OneView contains real-time protection layers and additional modules which support stock Windows Server Operating Systems from 2008 R2 through 2022, including variants. Server protection requires one of the following subscriptions:
- Endpoint Protection for Servers
- Endpoint Detection and Response for Servers
OneView protection layers
- Web Protection - Prevents connections to and from malicious public IP addresses and compromised websites. Web protection is redundant if a server only communicates with private IP addresses.
- Exploit Protection - Prevents vulnerability exploits and zero-day attacks.
- Malware Protection - Prevents malware infections.
- Ransomware Behavior Protection - Detects and blocks ransomware based on behavior analysis.
For more recommended server policy settings, see ThreatDown recommended policy for OneView.
OneView Add-ons
- Vulnerability Assessment - Checks for vulnerable applications.
- Patch Management - Installs OS patches and software updates on third-party applications.
- DNS Filtering - Blocks connections to domains based on OneView admin configuration.
- Application Block - Blocks specific applications from running.
For more information, see Add-ons.
Server Roles
Some protection layers and modules should not be enabled for specific server roles, as they can cause performance or network-related issues. See some examples of the most common servers used with the endpoint agent.
- Internet Information Server or Web Server - Web application system that delivers website content.
- Active Directory Server or Domain Controller - Manages the network and authentication of users and devices on the network.
- DNS Server - Matches website hostnames to their corresponding IP address.
- Exchange Server or other SMTP server role - Email and calendar system that provides access across mobile devices, desktops, and web-based systems.
- SQL Server or other database server role - Database administration system designed to manage and store information.
- RDP or terminal services - Provides users access to remotely connect with their physical workstations.
Supported protection layers for servers
For supported protection layers on servers, see the table below.
- Supported = ✓
- Unsupported = ✕
- May impact performance = !
| Windows Server Role | Web Protection | Exploit Protection | Malware Protection | Ransomware Behavior Protection |
| Internet Information Server or Web Server | ✓ ! | ✓ | ✓ | ✓ |
| Active Directory Server or Domain Controller | ✓ ! | ✓ | ✓ | ✓ |
| DNS Server | ✕ | ✓ | ✓ | ✓ |
| Exchange Server or other SMTP server role | ✓ ! | ✓ | ✓ | ✓ |
| SQL Server or other database server role | ✓ ! | ✓ | ✓ | ✓ ! |
| RDP, Hyper-V or terminal services | ✓ | ✓ | ✓ | ✕ |
Notes
- Web Protection can be enabled on DNS servers if a Web Monitoring exclusion is used. For more information, see Windows DNS Servers and Web Protection in OneView.
Supported modules for servers
| Windows Server Role | Vulnerability Assessment | Patch Management | DNS Filtering | Application Block |
| Internet Information Server or Web Server | ✓ | ✓ | ✕ | ✓ |
| Active Directory Server or Domain Controller | ✓ | ✓ | ✕ | ✓ |
| DNS Server | ✓ | ✓ | ✕ | ✓ |
| Exchange Server or other SMTP server role | ✓ | ✓ | ✕ | ✓ |
| SQL Server or other database server role | ✓ | ✓ | ✕ | ✓ |
| RDP or terminal services | ✓ | ✓ | ✕ | ✓ |
Set up server exclusions
For performance reasons, you may wish to set up exclusions for specific file types on your server. See the following external articles for more information.
-
Exchange Server or other SMTP server role - See the Microsoft article Running Windows antivirus software on Exchange servers.
- %ExchangeInstallPath% is not a supported exclusion file path. For supported exclusion types, see Overview of exclusions in OneView.
- SQL Server or other database server role - See the Microsoft article How to choose antivirus software to run on computers that are running SQL Server.