You can use a group policy to protect your server from known viruses that require an executable to run. For example, Sobig.F and Blaster are two fine examples.

Go to Run > Type MMC to open the Microsoft Management Console.

Select File > Add/Remove Snap-in > Add > Group Policy Object Editior

Allow it to modify the Local Computer in the wizard. Close > OK

Navigate to Local Computer Policy > User Configuration > Administrative Templates > System Click on Systems on the left hand panel. You should get some choices in the right hand pane.

Select Don't Run Specified Windows Applications.

Select Enable and then Show > Add

Add any applications you want to restrict. Blaster and Sobig.F are

WINPPR32.EXE
MSBLASTER.EXE