There is a lot of AV products from different vendors like Avast, McAfee, Sophos, BitDefender, Kaspersky…
First, I’d question having Antivirus on SQL Server if it is a “must have”.
Then question it again. Seriously. I am not joking.
SQL Servers are often internal. Behind firewalls. Not accessible from outside. Only available by internal apps.
Therefore, it may not make sense to run an antivirus on the SQL Server box.
But not everything is under DBA’s control. When you know you can’t win the Antivirus battle; you at least want to configure Antivirus software properly.
Microsoft’s best practices lead us to Antivirus Exclusions.
How do you configure Antivirus for MS SQL Server
(and improve SQL Server performance?)
Add Antivirus exclusions to these:
SQL Server processes
- %ProgramFiles%\Microsoft SQL Server\<Instance_ID>.<Instance Name>\MSSQL\Binn\SQLServr.exe;
- %ProgramFiles%\Microsoft SQL Server\<Instance_ID>.<Instance Name>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe;
- %ProgramFiles%\Microsoft SQL Server\<Instance_ID>.<Instance Name>\OLAP\Bin\MSMDSrv.exe;
All SQL Server data files
- These will have extensions of .mdf, .ldf, .ndf, .bak, .trn.
SQL Server backup files
- These backup files usually have the extensions .bak and .trn.
Full-Text catalog files
- This is typically the FTData folder in your SQL Server path. Each MSSQLX.X folder, there will be multiple FTData folders that need to be excluded from antivirus scanning.
- These files are created by a user when running a SQL Profiler Trace, usually have the extension .trc.
Extended Event file targets
- Any Extended Events Trace log files, usually have the extension .xel.
Third-party SQL backup solution
- If you use a Third-party bkp software like Idera, Red-Gate, LiteSpeed, add those file extensions too.
Remove filestream containers (if you use them).
Replication executables and server-side COM objects
Files in the Replication Snapshot folder
Schedule scans during the lowest activity hours.
For Windows Failover Clusters, add these additional Antivirus exclusions (don’t forget this needs to be done on each node):
- The entire quorum/witness disk;
- The \MSDTC directory on disks used by an MSDTC resource;
- The \Cluster subdirectory of the Windows installation;
- All full-text catalog files;
- If you are using Analysis Services, the entire directory on the shared drives containing all Analysis Services data files. If you do not know this location now, remember to set the filter post-installation;
- Antivirus software should be ‘Cluster-Aware’. Check with the Antivirus vendor if it is;
Avoid the Performance and consistency issues when certain modules are loaded into SQL Server address space (KB 2033238).
If you use any of the following products, check theses vendor recommendations:
Here are a few useful links:
- How to choose antivirus software to run on computers that are running SQL Server (KB 309422);
- Antivirus software that is not cluster-aware may cause problems with Cluster Services (KB 250355)- article is getting little old, but still has some good info how Antivirus should be chosen;
- Windows Server Antivirus Exclusions (KB 822158);
- More Antivirus exclusions, and not only for MS SQL Servers;
Plan A – try not to run Antivirus on SQL Servers.
Plan B – when you have to, then make sure proper Antivirus Exclusions for SQL Server are added.
Agree? Disagree? Comment below.
What will be the risk for avoiding sql files like .mdf and .ldf from virus scan ?
MDF and LDF files are always open and actively being written to. You don’t want Antivirus software to be messing with those files. One – its a performance hit. Two – it can corrupt a file. Antivirus software looks for certain patterns in the file, so its quite possible to find that pattern. And then it will try modify db files and you will end up with corrupt database files.
I have also seen Antivirus to completely corrupt FileStream databases. As those store files on disk.
And #3 – Microsoft recommends to skip scanning of SQL db files. More info SQL Server and Antivirus Configuration.