What antivirus to use SBS 2008ST R2

Hello

What antivirus application do you suggest for SBS 2008 R2 - a single server
licsence is needed.

Thanks!

You will be best served by searching this newsgroup and reading replies

You will be best served by searching this newsgroup and reading replies from
others that have already asked this question.  Repetition gets boring.

-Cliff

Thanks for your time. This group is for SBS 2000, 2003, 2008.

Thanks for your time. This group is for SBS 2000, 2003, 2008.
There was no search results for SBS 2008 during last year ..., it would be
nice if you could be more precise.
Not speaking of SBS2008R2, which has some diffrencies to prior ver ...
serious enough that some intel server managemnet software does not work on
R2.

I still hope someone could provide more info about present choices.
Thanks!

This is a multi-part message in MIME format.------=_NextPart_000_000F_01CAA02E.

This is a multi-part message in MIME format.

------=_NextPart_000_000F_01CAA02E.2747B0F0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

First of all, There is no SBS 2008 R2, does not exist now...nor has any =
plan for such been announced by Microsoft.  Microsoft has announced some =
time back that they have every intention of ongoing support and =
improvements to the SBS product line

if you wish to get information on the SBS 2008 newsgroup, which is not =
available on this server, go to www.sbs2008.com (not my site) for =
instructions on connecting to that newsgroup

--=20
Cris Hanna [SBS - MVP] (since 1997)
Co-Contributor, Windows Small Business Server 2008 Unleashed
http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/06723295=
73/ref=3Dpd_bbs_sr_1?ie=3DUTF8&s=3Dbooks&qid=3D1217269967&sr=3D8-1
Owner, CPU Services, Belleville, IL
A Microsoft Registered Partner
------------------------------------
MVPs do not work for Microsoft
Please do not submit questions directly to me.

Thanks for your time. This group is for SBS 2000, 2003, 2008.
There was no search results for SBS 2008 during last year ..., it =
would be=20
nice if you could be more precise.
Not speaking of SBS2008R2, which has some diffrencies to prior ver ... =

serious enough that some intel server managemnet software does not work =
on=20
R2.

I still hope someone could provide more info about present choices.
Thanks!


replies=20
single=20


------=_NextPart_000_000F_01CAA02E.2747B0F0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

charset=3Diso-8859-1">
does not=20
exist now...nor has any plan for such been announced by Microsoft.  =

Microsoft has announced some time back that they have every intention of =
ongoing=20
support and improvements to the SBS product line</FONT></DIV>
SBS 2008=20
newsgroup, which is not available on this server, go to <A=20
href=3D"http://www.sbs2008.com">www.sbs2008.com</A> (not my site) for =
instructions=20
on connecting to that newsgroup</FONT></DIV>
Windows=20
Small Business Server 2008 Unleashed<BR><A=20
href=3D"http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/=
0672329573/ref=3Dpd_bbs_sr_1?ie=3DUTF8&s=3Dbooks&qid=3D1217269967=
&sr=3D8-1">http://www.amazon.com/Windows-Small-Business-Server-Unleas=
hed/dp/0672329573/ref=3Dpd_bbs_sr_1?ie=3DUTF8&s=3Dbooks&qid=3D121=
7269967&sr=3D8-1</A><BR>Owner,=20

This is a multi-part message in MIME format.------=_NextPart_000_069A_01CAA07A.

This is a multi-part message in MIME format.

------=_NextPart_000_069A_01CAA07A.F26C0460
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Thanks for info. My mistake, obviously it Server 2008 only what has =
Release 2 or at least according to Intel.
I just experienced problems with SBS server which actually match with =
Intel, but perhaps it is meant to be SP2.
http://www.intel.com/support/motherboards/server/sysmgmt/sb/CS-030311.htm=

First of all, There is no SBS 2008 R2, does not exist now...nor has =
any plan for such been announced by Microsoft.  Microsoft has announced =
some time back that they have every intention of ongoing support and =
improvements to the SBS product line

if you wish to get information on the SBS 2008 newsgroup, which is not =
available on this server, go to www.sbs2008.com (not my site) for =
instructions on connecting to that newsgroup

--=20
Cris Hanna [SBS - MVP] (since 1997)
Co-Contributor, Windows Small Business Server 2008 Unleashed
=
http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/06723295=
73/ref=3Dpd_bbs_sr_1?ie=3DUTF8&s=3Dbooks&qid=3D1217269967&sr=3D8-1
Owner, CPU Services, Belleville, IL
A Microsoft Registered Partner
------------------------------------
MVPs do not work for Microsoft
Please do not submit questions directly to me.

