Re: Why NOT to disable Real Time Antivirus on Servers

[Micheal Espinola Jr <michealespinola () gmail com>]

Based on real-world testing and application - I agree with your
colleague.  The performance hit is not worth it.  Even on powerful
servers on high-speed networks, myself and my users (when testing got
to that point) noticed a significant performance difference.

Sorry, no case study.  Just undocumented testing with Symantec
products.  I'd be interested to hear about anyone's testing with other
AV apps.

On 2 Nov 2005 17:34:12 -0000, george.peek () gmx net <george.peek () gmx net> wrote:
> Greetings,
>
> An Engineer and I are having an argument about keeping Real Time Antivirus disabled on servers.
>
> His point is keeping Real Time Antivirus Enabled on servers such as the Exchange Server takes a huge performance hit 
> on the server.
>
> My argument is that keeping real time antivirus software disabled defeats the purpose of PREVENTING a server from 
> being infected in the first place. Once it is infected, it is all too late already. The antivirus software is enabled 
> on the workstations.
>
> He argues that since all of the workstations have the antivirus enabled, then there is no way for the virus to get in.
>
> Mine argument that a virus can still get in through other means. I need examples and case studies to refer to.
>
> I would like to find different case studies or scenarios where the real time antivirus was disabled on the servers, 
> enabled on the PCs, and the company still got infected. Also, would like to find solutions to enabling real time scan 
> and stream lining it so it does not affect the Exchange Server as bad.
>
> Would someone point me in the right direction or post potential case studies.
>
> Please post or email me.
>
> George.peek () gmx net
>
> Thank You


--
ME2  <http://www.santeriasys.net/>