Many organizations deploy anti-malware software to servers as well as clients. Upgrading from Server 2003 to Server 2012 R2 gives you a chance to re-evaluate your organization’s server anti-malware solution.
For example, should you even deploy an anti-malware solution on all servers, on some servers, or on no servers. Your approach to deploying an anti-malware solution on a server core deployment of Windows Server 2012 R2 server hosting the IIS role will be different to your approach to deploying an anti-malware solution for a computer running Windows Server 2012 R2 with the full GUI installation which is hosting a file server role.
Not all organizations put anti-malware solutions on their server products. Many take the approach that endpoint protection on clients and scanning on edge devices like firewalls is adequate. Whether this approach is prudent or not depends very much on the circumstances of your organization.
When looking at server anti-malware software, you should consider the following questions:
- Does the server host files that are likely to be infected by malware?
- Is the anti-malware solution designed to run on all versions of Windows Server 2012 R2, or is it only designed to run on the version of Windows Server 2012 R2 that have the full GUI installed?
- Does the anti-malware solution allow you to centrally manage and monitor servers that have anti-malware software installed.
- Does the anti-malware solution include necessary functionality. For example, if you choose to deploy an anti-malware solution for an Exchange mailbox server, how do you want incoming message traffic examined and how do you want existing messages examined?
You should also consider performance and licensing costs. Anti-malware solutions designed for servers are often far more expensive than anti-malware solutions for client computers.
While Windows Server vNext will ship with a built in anti-malware solution, this solution will not be available until some time in 2016, well after the Server 2003 end of life date.
When migrating from Server 2003 to Server 2012 R2, re-evaluate your current anti-malware strategy and solution against what is appropriate for a Windows Server 2012 R2. Don’t just choose to deploy the same solution because it was the right choice for your organization at some point in the past.