Thanks for your time. This group is for SBS 2000, 2003, 2008.
There was no search results for SBS 2008 during last year ..., it =
would be=20
nice if you could be more precise.
Not speaking of SBS2008R2, which has some diffrencies to prior ver =
...=20
serious enough that some intel server managemnet software does not =
work on=20
R2.

I still hope someone could provide more info about present choices.
Thanks!


replies=20
gets=20
single=20


------=_NextPart_000_069A_01CAA07A.F26C0460
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

charset=3Diso-8859-1">
it Server=20
2008 only what has Release 2 or at least according to =
Intel.</FONT></DIV>
server which=20
actually match with Intel, but perhaps it is meant to be =
SP2.</FONT></DIV>
href=3D"http://www.intel.com/support/motherboards/server/sysmgmt/sb/CS-03=
0311.htm">http://www.intel.com/support/motherboards/server/sysmgmt/sb/CS-=
030311.htm</A></FONT></DIV>

This is a multi-part message in MIME format.------=_NextPart_000_00D2_01CAA02B.

This is a multi-part message in MIME format.

------=_NextPart_000_00D2_01CAA02B.391229D0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Cris pretty well summed up most of what I'd say.  But I'd also add that =
you could search this group for "antivirus" and you will see plenty of =
people have asked for recommendations for SBS 2003 *and* 2008, and that =
the replies are almost always similar.

...simple searches go a long ways...

-Cliff

First of all, There is no SBS 2008 R2, does not exist now...nor has =
any plan for such been announced by Microsoft.  Microsoft has announced =
some time back that they have every intention of ongoing support and =
improvements to the SBS product line

if you wish to get information on the SBS 2008 newsgroup, which is not =
available on this server, go to www.sbs2008.com (not my site) for =
instructions on connecting to that newsgroup

--=20
Cris Hanna [SBS - MVP] (since 1997)
Co-Contributor, Windows Small Business Server 2008 Unleashed
=
http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/06723295=
73/ref=3Dpd_bbs_sr_1?ie=3DUTF8&s=3Dbooks&qid=3D1217269967&sr=3D8-1
Owner, CPU Services, Belleville, IL
A Microsoft Registered Partner
------------------------------------
MVPs do not work for Microsoft
Please do not submit questions directly to me.

Thanks for your time. This group is for SBS 2000, 2003, 2008.
There was no search results for SBS 2008 during last year ..., it =
would be=20
nice if you could be more precise.
Not speaking of SBS2008R2, which has some diffrencies to prior ver =
...=20
serious enough that some intel server managemnet software does not =
work on=20
R2.

I still hope someone could provide more info about present choices.
Thanks!


replies=20
gets=20
single=20


------=_NextPart_000_00D2_01CAA02B.391229D0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

http-equiv=3DContent-Type>
15px"=20
id=3DMailContainerBody leftMargin=3D0 topMargin=3D0 bgColor=3D#ffffff=20
CanvasTabStop=3D"true" name=3D"Compose message area">
I'd=20
say.  But I'd also add that you could search this group for =
you will see plenty of people have asked for recommendations for SBS 2003 =
*and*=20

This is a multi-part message in MIME format.------=_NextPart_000_0044_01CAA02C.

This is a multi-part message in MIME format.

