Nebula contains real-time protection layers and additional modules which support stock Windows Server Operating Systems from 2008 R2 through 2022, including variants. Server protection requires one of the following subscriptions:
- Endpoint Protection for Servers
- Endpoint Detection and Response for Servers
Nebula protection layers
- Web Protection - Prevents connections to and from malicious public IP addresses and compromised websites. Web protection is redundant if a server only communicates with private IP addresses.
- Exploit Protection - Prevents vulnerability exploits and zero-day attacks.
- Malware Protection - Prevents malware infections.
- Behavior Protection - Detects and blocks ransomware based on behavior analysis.
For more recommended server policy settings, see ThreatDown recommended policy for Nebula.
Nebula modules
- Vulnerability Assessment - Checks for vulnerable applications.
- Patch Management - Installs OS patches and software updates on third-party applications.
- DNS Filtering - Blocks connections to domains based on Nebula admin configuration.
- Application Block - Blocks specific applications from running.
For more information, see Modules.
Server Roles
Some protection layers and modules should not be enabled for specific server roles, as they can cause performance or network-related issues. See some examples of the most common servers used with the endpoint agent.
- Internet Information Server or Web Server - Web application system that delivers website content.
- Active Directory Server or Domain Controller - Manages the network and authentication of users and devices on the network.
- DNS Server - Matches website hostnames to their corresponding IP address.
- Exchange Server or other SMTP server role - Email and calendar system that provides access across mobile devices, desktops, and web-based systems.
- SQL Server or other database server role - Database administration system designed to manage and store information.
- RDP or terminal services - Provides users access to remotely connect with their physical workstations.
Supported protection layers for servers
For supported protection layers on servers, see the table below.
- Supported = ✓
- Unsupported = ✕
- May impact performance = !
Windows Server Role | Web Protection | Exploit Protection | Malware Protection | Behavior Protection |
Internet Information Server or Web Server | ✓ ! | ✓ | ✓ | ✓ |
Active Directory Server or Domain Controller | ✓ ! | ✓ | ✓ | ✓ |
DNS Server | ✕ | ✓ | ✓ | ✓ |
Exchange Server or other SMTP server role | ✓ ! | ✓ | ✓ | ✓ |
SQL Server or other database server role | ✓ ! | ✓ | ✓ | ✓ ! |
RDP or terminal services | ✓ | ✓ | ✓ | ✕ |
Notes
- Web Protection can be enabled on DNS servers if a Web Monitoring exclusion is used. For more information, see Windows DNS Servers and Web Protection in Nebula.
Supported modules for servers
Windows Server Role | Vulnerability Assessment | Patch Management | DNS Filtering | Application Block |
Internet Information Server or Web Server | ✓ | ✓ | ✕ | ✓ |
Active Directory Server or Domain Controller | ✓ | ✓ | ✕ | ✓ |
DNS Server | ✓ | ✓ | ✕ | ✓ |
Exchange Server or other SMTP server role | ✓ | ✓ | ✕ | ✓ |
SQL Server or other database server role | ✓ | ✓ | ✕ | ✓ |
RDP or terminal services | ✓ | ✓ | ✕ | ✓ |
Set up server exclusions
For performance reasons, you may wish to set up exclusions for specific file types on your server. See the following external articles for more information.
-
Exchange Server or other SMTP server role - See the Microsoft article Running Windows antivirus software on Exchange servers.
- %ExchangeInstallPath% is not a supported exclusion file path. For supported exclusion types, see Overview of exclusions in Nebula.
- SQL Server or other database server role - See the Microsoft article How to choose antivirus software to run on computers that are running SQL Server.