We're rolling out a new Remote Desktop Services server and have decided that it's probably time to install antivirus software on it; while we wait for our vendor/supplier to tell us about the licensing options, can anyone explain how various AV software works (in terms of processes/services) in a multi-user Remote Desktop server environment? Do they use:
- background service with no per-user component?
- per-user component only?
- something else?
This question suggested that ESET had a background service and Symantec would load one instance per user; what do various other AV programs do on remote desktop servers? Specifically I'm looking at Symantec Endpoint Protection, Trend Micro and Microsoft Forefront.
It's most likely specific to each AV vendor. I know that Symantec AV (at least versions 9 and 10) loaded components per each user session. We're currently running AVG on our TS servers and it loads components only per machine (System), so no AVG processes actually run under any user context.
It's software specific. It can also depend on just what components are used/installed. e.g. A given AV package may load a single instance per server but open individual instances of some components, such as Outlook plug-ins, per user.
Assume nothing and ask the vendor about their specific product.
You want to try to look for one that has a server version. Running one instance per user is not as bad as you might think and depending on the software might be reasonable. On windows 5 copies of the same application does not necessarily mean using 5 times the resources. Consider that malware runs on user settings, rather than infecting a machine so potentially software that isn't monitoring user space except per instance would run this way. You also want to make sure that regardless of per system or per user, you are able to control access to the AV interface from a central location. One of the issues I've run across in the past was users deciding to run AV scans on their own. 3 or 4 users running simultaneous AV scans and updates can make the server run like a carton a day smoker, carrying a large gold brick, wearing swim fins. it's very important to consult with the vendor for best practices when installing on a terminal server.