------=_NextPart_000_0044_01CAA02C.BE705B00
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

If you want to search this group in Google
(Because like Cris said this has been answered MANY MANY times)
http://groups.google.com/group/microsoft.public.windows.server.sbs/search=
?hl=3Den&group=3Dmicrosoft.public.windows.server.sbs&q=3DAntiVirus+SBS200=
8&qt_g=3DSearch+this+group

You can search this forum with Google Groups on other topics=20
http://groups.google.com/group/microsoft.public.windows.server.sbs/topics=
?hl=3Den&ie=3DUTF-8&oe=3DUTF-8

However like Cris said I do have the instructions to access the SBS2008 =
Group on sbs2008.com
I hope this helps

Russ



--=20
Russell Grover - SBITS.Biz [SBS-MVP]
Microsoft Gold Certified Partner
Microsoft Certified Small Business Specialist
24hr SBS Remote Support - http://www.SBITS.Biz
2nd IT Opinion http://www.PersonalITConsultant.com=20
Microsoft Online Services - http://www.microsoft-online-services.com

First of all, There is no SBS 2008 R2, does not exist now...nor has =
any plan for such been announced by Microsoft.  Microsoft has announced =
some time back that they have every intention of ongoing support and =
improvements to the SBS product line

if you wish to get information on the SBS 2008 newsgroup, which is not =
available on this server, go to www.sbs2008.com (not my site) for =
instructions on connecting to that newsgroup

--=20
Cris Hanna [SBS - MVP] (since 1997)
Co-Contributor, Windows Small Business Server 2008 Unleashed
=
http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/06723295=
73/ref=3Dpd_bbs_sr_1?ie=3DUTF8&s=3Dbooks&qid=3D1217269967&sr=3D8-1
Owner, CPU Services, Belleville, IL
A Microsoft Registered Partner
------------------------------------
MVPs do not work for Microsoft
Please do not submit questions directly to me.

Thanks for your time. This group is for SBS 2000, 2003, 2008.
There was no search results for SBS 2008 during last year ..., it =
would be=20
nice if you could be more precise.
Not speaking of SBS2008R2, which has some diffrencies to prior ver =
...=20
serious enough that some intel server managemnet software does not =
work on=20
R2.

I still hope someone could provide more info about present choices.
Thanks!


replies=20
gets=20
single=20


------=_NextPart_000_0044_01CAA02C.BE705B00
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

This is a multi-part message in MIME format.------=_NextPart_000_005B_01CAA0D0.

This is a multi-part message in MIME format.

------=_NextPart_000_005B_01CAA0D0.A38D0410
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Not real sure what the Intel System Console has to do with Antivirus, =
but the link fully indicates that that console would with Windows Server =
2008 non R2 as well as R2, so it should work fine on SBS.

--=20
Cris Hanna [SBS - MVP] (since 1997)
Co-Contributor, Windows Small Business Server 2008 Unleashed
http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/06723295=
73/ref=3Dpd_bbs_sr_1?ie=3DUTF8&s=3Dbooks&qid=3D1217269967&sr=3D8-1
Owner, CPU Services, Belleville, IL
A Microsoft Registered Partner
------------------------------------
MVPs do not work for Microsoft
Please do not submit questions directly to me.

Thanks for info. My mistake, obviously it Server 2008 only what has =
Release 2 or at least according to Intel.
I just experienced problems with SBS server which actually match with =
Intel, but perhaps it is meant to be SP2.
=
http://www.intel.com/support/motherboards/server/sysmgmt/sb/CS-030311.htm=

First of all, There is no SBS 2008 R2, does not exist now...nor has =
any plan for such been announced by Microsoft.  Microsoft has announced =
some time back that they have every intention of ongoing support and =
improvements to the SBS product line

if you wish to get information on the SBS 2008 newsgroup, which is =
not available on this server, go to www.sbs2008.com (not my site) for =
instructions on connecting to that newsgroup

--=20
Cris Hanna [SBS - MVP] (since 1997)
Co-Contributor, Windows Small Business Server 2008 Unleashed
=
http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/06723295=
73/ref=3Dpd_bbs_sr_1?ie=3DUTF8&s=3Dbooks&qid=3D1217269967&sr=3D8-1
Owner, CPU Services, Belleville, IL
A Microsoft Registered Partner
------------------------------------
MVPs do not work for Microsoft
Please do not submit questions directly to me.

Thanks for your time. This group is for SBS 2000, 2003, 2008.
There was no search results for SBS 2008 during last year ..., it =
would be=20
nice if you could be more precise.
Not speaking of SBS2008R2, which has some diffrencies to prior ver =
...=20
serious enough that some intel server managemnet software does not =
work on=20
R2.

I still hope someone could provide more info about present =
choices.
Thanks!


replies=20
gets=20
single=20


------=_NextPart_000_005B_01CAA0D0.A38D0410
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Ronald wrote:None.Seriously.

