I have a 2012 R2 Hyper-V host running System center endpoint protection. There are two virtual windows servers being hosted by it.
I have all .vhdx drives in a folder on d:/server/
Can I trust the antivirus to scan these files and find viruses or do I need to have an antiviurus program in each virtual machine?
If I scan these files manually endpoint protection almost immediately returns no viruses found, which makes me wonder if its even trying to scan them.
No, you should not be using AV software on the host to scan your VHD location. You can install AV software on the host but you need to exclude several Hyper-V related folders from the real time AV scanning engine and from any scheduled AV scans. You should then install AV software on the individual guest virtual machines.
https://support.microsoft.com/en-us/kb/961804
You need to install AV which is specially designed for Hyper-V. It will install itself into host but it will scan VMs and their vRAM, on-disk images and also intercept traffic between VMs and host routed over vSwitch. 5nine has one (I'm not working for them it's just an example).
http://www.5nine.com/5nine-security-for-hyper-v-product.aspx
@BaronSamedi is right, best approach is a VM-aware agentless AV solution. 5nine has 3 AV options to choose from including Vipre, Kaspersky, and IIRC ThreatTrack. An alternative may be ESET, they recently started offering agentless specifically for virtualized environments.
Good question! I would install locally each AV if you can.
Why? because if you scan the VHD you will catch only virus that hit the harddrive, but not the virus loaded in memory from a remote location, so I would consider the server at risk
If you install locally the AV be sure to disable the VHD scan too on the host, to not cause an IO problem on the host.