B4J server and antivirus

[marcick]

Hi all, I just want to ask an opinion to this community about network security.
I have a cloud server (Windows server 2019) with WAMP and a B4J JRDC application.
It allows communication between devices that send TCP data, stored in MySQL, and IOS/Android devices that poll data.
The machine is not much powerful (2CPU, 4GB Ram, 80GB HD), and in some situation I see the overload in the picture.
I wonder: in this context, is it really useful Windows defender antivirus ? Which are the risks uninstalling it ? It is not a machine where the user navigate, download, receive email, etc.
Thanks to everybody wants to share its point of view.

 

[Erel]

I would have disabled the anti virus if it significantly impacts performance. You do need to make sure that your servers are secure.

 

[marcick]

Assuming that on the server nobody navigate on internet, uses email or download anything, which kind of other attack can be made from external, that windows defender could block ?

 

[TILogistic]

the attacks from the outside are many and of different methods.

If it uses wampserver, I suggest you check the configuration, from what I see in the image, windows defender is checking the in and out of the apache server.

my server (wondows server 2016).

 

[TILogistic]

question:

because I use wampserver, if it is only for development and not for exploitation.

for Windows, IIS is recommended over Apache.

Apache is optimal for linux

 

[marcick]

the attacks from the outside are many and of different methods.

If it uses wampserver, I suggest you check the configuration,

1) assuming that on the server nobody navigate on internet, uses email or download anything, which kind of other attack can be made from external, that windows defender could block ?

2) Where and What configuration you suggest to check ?

Anyway in normal condition I see few resources about defender, as your situation. Just sometime the CPU is overcharged by defender and I suspect in those situation can occour crashes of my app.

 

[TILogistic]

If the server is for web page services.

Restrict access to the Http and Https ports.

For Mysql or MariaDB database, you only need to have local access to port 3306 or other.

A few months ago I had many IP attacks from China, trying to access the database through port 3306 and through Http ports.

The antivirus consumed more than 50% of the CPU

and this server works 24 hours a day, 7 days a week with more than 1000 requests per second

 

[marcick]

3306/3308 are not opened for outside. I use JRDC to interface with MySQL.
The attacks you have experienced were blocked by windows defender so you can say it was useful for you ?

 

[TILogistic]

The database attacks were detected by MariaDB denying access and we checked the logs and saw that the IP addresses were from China.

Regarding the attacks on the Http ports, we reviewed the logs and saw that they also tried to inject malware, and that the antivirus put it in quarantine.

In conclusion, it is advisable to have the antivirus activated to detect the entry of viruses to your server.

 

[TILogistic]

Only information:

12 Types of Malware + Examples That You Should Know | CrowdStrike

Learn how to classify the different types of malware, how each type gains access to networks, & what happens when they do. Top 11 malware types listed here.

www.crowdstrike.com

 

[marcick]

Really difficult for me to understand how an “attack” can inject something ….