Should I install an AV product on my domain controllers?
Posted
by
mhud
on Server Fault
See other posts from Server Fault
or by mhud
Published on 2009-07-29T23:06:33Z
Indexed on
2012/10/05
21:41 UTC
Read the original article
Hit count: 179
Should I run a server-specific antivirus, regular antivirus, or no antivirus at all on my servers, particularly my Domain Controllers?
Here's some background about why I'm asking this question:
I've never questioned that antivirus software should be running on all windows machines, period. Lately I've had some obscure Active Directory related issues that I have tracked down to antivirus software running on our domain controllers.
The specific issue was that Symantec Endpoint Protection was running on all domain controllers. Occasionally, our Exchange server triggered a false-positive in Symantec's "Network Threat Protection" on each DC in sequence. After exhausting access to all DCs, Exchange began refusing requests, presumably because it could not communicate with any Global Catalog servers or perform any authentication.
Outages would last about ten minutes at a time, and would occur once every few days. It took a long time to isolate the problem because it was not easily reproducible and generally investigation was done after the issue resolved itself.
© Server Fault or respective owner