There seems to be a lot of debate on whether to install Anti-Virus on a host server or not. A lot of people say that as long as you keep the host server up to date and do not use it for anything else then you should not have any problems.
I agree with this statement but in real world scenarios you can never be a 100% sure. Some 3rd party might be at a client site without your knowledge and then stick an infected USB stick into the host server causing it to get infected.
Below is Microsoft’s recommended exclusions for servers running Hyper-V. Now we have used the below exclusions with 100% success rate using different types of Anti-virus in production environments. So my advice would be to rather install the AV just to be 100% sure.
- Default virtual machine configuration directory (C:\ProgramData\Microsoft\Windows\Hyper-V)
- Custom virtual machine configuration directories
- Default virtual hard disk drive directory (C:\Users\Public\Documents\Hyper-V\Virtual Hard Disks)
- Custom virtual hard disk drive directories
- Snapshot directories
- Vmms.exe (Note: May have to be configured as process exclusions within the antivirus software)
- Vmwp.exe (Note: May have to be configured as process exclusions within the antivirus software)
Additionally, when you use Live Migration together with Cluster Shared Volumes on Windows Server 2008 R2, exclude the CSV path “C:\Clusterstorage” and all its subdirectories.