None.

Seriously.

Protect the workstations, but I am seriously questioning the value of
antivirus on a server due to the risk of false positives and how heavy
handed all of them are these days.

This is a multi-part message in MIME format.------=_NextPart_000_0015_01CAA0EC.

This is a multi-part message in MIME format.

------=_NextPart_000_0015_01CAA0EC.27CD6A60
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_0016_01CAA0EC.27CD6A60"


------=_NextPart_001_0016_01CAA0EC.27CD6A60
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I was confused by that link also?
Using Intel to say what Microsoft products are legit?
(Trust me I worked for Intel for 16 years, they are clueless of what =
they even make as far as software LOL)

Russ

--=20
Russell Grover - SBITS.Biz [SBS-MVP]
Microsoft Gold Certified Partner
Microsoft Certified Small Business Specialist
24hr SBS Remote Support - http://www.SBITS.Biz
Microsoft Online Services - http://www.microsoft-online-services.com

Not real sure what the Intel System Console has to do with Antivirus, =
but the link fully indicates that that console would with Windows Server =
2008 non R2 as well as R2, so it should work fine on SBS.

--=20
Cris Hanna [SBS - MVP] (since 1997)
Co-Contributor, Windows Small Business Server 2008 Unleashed
=
http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/06723295=
73/ref=3Dpd_bbs_sr_1?ie=3DUTF8&s=3Dbooks&qid=3D1217269967&sr=3D8-1
Owner, CPU Services, Belleville, IL
A Microsoft Registered Partner
------------------------------------
MVPs do not work for Microsoft
Please do not submit questions directly to me.

Thanks for info. My mistake, obviously it Server 2008 only what has =
Release 2 or at least according to Intel.
I just experienced problems with SBS server which actually match =
with Intel, but perhaps it is meant to be SP2.
=
http://www.intel.com/support/motherboards/server/sysmgmt/sb/CS-030311.htm=

First of all, There is no SBS 2008 R2, does not exist now...nor =
has any plan for such been announced by Microsoft.  Microsoft has =
announced some time back that they have every intention of ongoing =
support and improvements to the SBS product line

if you wish to get information on the SBS 2008 newsgroup, which is =
not available on this server, go to www.sbs2008.com (not my site) for =
instructions on connecting to that newsgroup

--=20
Cris Hanna [SBS - MVP] (since 1997)
Co-Contributor, Windows Small Business Server 2008 Unleashed
=
http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/06723295=
73/ref=3Dpd_bbs_sr_1?ie=3DUTF8&s=3Dbooks&qid=3D1217269967&sr=3D8-1
Owner, CPU Services, Belleville, IL
A Microsoft Registered Partner
------------------------------------
MVPs do not work for Microsoft
Please do not submit questions directly to me.

Thanks for your time. This group is for SBS 2000, 2003, 2008.
There was no search results for SBS 2008 during last year ..., =
it would be=20
nice if you could be more precise.
Not speaking of SBS2008R2, which has some diffrencies to prior =
ver ...=20
serious enough that some intel server managemnet software =
does not work on=20
R2.

I still hope someone could provide more info about present =
choices.
Thanks!


reading replies=20
gets=20

says...

says...

I would rather rely on backups and AV than to have no AV protection at
the server memory and file level.

--
You cannot trust your best friends, your five senses, only the little
voice inside you that most civilians do not even hear -- Listen to that.
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

I do not get any false Positives?

I do not get any false Positives?
Or I have not seen any except in Emails and on PC's?

And for under $40.00 a year to cover the server its pretty cheap insurance.
Compared to the file that get's infected, and not found out until it is
needed
at the end of the year when tax time comes...

I'd have some major explaining to a client how come I did not recommend
$40.00 to save file(s)
that are worth way more than that...

CYA is my Philosphy... :)
Your Mileage May differ :)

Russ
--
Russell Grover - SBITS.Biz [SBS-MVP]
Microsoft Gold Certified Partner
Microsoft Certified Small Business Specialist
24hr SBS Remote Support - http://www.SBITS.Biz
Microsoft Online Services - http://www.microsoft-online-services.com

russ@REMOVETHIS.sbits.biz says...

russ@REMOVETHIS.sbits.biz says...

