Blog du Tristank

So terrific that 3 of 4 readers rated it "soporific"

Antivirus software on ISA Server

There are two major classes of Anti Virus software (yes, I know I used one word above, it’s called SEO, okay?) that can be used on an ISA Server computer:

  • ISA-integrated antivirus scanning products

  • Regular desktop/server antivirus products

The first category is the cooler of the two, and typically involves a Web Filter and/or an Application Filter. It’s been designed to work with ISA Server, and will likely scan HTTP streams while ISA is processing them.

The second category is more common – a desktop or server antivirus product is installed on the ISA Server. That’s probably a good idea from a Defense In Depth perspective.

But if you’re using the second category (or it’s just part of your server build), did you know that there are a set of exclusions we recommend you should use?

The ISA Server product team did some great work in pulling together a set of recommendations for when Antivirus is used on ISA Server. Have a read, have a think, and then check whether yours is implemented correctly. If it isn’t, outages, poor performance and other issues might arise.

And (sorta getting into the ramble here) have you ever noticed that Support people tend to make uncomfortable noises about Antivirus products when you mention they’re installed (if not outright suggesting that you disable and/or uninstall them straight-off)? Well, that’s because when they’re not configured in a way that doesn’t interfere with the operation of other software, they really have, statistically, experientially, and commonly, been known to cause problems.

It’s almost a cliche to be asked to remove AV software while troubleshooting a problem – but the cliche came from somewhere to begin with. Configuring the AV as recommended is an excellent way of minimizing that risk.