Jump to content

Using on File Servers - Guidance?


Recommended Posts

I would like to use Malwarebytes to protect our file servers as they occasionally get hit with malware that will encrypt/corrupt our files. Do any of you have experience/guidance on doing this? 

 

For those with experience, please let me know what policy settings you use.

 

 

 

 

 

Thanks in advance!

Link to post
Share on other sites

Hi Guy947,

 

You will want to ensure the Protection module is enabled on each computer and server on your network.  This will provide realtime protection against active malware.

 

Daily Quick Scans are also a good idea, as these are fast and look in areas that malware commonly hides.

 

Having your clients update from the internet often is highly recommended.  Getting the latest definitions as soon as possible will help protect against new variants.

 

Finally, having Anti-Exploit enabled is also very important to stop exploit-delivered malware.

Link to post
Share on other sites

Adding to the above, you stated "...file servers as they occasionally get hit with malware that will encrypt/corrupt our files."

 

Examine it from the Point of View ( POV ) of the malware.

 

If the File Servers are hosting User Home Shares and Organizational Data Shares and data is being encrypted in these NT Shares then the infection is on the User Computers/Domain Participants and run in a context of that user using that person's access privileges.  Anti malware on the server won't protect against actions that stem from a workstation.

 

If the actual server bears the infection then look at those who have access to the server and whether they are "respecting the role of the server".  In this case the problem is that the server is a non-Dedicated Server and those who have access to the server may be performing actions that are best done on a workstation and not on the server.  Checking one's email and browsing the Internet when accessing the server is not "respecting the role of the server".  In that case anti malware software will help mitigate the risk.  However in this case you may have user's who perform risky behaviour that needs to be restrained/curtailed.

Link to post
Share on other sites

Thanks for everyone's feedback.

 

As I dig further, it seems Malwarebytes Anti-Malware for Business isn't even supported for use on servers as per the Malwarebytes post below. I'll submit a formal ticket asking about this but if a Malwarebytes staff person can state in this thread when the product is anticipated to be certified for use with servers, I would appreciate it.

 

https://forums.malwarebytes.org/index.php?/topic/168819-server-support/

 

Hi Guy947,

 

You will want to ensure the Protection module is enabled on each computer and server on your network.  This will provide realtime protection against active malware.

 

Daily Quick Scans are also a good idea, as these are fast and look in areas that malware commonly hides.

 

Having your clients update from the internet often is highly recommended.  Getting the latest definitions as soon as possible will help protect against new variants.

 

Finally, having Anti-Exploit enabled is also very important to stop exploit-delivered malware.

 

As I dig further, it seems Malwarebytes Anti-Malware for Business isn't even supported for use on servers as per the Malwarebytes post below. I'll submit a formal ticket asking about this but if a Malwarebytes staff person (you?) can state in this thread when the product is anticipated to be certified for use with servers, I would appreciate it.

 

https://forums.malwarebytes.org/index.php?/topic/168819-server-support/

Link to post
Share on other sites

Adding to the above, you stated "...file servers as they occasionally get hit with malware that will encrypt/corrupt our files."

 

Examine it from the Point of View ( POV ) of the malware.

 

If the File Servers are hosting User Home Shares and Organizational Data Shares and data is being encrypted in these NT Shares then the infection is on the User Computers/Domain Participants and run in a context of that user using that person's access privileges.  Anti malware on the server won't protect against actions that stem from a workstation.

 

If the actual server bears the infection then look at those who have access to the server and whether they are "respecting the role of the server".  In this case the problem is that the server is a non-Dedicated Server and those who have access to the server may be performing actions that are best done on a workstation and not on the server.  Checking one's email and browsing the Internet when accessing the server is not "respecting the role of the server".  In that case anti malware software will help mitigate the risk.  However in this case you may have user's who perform risky behaviour that needs to be restrained/curtailed.

Agreed - our workstation coverage is pretty good and we're making strides to improve it every day but not installing Malwarebytes Anti-Malware for Business on file servers strikes me as a lost opportunity given we have licenses to spare. Unfortunately, I came across the post below from Malwarebytes stating the product is not yet certified for use on servers. I wouldn't feel comfortable deploying it on servers until it is...

 

https://forums.malwarebytes.org/index.php?/topic/168819-server-support/

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.