I have been using Symantec Corporate Edition on servers and workstations
since version 6, never had a false positive, but, with version
10.0.something I did have it corrupt a random user profile, say 1 out of
100 profiles about once every 2 months.... It took them about 4 months
to fix it, but going back to a previous release removed the problem.

I have stopped using Symantec Corporate Edition and use Avira now, still
no false positives.

--
You cannot trust your best friends, your five senses, only the little
voice inside you that most civilians do not even hear -- Listen to that.
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

False positives aside, how may *true* positives have your *server*

False positives aside, how may *true* positives have your *server* products
caught? Remember, we are not talking about the client machines here, but the
server itself.

...for the record, I am not ready to abandon AV on the server yet  either,
but I see Susan's point.  They are heavy-handed, WAAAAYYYY too resource
intensive for the amount of security they provide, bloated, a PITA to
manage, did I mention resource intensive?, generally ineffective (google
hack?), and rarely, if ever, catch something that would not otherwise be
caught by the free MS malicious software removal tool.

In short, a zero-day exploit like the google hack slides right by an AV
product, and keeping your server patched and avoiding bad habits (browsing
etc) avoids *most* of the rest of the issues.  For me, it is an old habit to
break and I am not *quite* ready to let go of my safety blankets yet....but I
see a very real argument to be made here and I am not far from being
convinced...

-Cliff

Leythos wrote:A backup does not fix the issue where antivirus vendors are

A backup does not fix the issue where antivirus vendors are installing
firewalls and causing network traffic to come to a halt, or the issue
where the Exchange aware a/v is shutting down email after a week and
causing issues.

Symantec is not without it is past issues as well.

Cliff Galiher - MVP wrote:If you put the scanning in the cloud in front of the

If you put the scanning in the cloud in front of the server, exactly
what is the antivirus on the server doing other than making your life
miserable at times?

Well last month it saved a clients @#$#When he connected a USB to the Server

Well last month it saved a clients @#$#
When he connected a USB to the Server and Decided to Move files from the
External USB Drive...

He complained that he could not copy a file.
when I checked
It turned out that the "File" was a Virus and Trend Stopped it...

So yes. IMO it still has a purpose
Russ
--
Russell Grover - SBITS.Biz
Microsoft Gold Certified Partner
Microsoft Certified Small Business Specialist
World Wide 24hr SBS Remote Support - http://www.SBITS.Biz

I think all AV's have problemsThey all have Pro's and Con'sUse what you feel

I think all AV's have problems
They all have Pro's and Con's
Use what you feel confortable with IMO
(Something is better than Nothing in most cases.)
Unless it is McAfee (Sorry I do not like it at all LOL)

Russ
--
Russell Grover - SBITS.Biz
Microsoft Gold Certified Partner
Microsoft Certified Small Business Specialist
World Wide 24hr SBS Remote Support - http://www.SBITS.Biz

cgaliher@gmail.com says...

cgaliher@gmail.com says...

The only time we have had a server positive is on unmanaged networks where
the clients do not have a proper firewall. it is always a previously
undetected malware on a users folders. Couple dozen times.

On our managed networks we have never even had a workstation compromised,
and we check once a quarter/half with multiple other products in case
something has been missed by the corporate av vendors.

--
You cannot trust your best friends, your five senses, only the little
voice inside you that most civilians do not even hear -- Listen to that.
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

says...

says...

Things get in, it happens, and sometimes they are not caught by the
workstation AV product - the server AV product scans everything,
profiles, my-documents, etc...

--
You cannot trust your best friends, your five senses, only the little
voice inside you that most civilians do not even hear -- Listen to that.
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

says...

says...

You seem to be talking about different things - I never install any
firewall on the server, not even the Windows firewall, certainly not the
AV vendors firewall.

I have not had a properly configured corporate AV solution corrupt, cause
problems, delete, break, exchange in all the years I have been doing this,
but you could complain about SQL and other products if you did not know
how to configure them too.

I do not suggest Symantec Corp edition software any more, not after
having one of my own sacrificial workstations compromised why fully
protected by SEPP 11.0.5 - I am into Avira for non-DOD/HS solutions.

