Do you have any particular server roles in mind? AD/DNS/File server/SQL?
Certain roles will be impacted more by AV scanning than others. If you think about the level of file I/O on a machine based on it's role and how many files and the type of files make up the set of frequently accessed files you can start to make informed decisions on configuration/exclusions.
I would start with exclusions before disabling on-access as long as it was practical and then maybe consider the scanning options after that, i.e. on-read/on-write and then various types of scanning such as suspicious files/suspicious behaviour.
One way of determining the possible exclusions that might help "lighten the load" on the machine would be to run ProcessMonitor (if not considered too dangerous on a live server) during normal operation for maybe a couple of minutes filtered just by file operations. Then go to "Tools" - "File Summary" and sort by opens and closes. This will give you an idea of the files being opened and closed regularly. Likewise "Resource Monitor" which comes with Vista+ as accessible from TaskManager can also be used to establish such information. The "Disk" tab from that will show you what's going on.
Do you have any particular server roles in mind? AD/DNS/File server/SQL?
Certain roles will be impacted more by AV scanning than others. If you think about the level of file I/O on a machine based on it's role and how many files and the type of files make up the set of frequently accessed files you can start to make informed decisions on configuration/exclusions.
I would start with exclusions before disabling on-access as long as it was practical and then maybe consider the scanning options after that, i.e. on-read/on-write and then various types of scanning such as suspicious files/suspicious behaviour.
One way of determining the possible exclusions that might help "lighten the load" on the machine would be to run ProcessMonitor (if not considered too dangerous on a live server) during normal operation for maybe a couple of minutes filtered just by file operations. Then go to "Tools" - "File Summary" and sort by opens and closes. This will give you an idea of the files being opened and closed regularly. Likewise "Resource Monitor" which comes with Vista+ as accessible from TaskManager can also be used to establish such information. The "Disk" tab from that will show you what's going on.
