Re: Why NOT to disable Real Time Antivirus on Servers

[Brian Loe <knobdy () gmail com>]

No case studies but there are other steps you can take at the Exchange
Server level , and before it, to limit the need of a real-time AV. You
do take a pretty serious performance hit, in my experience.

On 2 Nov 2005 17:34:12 -0000, george.peek () gmx net <george.peek () gmx net> wrote:
> Greetings,
>
> An Engineer and I are having an argument about keeping Real Time Antivirus disabled on servers.
>
> His point is keeping Real Time Antivirus Enabled on servers such as the Exchange Server takes a huge performance hit 
> on the server.
>
> My argument is that keeping real time antivirus software disabled defeats the purpose of PREVENTING a server from 
> being infected in the first place. Once it is infected, it is all too late already. The antivirus software is enabled 
> on the workstations.
>
> He argues that since all of the workstations have the antivirus enabled, then there is no way for the virus to get in.
>
> Mine argument that a virus can still get in through other means. I need examples and case studies to refer to.
>
> I would like to find different case studies or scenarios where the real time antivirus was disabled on the servers, 
> enabled on the PCs, and the company still got infected. Also, would like to find solutions to enabling real time scan 
> and stream lining it so it does not affect the Exchange Server as bad.
>
> Would someone point me in the right direction or post potential case studies.
>
> Please post or email me.
>
> George.peek () gmx net
>
> Thank You