Just having had the chance to get to this. I will try. Mainly, it is OK to run a full anti-malware program such as MBAM EPP or others. They should be a version which is OK to run on a business network. There are many good anti-virus programs working with definitions that you can layer with it. Personally, I think MSE is good enough for up to Win7 and Windows Defender for Windows 10. It is debatable as to whether you should run an A/V, anti-malware program on a server, and it is only used as a server, you should't be on it anyway. But, malware can move across the network. I feel more confident just running Windows Defender on it.
Not a very good answer. Most antivirus and anti-malware programs these days are very good. You just want to make sure the anti-malware program has anti-ransomware as well. It's not perfect, but certainly better than nothing. Some have tools to fix the problem and there are 3rd party programs as well, but I have never tried to use them.