MEP on Remote Desktop server

[BertM]

Hello,

The Managing Malwarebytes in Large Networks Best Practices Guide states that Malwarebytes Anti Malware is not recommended on Remote Desktop servers.

Is Malwarebytes Endpoint Protection fully supported on Remote Desktop servers?

[djacobson]

On 8/22/2017 at 5:58 AM, BertM said:

Is Malwarebytes Endpoint Protection fully supported on Remote Desktop servers?

Hi @BertM, not exactly. Portions of EP are supported by servers, and then certain server roles can preclude you from using other pieces. First thing to note is MBARW, the Anti-Ransomware portion, does not support any server OS at all. Create a server specific policy with MBARW disabled for servers.  IF MBARW did support server OS, it will still not help the server at all, the program works on behavior, it would be unable to detect and stop a process running from another machine, i.e. the patient zero workstation. Protect your servers and drive shares by protecting your endpoints.

Next is Anti-Malware, the following environment roles are unsupported for Anti-Malware's real-time. Turn off the Anti-Malware real-time to a server which runs:

• Terminal Services (TS) / Remote Desktop Services (RDS)
• Virtual Desktop Infrastructure (VDI)
• Windows Storage Server
• Server Core
• Citrix XenDesktop
• Citrix XenApp
• VMware View
• VMware VShield

Since your server falls under this, I would suggest creating a more aggressive scan schedule, one that has scans happening at shorter intervals, this will help make up the different in not running the real-time. Anti-Exploit though should be just fine on your server as is.

 

[BertM]

Tnx!