How to configure Antivirus running on SQL Server

Antivirus SQL server best practices

There is a lot of AV products from different vendors like Avast, McAfee, Sophos, BitDefender, Kaspersky…

First, I’d question having Antivirus on SQL Server if it is a “must have”.

Then question it again. Seriously. I am not joking.

SQL Servers are often internal. Behind firewalls. Not accessible from outside. Only available by internal apps.

Therefore, it may not make sense to run an antivirus on the SQL Server box.

But not everything is under DBA’s control. When you know you can’t win the Antivirus battle; you at least want to configure Antivirus software properly.

Microsoft’s best practices lead us to Antivirus Exclusions.

How do you configure Antivirus for MS SQL Server

(and improve SQL Server performance?)

Add Antivirus exclusions to these:

  • SQL Server processes

    1.  %ProgramFiles%\Microsoft SQL Server\<Instance_ID>.<Instance Name>\MSSQL\Binn\SQLServr.exe;
    2. %ProgramFiles%\Microsoft SQL Server\<Instance_ID>.<Instance Name>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe;
    3. %ProgramFiles%\Microsoft SQL Server\<Instance_ID>.<Instance Name>\OLAP\Bin\MSMDSrv.exe;
  • All SQL Server data files

    • These will have extensions of .mdf, .ldf, .ndf, .bak, .trn.
  • SQL Server backup files

    • These backup files usually have the extensions .bak and .trn.
  • Full-Text catalog files

    • This is typically the FTData folder in your SQL Server path. Each MSSQLX.X folder, there will be multiple FTData folders that need to be excluded from antivirus scanning.
  • Trace files

    • These files are created by a user when running a SQL Profiler Trace, usually have the extension .trc.
  • Extended Event file targets

    • Any Extended Events Trace log files, usually have the extension .xel.
  • Third-party SQL backup solution

    • If you use a Third-party bkp software like Idera, Red-Gate, LiteSpeed, add those file extensions too.
  • Remove filestream containers (if you use them).

  • Replication executables and server-side COM objects

  • Files in the Replication Snapshot folder

  • Schedule scans during the lowest activity hours.

 

For Windows Failover Clusters, add these additional Antivirus exclusions (don’t forget this needs to be done on each node):

  • The entire quorum/witness disk;
  • The \MSDTC directory on disks used by an MSDTC resource;
  • The \Cluster subdirectory of the Windows installation;
  • All full-text catalog files;
  • If you are using Analysis Services, the entire directory on the shared drives containing all Analysis Services data files. If you do not know this location now, remember to set the filter post-installation;
  • Antivirus software should be ‘Cluster-Aware’. Check with the Antivirus vendor if it is;

Special Cases

Avoid the Performance and consistency issues when certain modules are loaded into SQL Server address space (KB 2033238).

If you use any of the following products, check theses vendor recommendations:

Here are a few useful links:

 

Conclusion

Plan A – try not to run Antivirus on SQL Servers.

Plan B – when you have to, then make sure proper Antivirus Exclusions for SQL Server are added.

Agree? Disagree? Comment below.

 

Share this post

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

Leave a Comment

Your email address will not be published. Required fields are marked *

4.8/5

42

TESTIMONIALS

FREE Scripts to Instantly
Improve SQL Server Performance

3 FREE Scripts to Instantly
Improve SQL Server Performance

Learn how to increase Performance of SQL Server INSTANTLY with 3 free scripts.