Windows Small Business Server 2011 Essentials (SBS2011E) is Microsoft’s entry-level server OS for small business. It is a good option for cost conscious small business owners provided you are aware of some of its limitations.  I described a workaround for the lack of encrypted backups in a earlier post.  Today I’ll discuss a practical low-cost option for anti-virus software that works on the SBS2011E platform as well as the more common Windows 2000/XP/7/8 operating systems.

Microsoft worked hard to achieve tight integration of function in SBS2011E so I was surprised to learn that it didn’t include any type of anti-virus functionality. Like the lack of encrypted backups, Microsoft again leaves it up to the small business owner to find an acceptable solution to a critical security function!

Even more surprising however is that the first option many people might look to as a solution doesn’t work! Here I’m referring to the Microsoft Security Essentials (MSE).  MSE is a solid product that is free to use on home computers running the Microsoft 2000/XP/7/8 series of operating systems.  Microsoft even allows MSE to be used in a small business environment on up to 10 workstations so it’s use within small businesses is not without precedent.  Nevertheless, you will find that MSE is not licensed for use on the Microsoft server operating systems such as SBS2011E.  I don’t claim to understand Microsoft’s reasoning on this, but many of the anti-virus solutions from others makers are similarly not workable on the SBS2011E environment either due to licensing or compatibility issues. This is a sad state of affairs for a product aimed at small businesses who are in dire need of affordable, well thought out, and easy to use products that address critical security issues!

After doing some web research, I determined that one of the best anti-virus options for SBS2011E was the program known as Immunet.  It is a Windows implementation of the open source Clam AV anti-virus product that is a defacto standard in the Linux / Unix world. I’ve used Clam AV on my Linux machines for years so I was comfortable recommending Immunet for use on a client’s small business server.

While the Immunet anti-virus engine has it’s roots in Linux/Unix, the Immunet product has a number of features that set it apart from the well-regarded Clam AV program. One of the most interesting changes is that Immunet uses cloud computing to deliver real-time protection to your PC. They claim that you “stay protected against over 13 million viruses and thousands of new threats daily without ever downloading another virus detection file again.” For those that are off-line from time-to-time there is also an option to use the down-loadable Clam AV virus definitions. Immunet claims to be a lightweight anti-virus solution which doesn’t slow down your PC. Having suffered with heavy weight anti-virus products in the past, I generally recommend lightweight tools to avoid situations where “the cure is worse than the disease.” Immunet claims to provide “collective immunity” that continuously improves with each new user who installs Immunet Plus. They say that when Immunet detects a threat on one user’s PC, that threat is blocked from harming all users in the Immunet Community simultaneously, giving all Immunet users shared immunity against computer viruses. If implemented properly, this kind of thinking might help the majority of us avert a zero-day disasters at some future date.

While not critical for SBS2011E, Immunet also claims to be compatible with existing anti-virus solutions that might already be on your PC. I’ve seen the results of installing multiple incompatible anti-virus solutions on Windows before and the result isn’t pretty. So, for the really paranoid, Immunet might be a good option to add extra protection without added headaches and system slowdown.

I had used MSE on my Windows 2000/XP/7 workstations, but Immunet seemed like a nice option so I tried it out on a Windows 7 VM before installing it on the client’s MSE2011E server. Installation was easy but I noted high CPU usage until I configured it to ignore the MSE directory. See here for details on fixing that. Overall it seemed like a nice, easy to use and free anti-virus solution!

I’ll note that I didn’t experience any issues whatsoever when installing Immunet on the SBS2011E server since it didn’t have a preexisting anti-virus solution. On SBS2011E Immunet is an an easy download and go solution.

My experience to date has been limited to the free version of Immunet, but they also offer an enhanced version (Immunet Plus) which offers additional functionality at a modest cost.  Features such as “Offline Scanning”, Advanced Rootkit Detection and Removal, and Enhanced Virus Removal might be well worth the modest fees for many small business operators.

Overall, Immunet seems like an ideal anti-virus solution on the SBS2011E platform where options are otherwise somewhat limited. Even those running the workstation class Windows 2000/XP/7/8 operating systems might want to consider Immunet as either a primary or additional layer of protection for your machines.