There is a lot of antivirus software from different vendors like Avast, McAfee, Sophos, BitDefender, Kaspersky…
I would first question the necessity of having antivirus software on SQL Server.
Then question it again.
Seriously. I am not joking.
SQL Servers are often internal. Behind firewalls. Not accessible from outside. Only available by internal apps.
Therefore, it may not make sense to run an antivirus on the SQL Server box.
But not everything is under DBA’s control.
When you know you can’t win the antivirus battle, you at least want to configure antivirus software properly.
Microsoft’s best practices lead us to antivirus exclusions.
How to configure antivirus for SQL Server (and improve performance)
Add antivirus exclusions to these:
- SQL Server processes
- %ProgramFiles%\Microsoft SQL Server\<Instance_ID>.<Instance Name>\MSSQL\Binn\SQLServr.exe;
- %ProgramFiles%\Microsoft SQL Server\<Instance_ID>.<Instance Name>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe;
- %ProgramFiles%\Microsoft SQL Server\<Instance_ID>.<Instance Name>\OLAP\Bin\MSMDSrv.exe;
- All SQL Server data files
These will have extensions of .mdf, .ldf, .ndf, .bak, .trn. - SQL Server backup files
These backup files usually have the extensions .bak and .trn. - Full-text catalog files
This is typically the FTData folder in your SQL Server path.
In each MSSQLX.X folder, there will be multiple FTData folders that need to be excluded from antivirus scanning. - Trace files
These files are created by a user when running a SQL Server Profiler Trace and usually have the extension .trc. - Extended Event file targets
Any Extended Events trace log files, usually have the extension .xel. - Third-party SQL backup solution
If you use a third-party backup software like Idera, Red-Gate, or LiteSpeed, add those file extensions too. - Remove FILESTREAM containers (if you use them).
- Replication executables and server-side COM objects.
- Files in the Replication Snapshot folder.
- Schedule scans during the lowest activity hours.
Additional antivirus exclusions for Windows Failover Clusters
Ensure you add these additional antivirus exclusions for Windows Failover Clusters, and, importantly, don’t forget to perform this on each node:
- The entire quorum/witness disk.
- The \MSDTC directory on disks used by an MSDTC resource.
- The \Cluster subdirectory of the Windows installation.
- All full-text catalog files.
- If you are using Analysis Services, the entire directory on the shared drives contains all Analysis Services data files.
If you do not know this location now, remember to set the filter post-installation. - Antivirus software should be ‘Cluster-Aware’. Check with the antivirus vendor if it is.
Special cases
Avoid the performance and consistency issues when certain modules are loaded into SQL Server address space (KB 2033238).
If you use any of the following products, check these vendor recommendations:
Here are a few useful links:
- How to choose antivirus software to run on computers that are running SQL Server (KB 309422)
- Antivirus software that is not cluster-aware may cause problems with Cluster Services (KB 250355)– the article is getting a little old but still has some good info on how antivirus should be chosen
- Windows Server Antivirus Exclusions (KB 822158)
- More Antivirus exclusions, and not only for MS SQL Servers
Conclusion
Plan A – try not to run Antivirus on SQL Servers.
Plan B – when you have to, then make sure proper antivirus exclusions for SQL Server are added.
Agree? Disagree? Comment below.
What will be the risk for avoiding sql files like .mdf and .ldf from virus scan ?
MDF and LDF files are always open and actively being written to. You don’t want Antivirus software to be messing with those files. One – its a performance hit. Two – it can corrupt a file. Antivirus software looks for certain patterns in the file, so its quite possible to find that pattern. And then it will try modify db files and you will end up with corrupt database files.
I have also seen Antivirus to completely corrupt FileStream databases. As those store files on disk.
And #3 – Microsoft recommends to skip scanning of SQL db files. More info SQL Server and Antivirus Configuration.