Security Basics mailing list archives
RE: Why NOT to disable Real Time Antivirus on Servers
From: DMORROW5 () satx rr com
Date: Thu, 03 Nov 2005 13:31:06 -0600
I would have to agree with George & Nick. Between the lessor of two evils, to have or to have not, I would HAVE AV installed. I believe taking a performance hit over, "who knows how long the network will be down to sanitize the infection!", is the better choice. Just my 2 cents. Dana ----- Original Message ----- From: Nick Duda <nduda () VistaPrint com> Date: Wednesday, November 2, 2005 4:21 pm Subject: RE: Why NOT to disable Real Time Antivirus on Servers
Classic case would be that a new Virus gets released and your
enviroment doesnt have the DAT's yet , or the AV vendor hasnt
released them. Someone gets an email, opens it and executes the
attached exe file. Lets say this thing spreads on the LAN and
infects everything, or targets servers and file shares. You then
get the DAT file, update everything with AV and the problem starts
to go away.
Whooops, your servers dont have AV, they are infected.
-----Original Message-----
From: george.peek () gmx net [mailto:george.peek () gmx net]
Sent: Wed 11/2/2005 12:34 PM
To: security-basics () securityfocus com
Cc:
Subject: Why NOT to disable Real Time Antivirus on Servers
Greetings,
An Engineer and I are having an argument about keeping Real Time
Antivirus disabled on servers.
His point is keeping Real Time Antivirus Enabled on servers such
as the Exchange Server takes a huge performance hit on the server.
My argument is that keeping real time antivirus software disabled
defeats the purpose of PREVENTING a server from being infected in
the first place. Once it is infected, it is all too late already.
The antivirus software is enabled on the workstations.
He argues that since all of the workstations have the antivirus
enabled, then there is no way for the virus to get in.
Mine argument that a virus can still get in through other means. I
need examples and case studies to refer to.
I would like to find different case studies or scenarios where the
real time antivirus was disabled on the servers, enabled on the
PCs, and the company still got infected. Also, would like to find
solutions to enabling real time scan and stream lining it so it
does not affect the Exchange Server as bad.
Would someone point me in the right direction or post potential
case studies.
Please post or email me.
George.peek () gmx net
Thank You
Current thread:
- RE: Why NOT to disable Real Time Antivirus on Servers, (continued)
- RE: Why NOT to disable Real Time Antivirus on Servers Kirk Brady (Nov 03)
- RE: Why NOT to disable Real Time Antivirus on Servers Nick Duda (Nov 03)
- RE: Why NOT to disable Real Time Antivirus on Servers Steven Jones (Nov 03)
- Re: Why NOT to disable Real Time Antivirus on Servers THAVEEWAT VASAVAKUL (Nov 03)
- Re: Why NOT to disable Real Time Antivirus on Servers barcajax (Nov 03)
- RE: Why NOT to disable Real Time Antivirus on Servers Herbold, John W. (Nov 03)
- RE: Why NOT to disable Real Time Antivirus on Servers Steven Jones (Nov 04)
- Message not available
- RE: Why NOT to disable Real Time Antivirus on Servers Pranav Lal (Nov 07)
- Message not available
- Re: Re: Why NOT to disable Real Time Antivirus on Servers Warren V Camp (Nov 04)
- RE: Why NOT to disable Real Time Antivirus on Servers Dunigan, Michael (Nov 04)
- RE: Why NOT to disable Real Time Antivirus on Servers DMORROW5 (Nov 04)
- RE: Why NOT to disable Real Time Antivirus on Servers Zoran Marjanovic (Nov 04)
- RE: Why NOT to disable Real Time Antivirus on Servers Depp, Dennis M. (Nov 04)
- Re: RE: Why NOT to disable Real Time Antivirus on Servers barcajax (Nov 07)