The guidance states as follows:

Do not run any applications, such as antivirus programs, in the management operating system—run all applications on virtual machines. By keeping the management operating system free of applications and running a Windows Server 2008 core installation, you will need fewer updates to the management operating system because nothing needs software updates except the Server Core installation, the Hyper-V service components, and the small (approximately 600 KB) hypervisor.

If you need to use the full version of Windows Server 2008 and run applications in the management operating system, then you should run an antivirus program there.

Now while I recommend that when you are first getting started using the full GUI of Windows 2008 and HyperV is wise so that you get the basic foundational concepts down, I’m still not convinced that if you do nothing but run HyperV role in the management operating system that you need an antivirus at that level.  You put risks on the system of false positives and of virtual disks getting mangled by file scanning. 

I’m not convinced that in the SMB space even if you use full GUI that the risks of running antivirus on the parent are worth it.  You certainly need to ensure that you exclude the virtual disks to ensure that you won’t suddenly lose the virtual disks.

The parent shouldn’t be surfing or emailing or doing anything but run that HyperV.  If you are worried about something infecting the HyperV from the guest, I think you have a bigger problem that needs to be addressed.  What kind of connectivity are you building between that HyperV parent and the guest?  The amount and type of connectivity will dictate the amount and types of infection risk.  Now compare that to the risk that A/V companies will probably not have a HyperV build in their test matrix, that you run the risk of false positives, that if there is an issue caused by that a/v it will be the last thing you look for.  Is the risk of infection on the parent greater than the  mitigation you can develop/understand?

I think the risks outweighs the benefits up on that parent and we shouldn’t knee jerk install antivirus on everything.


Comments are closed.