>> >> "Raybo58" <(E-Mail Removed)> wrote in message
>> >> news:8E767BC2-A6BF-4903-AEE5-(E-Mail Removed)...
>> >> > When you read the documentation for Small Buisness Server, or
>> >> > anything
>> >> > running with Exchange or ISA, there is always a warning that the
>> >> > admin
>> >> > should
>> >> > make sure that certain folders should be excluded from real-time
>> >> > virus
>> >> > monitoring.
>> >> >
>> >> > Since Defender is an MS product, is it clever enough to follow MS's
>> >> > own
>> >> > guidelines? Or do I have to go and exclude all these folders
>> >> > manually?
>> >> >
>> >> > Another question that doesn't seem to be answered in the WD docs is:
>> >> > when
>> >> > you exclude a folder, are all of the sub-folders excluded as well?
>> >> > Some
>> >> > AV
>> >> > programs will only exclude the root of any folder you specify, such
>> >> > as
>> >> > Avira.
>> >> >
>> >> > In Particular, I'm using Small Business Server 2003 with Exchange
>> >> > and
>> >> > ISA
>> >> > running.
>> >> >
>> >> > Some articles I've read suggest that you not run real-time virus
>> >> > gards
>> >> > at
>> >> > all on your servers. Opinions?
>> >>
>> >>
>>


--