Jump to content

MalwareBytes and Microsoft Exchange server


BigTC2

Recommended Posts

I have recently deployed MB endpoint protection to some of my clients. I saw the email regarding the servers unsupported by endpoint protection concerning real time protection. Is there anything special required or suggested for setting up the client on Server 2008r2 with Exchange 2010, server 2012r2 with Exchange 2016, Server 2008r2 and 2012r2 file servers and\or domain controllers? I've scanned the admin guide but didn't see anything regarding this.

 

Thank you!

Link to post
Share on other sites

Hi @BigTC2, there is no issue with the product being on an Exchange server, we will not be watching your email traffic. There are some things to be aware of, supported OS and unsupported server roles.

Server OS's supported by the agent software:

  • Windows Server 2012/2012 R2
  • Windows Small Business Server 2011
  • Windows Server 2008/2008 R2
  • Windows Server 2003 (32-bit only)

Environment roles which are unsupported. Do not install Anti-Malware to a server which runs:

  • Terminal Services (TS) / Remote Desktop Services (RDS)
  • Virtual Desktop Infrastructure (VDI)
  • Windows Storage Server
  • Server Core
  • Citrix XenDesktop
  • Citrix XenApp
  • VMware View
  • VMware VShield

 

Link to post
Share on other sites

On 9/19/2017 at 10:10 AM, djacobson said:

Hi @BigTC2, there is no issue with the product being on an Exchange server, we will not be watching your email traffic. There are some things to be aware of, supported OS and unsupported server roles.

Server OS's supported by the agent software:

  • Windows Server 2012/2012 R2
  • Windows Small Business Server 2011
  • Windows Server 2008/2008 R2
  • Windows Server 2003 (32-bit only)

Environment roles which are unsupported. Do not install Anti-Malware to a server which runs:

  • Terminal Services (TS) / Remote Desktop Services (RDS)
  • Virtual Desktop Infrastructure (VDI)
  • Windows Storage Server
  • Server Core
  • Citrix XenDesktop
  • Citrix XenApp
  • VMware View
  • VMware VShield

 

Thanks, I do have servers running XenApp, what can be done to protect those servers?

Link to post
Share on other sites

  • 3 months later...
On 9/19/2017 at 1:10 PM, djacobson said:

Hi @BigTC2, there is no issue with the product being on an Exchange server, we will not be watching your email traffic. There are some things to be aware of, supported OS and unsupported server roles.

Server OS's supported by the agent software:

  • Windows Server 2012/2012 R2
  • Windows Small Business Server 2011
  • Windows Server 2008/2008 R2
  • Windows Server 2003 (32-bit only)

Environment roles which are unsupported. Do not install Anti-Malware to a server which runs:

  • Terminal Services (TS) / Remote Desktop Services (RDS)
  • Virtual Desktop Infrastructure (VDI)
  • Windows Storage Server
  • Server Core
  • Citrix XenDesktop
  • Citrix XenApp
  • VMware View
  • VMware VShield

 

I'm happy to see Exchange is OK. Are Terminal Services (TS) / Remote Desktop Services (RDS) and Virtual Desktop Infrastructure (VDI) still unsupported?

Link to post
Share on other sites

@djacobson: Cloud, MBEP (I've been calling MEP). Exchange 2010 on Windows 2008 R2. Right now we have it on passive mode, incident response with manual scan + report. So far it hasn't picked up anything. Same for our Terminal Server on Windows 2008 R2, this one is on Endpoint Protection with scan schedules and hasn't seemed to have any issue.

Link to post
Share on other sites

@Kalrand Terminal's issue with the EP portion is a new service will start with every user that connects, this can eclipse system resources and bring the server down, which is why we do not recommend EP to have its web and file realtime on if installed to Terminal role servers. Using the IR portion, no realtime is running and so there is no issue. Exchange, if you were to move to the EP side, needs to have the web portion disabled.

Link to post
Share on other sites

I see what you mean with the TS. Logged in and the MBAMService with one person logged in was using about a GB and a half. When you say no real-time then should it be on EP at all? If that's the case with all that disabled (Web, Exploit, Malware, Ransomeware Protection) it's really in IR and we'd have to rely on schedule/manual scans for detections unless I'm missing something?

Link to post
Share on other sites

Take a closer look at that matrix I posted. EP has more than just Anti-Malware's web and file realtime, you are fine to keep the Exploit protection part of EP still on. IR and EP will also run on-demand or scheduled scans as normal, it is only the realtime pieces, which is what EP brings to the table over IR, that need to be adjusted for compatibility in accordance with a server's role.

Edited by djacobson
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.