Jump to content

Endpoint Protection Proper setup for Remote Desktop Server


Recommended Posts

Hello,

We recently deployed Endpoint Protection in our Company. We installed the client on our Remote Desktop Servers running Windows Server 2008R2 Standard SP1. We've noticed the Endpoint Protection Service takes 15-20% CPU usage at all times and is making the servers run a bit slower than usual. We normally have somewhere from 8 to 12 users connected at the time and the RAM normally sits around 50-60% usage. These servers are built as virtual servers using Hyper-V from a Windows Server 2012 host. These are the system specs for each:

8 CPUs

16GB of RAM 

Is there any special setup required for these kind of deployments on remote desktop servers or any tips/recommendations for deploying the endpoint protection client on these kind of environments?

Thanks!

Link to post
Share on other sites
  • 2 weeks later...
  • Staff

Hi @King_Of_The_Castle, there are a few things to consider for servers and also for those in terminal services and RDS roles. Here's something I wrote on another post that applies to your situation.

Portions of EP are supported by servers, and then certain server roles can preclude you from using other pieces. First thing to note is MBARW, the Anti-Ransomware portion, does not support any server OS at all. Create a server specific policy with MBARW disabled for servers.  IF MBARW did support server OS, it will still not help the server at all, the program works on behavior, it would be unable to detect and stop a process running from another machine, i.e. the patient zero workstation. Protect your servers and drive shares by protecting your endpoints.

Next is Anti-Malware, the following environment roles are unsupported for Anti-Malware's real-time. Turn off the Anti-Malware real-time to a server which runs:

  • Terminal Services (TS) / Remote Desktop Services (RDS)
  • Virtual Desktop Infrastructure (VDI)
  • Windows Storage Server
  • Server Core
  • Citrix XenDesktop
  • Citrix XenApp
  • VMware View
  • VMware VShield

Since your server falls under this, I would suggest creating a more aggressive scan schedule, one that has scans happening at shorter intervals, this will help make up the different in not running the real-time. Anti-Exploit though should be just fine on your server as is.

Link to post
Share on other sites
  • Staff

@King_Of_The_Castle the settings are not exactly clear as to which portion of the product they affect, so here's an example policy for a server needing Anti-Malware web and file real-time off and MBARW disabled. Anti-Exploit is on and Anti-Malware's scan engine is still in place. The scan schedule though, is in a different area of the settings.

Capture.JPG.fa50cd00c9af5c9cb8b9d1c9e4ae5ab9.JPG

Link to post
Share on other sites
  • Staff

It is the part of the real-time protection, that has been a feature of the paid Malwarebytes. This is the equivalent to the older version's "malicious file protection" with a re-branded name. The reason that real-time features cannot be used is they create a new MB process with every connection made, these can add up to the point where it can bring the server down. So we suggest to only use the scanner function in cases like this.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.