--
You cannot trust your best friends, your five senses, only the little
voice inside you that most civilians do not even hear -- Listen to that.
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

Leythos wrote:And with the exclusions that the products recommend that you

And with the exclusions that the products recommend that you have on a
DC/Exchange/SQL server, there is a lot of places you are not scanning.
Have you ever seen it catch anything?

If the workstation a/v product is not catching stuff...that is the issue
you need to attend to first.

Leythos wrote:Some of the antivirus vendors you cannot "not" install it.

Some of the antivirus vendors you cannot "not" install it.  Their code
goes on the box whether you like it or not.

SBS 2008 the windows firewall stays on the server and I do not turn it off.

Indeed.

Indeed.  There is little to no reason *not* to run the built in Windows
firewall on *any* box, server or workstation.  Exceptions are dead easy,
resource use is negligible, and as an added layer, it is both effective yet
unobtrusive.

But then again, I have posted my past experiences where it has saved a
network, so perhaps I am just beating a dead horse...


-Cliff

says...

says...

With Symantec SEPP you can choose to not use it and the PUSH to
workstations is completely controlled, so you do not have to install the
workstation part either - very simple to use.

I do not use the windows firewall on my SBS 2003/2008 boxes, never had a
problem in all these many years.

--
You cannot trust your best friends, your five senses, only the little
voice inside you that most civilians do not even hear -- Listen to that.
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

uh? you disable the SBS2008 firewall?Why? if I may ask?

uh? you disable the SBS2008 firewall?
Why? if I may ask?
Is it causing you problems?
Russ

--
Russell Grover - SBITS.Biz [SBS-MVP]
Microsoft Gold Certified Partner
Microsoft Certified Small Business Specialist
24hr SBS Remote Support - http://www.SBITS.Biz
Microsoft Online Services - http://www.microsoft-online-services.com

russ@REMOVETHIS.sbits.biz says...

russ@REMOVETHIS.sbits.biz says...

Because I have always disabled it, because it is never prevented anything,
because it is caused problems once in a while, because if it is going to
get through on the network the win firewall is not going to save the
server.

--
You cannot trust your best friends, your five senses, only the little
voice inside you that most civilians do not even hear -- Listen to that.
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

hmmm..Ok, I leave it on, I'd rather than disable security.

hmmm..
Ok, I leave it on, I'd rather than disable security.
Some "visitor" Plugs in a Laptop on the LAN
and starts port sniffing, it is all over. (or has a worm that does it.)
One less thing to worry about IMO.
I just thought it was causing a problem
Russ

--
Russell Grover - SBITS.Biz [SBS-MVP]
Microsoft Gold Certified Partner
Microsoft Certified Small Business Specialist
24hr SBS Remote Support - http://www.SBITS.Biz
Microsoft Online Services - http://www.microsoft-online-services.com

russ@REMOVETHIS.sbits.biz says...

russ@REMOVETHIS.sbits.biz says...

In the past, and with 2008, I have had issues with applications as well as
workstations, having problems with the win firewall on the server.
Mostly with third party apps that do not auto-configure the firewall as
needed.

During all the years, since well before NT4, I have not seen any firewall
installed on a server that actually protected it from something
malicious on the LAN, have you specifically, yourself, seen the Win
firewall protect the SBS server 2003/2008, on a LAN?

--
You cannot trust your best friends, your five senses, only the little
voice inside you that most civilians do not even hear -- Listen to that.
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

You do not remember the SQL Worm Do you?or Melissa?

You do not remember the SQL Worm Do you?
or Melissa? (I think it was called)
That a basic Firewall Protected

And No I do not see any issue because I always had one
Which is maybe why I do not see any issues on my servers?

Oh well Your Mileage may differ :)
That's why we are consultants, we have a difference of opinions
Later :)
Russ

--
Russell Grover - SBITS.Biz [SBS-MVP]
Microsoft Gold Certified Partner
Microsoft Certified Small Business Specialist
24hr SBS Remote Support - http://www.SBITS.Biz
Second IT Opinion http://www.personalitconsultant.com
Microsoft Online Services - http://www.microsoft-online-services.com

In short, yes I have seen the Windows Firewall stop a threat.

In short, yes I have seen the Windows Firewall stop a threat.  I wrote up an
entire post on it some time back, I am sure it is archived via google groups
or something similar.

