Should I run a server-specific antivirus, regular antivirus, or no antivirus at all on my servers, particularly my Domain Controllers?
Here's some background about why I'm asking this question:
I've never questioned that antivirus software should be running on all windows machines, period. Lately I've had some obscure Active Directory related issues that I have tracked down to antivirus software running on our domain controllers.
The specific issue was that Symantec Endpoint Protection was running on all domain controllers. Occasionally, our Exchange server triggered a false-positive in Symantec's "Network Threat Protection" on each DC in sequence. After exhausting access to all DCs, Exchange began refusing requests, presumably because it could not communicate with any Global Catalog servers or perform any authentication.
Outages would last about ten minutes at a time, and would occur once every few days. It took a long time to isolate the problem because it was not easily reproducible and generally investigation was done after the issue resolved itself.
Best Answer
Anti-virus software should definitely be running on all machines in a properly-managed network, even if other threat prevention measures are in place. It should run on servers too, for two reasons: 1) they're the most critical computers in your environment, much more than client systems, and 2) they're no less at risk only because nobody actively uses (or at least should not being actively using) them for surfing the web: there's plenty of malware which can automatically spread across your network if it can get hold even of a single host.
That said, your problem is more related to properly configuring your anti-virus software.
The product you're using comes with built-in firewalling: that's something that should be taken into account when running it on server systems, and configured accordingly (or turned off at all).
Some years ago, anti-virus software was (in)famous for randomly deleting Exchange databases if by chance it came across a viral signature inside some e-mail message stored in the physical data file; every anti-virus vendor warned about this in the product manual, but some people still failed to grasp it and got their stores nuked.
There's no software you can "just install and run" without thinking twice about what you're doing.