I am in the process of a new free for education Avast deployment.
There are several sections of the Avast client which appear to be either "Not Applicable" or "Not a Good Idea to Use" on Windows servers.
The servers I run are mainly Server 2008 R2 with Windows Update automatically installing daily, and that right there is the biggest issue for system protection.
Is it a best practice to turn off functions in the package configuration if I'm not going to use them, to reduce server CPU load for unnecessary components that won't do anything?
Probably the most important function for servers is ONLY the File System shield on file servers, to scan user home directories and protect the network users from themselves.
What exactly is the specific advantage of the Avast firewall vs the Windows Server firewall? The Windows firewall seems to work fine, and on a server I have to worry about Avast's firewall possibly blocking some critical role by default that could bring down a "production" school network. I do not have a "test server environment". So it seems better to just avoid Avast's firewall and stay with the default Windows server firewall.
The Behavior shield is another that has me worried for a server. Don't make random guesses about what the server is doing and get your nose in there and potentially screw things up. This seems a function more suited for the desktop clients, than a domain controller, database server, or main file server.
That is similarly a concern for the Script Shield and the Network Shield when running extremely complex district administration database software. Imagine Avast getting its nose in a payroll script or student grading function and saying "nope, that looks suspicious" and corrupting transactions. Such induced errors might never be discoverable.
We don't use Sharepoint or Exchange or any other local mail server, and it is simply dumb for an administrator to be using IM or P2P software on a server.
Disabled Components:
- Sandbox
- SafeZone
- Cisco NAC
Disabled client shields:
- Mail Shield
- IM Shield
- P2P Shield
- Network Shield
- Script Shield
- Antispam Shield
- Firewall Shield
Disabled server shields:
- Sharepoint Shield (32 bit)
- Sharepoint Shield (64 bit)
- Exchange Shield (32 bit)
- Exchange Shield (64 bit)
- Antispam Shield for Exchange
Boot time scan:
- No
Enabled components:
- Browser protection
Client Shields:
- File System Shield
- Web Shield
I will probably go further and exclude any database folders from protection scanning, as it is typically impossible to scan inside enterprise databases files for viruses or do anything about them, and which just drags down the server.
What have other people been doing with district server protection with Avast, and what have your experiences with it been like?