But I also find it interesting, just on an academic level, that your reply
to Susan about not running AV on the server was:


The exact same logic could be applied to a firewall.  You can scan for
viruses at the edge, but sometimes things just get by.  Why is a network
exploit any different?  Sometimes things do not get caught at the edge.
Rogue laptop, or legitimate PC that got infected by something the AV did not
catch (which we just established *CAN* happen...)

A firewall is just that added minor protection.  Is it the end-all-be-all?
No.  But the cost-to-benefit ratio certainly makes it a worthwhile tool.

-Cliff

russ@REMOVETHIS.sbits.biz says...

russ@REMOVETHIS.sbits.biz says...

Yes, I was online watching it spread around the country while it was
happening, and it did not impact SQL servers that were properly secured,
even without a firewall. The only people that were hit by SQL Slammer
were idiots that did not have patched SQL installations - as I recall,
the patch had been released at least half a year before it was
exploited.

Melissa was a email worm that would not have been prevented by the
Servers Firewall - it worked by using the users credentials in Outlook
to email itself to people, so the firewall on SBS would not have
prevented it from reaching the SBS SMTP service and getting out.

I have never seen a malware that would have been stopped by the Servers
standard windows firewall, not in all my years.

--
You cannot trust your best friends, your five senses, only the little
voice inside you that most civilians do not even hear -- Listen to that.
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

Cliff,That's why I was confused alsoLeythos is Pro AV an the ServerAnti

Cliff,
That's why I was confused also
Leythos is Pro AV an the Server
Anti Firewall?

Seems like a Flip?
However he has his own ideas as we all do! :)

I am Pro on both especially since the cost is minimal vs the result of not
doing it...
I do not want to explain to a client why I did not implement something cheap
and easy to save them from an issue that I have to BILL for :)

But Then like I have said, we are all consultants and of course that means
Different Opinions :)

Later
Russ

--
Russell Grover - SBITS.Biz [SBS-MVP]
Microsoft Gold Certified Partner
Microsoft Certified Small Business Specialist
24hr SBS Remote Support - http://www.SBITS.Biz
Second IT Opinion http://www.personalitconsultant.com
Free Trial Microsoft Online Services (BPOS) -
http://www.microsoft-online-services.com

cgaliher@gmail.com says...

cgaliher@gmail.com says...

You're right, but I have never seen malware that compromised a patched
server from inside the LAN, so, like the SQL slammer and Melissa, they
required either an unpatched server or a user account access.

If the AV software does not catch the malware and the user has
authentication with the server at the necessary level, the firewall is
not going to prevent anything...

Think about it, for Melissa to work the malware used the USERs Outlook
account to send itself - so the firewall would not have done anything.

Same with SQL Slammer, the firewall would not have done anything because
the ports needed to exploit it were open on the LAN to start with.

Now, if you have a exploit that uses TCP 60,000 (I just made that up),
there is little chance that MS has code listening to TCP 60,000 and if
you had an app using TCP 60,000 you would already have a exception in
the firewall for it......




--
You cannot trust your best friends, your five senses, only the little
voice inside you that most civilians do not even hear -- Listen to that.
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

russ@REMOVETHIS.sbits.biz says...

russ@REMOVETHIS.sbits.biz says...

it is not a flip at all - the two have NOTHING to do with each other. A
firewall blocks PORTS, AV software blocks programs.


But, like you do not want to bill them for something that might help
them, I do not want to bill them for enabling something that causes
problems for their applications hosted on the SBS server.



--
You cannot trust your best friends, your five senses, only the little
voice inside you that most civilians do not even hear -- Listen to that.
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

Well I blame Third party apps for not playing well with 's

Well I blame Third party apps for not playing well with Microsoft's firewall
not Microsoft :)
Oh well Like I said Difference of Opinion. :)
Later
Russ

--
Russell Grover - SBITS.Biz [SBS-MVP]
Microsoft Gold Certified Partner
Microsoft Certified Small Business Specialist
24hr SBS Remote Support - http://www.SBITS.Biz
Second IT Opinion http://www.personalitconsultant.com
Free Trial Microsoft Online Services (BPOS) -
http://www.microsoft-online-services.com