How to configure Antivirus running on SQL Server

Antivirus SQL server best practices

There is a lot of AV products from different vendors like Avast, McAfee, Sophos, BitDefender, Kaspersky…

First, I’d question having Antivirus on SQL Server if it is a “must have”.

Then question it again. Seriously. I am not joking.

By the way, this check is a part of our SQL Server Health Check.

SQL Servers are often internal. Behind firewalls. Not accessible from outside. Only available by internal apps.

Therefore, it may not make sense to run an antivirus on the SQL Server box.

But not everything is under DBA’s control. When you know you can’t win the Antivirus battle; you at least want to configure Antivirus software properly.

Microsoft’s best practices lead us to Antivirus Exclusions.

How do you configure Antivirus for MS SQL Server

(and improve SQL Server performance?)

Add Antivirus exclusions to these:

  • SQL Server processes

    1.  %ProgramFiles%\Microsoft SQL Server\<Instance_ID>.<Instance Name>\MSSQL\Binn\SQLServr.exe;
    2. %ProgramFiles%\Microsoft SQL Server\<Instance_ID>.<Instance Name>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe;
    3. %ProgramFiles%\Microsoft SQL Server\<Instance_ID>.<Instance Name>\OLAP\Bin\MSMDSrv.exe;
  • All SQL Server data files

    • These will have extensions of .mdf, .ldf, .ndf, .bak, .trn.
  • SQL Server backup files

    • These backup files usually have the extensions .bak and .trn.
  • Full-Text catalog files

    • This is typically the FTData folder in your SQL Server path. Each MSSQLX.X folder, there will be multiple FTData folders that need to be excluded from antivirus scanning.
  • Trace files

    • These files are created by a user when running a SQL Profiler Trace, usually have the extension .trc.
  • Extended Event file targets

    • Any Extended Events Trace log files, usually have the extension .xel.
  • Third-party SQL backup solution

    • If you use a Third-party bkp software like Idera, Red-Gate, LiteSpeed, add those file extensions too.
  • Remove filestream containers (if you use them).

  • Replication executables and server-side COM objects

  • Files in the Replication Snapshot folder

  • Schedule scans during the lowest activity hours.

For Windows Failover Clusters, add these additional Antivirus exclusions (don’t forget this needs to be done on each node):

  • The entire quorum/witness disk;
  • The \MSDTC directory on disks used by an MSDTC resource;
  • The \Cluster subdirectory of the Windows installation;
  • All full-text catalog files;
  • If you are using Analysis Services, the entire directory on the shared drives containing all Analysis Services data files. If you do not know this location now, remember to set the filter post-installation;
  • Antivirus software should be ‘Cluster-Aware’. Check with the Antivirus vendor if it is;

Special Cases

Avoid the Performance and consistency issues when certain modules are loaded into SQL Server address space (KB 2033238).

If you use any of the following products, check theses vendor recommendations:

Here are a few useful links:

Conclusion

Plan A – try not to run Antivirus on SQL Servers.

Plan B – when you have to, then make sure proper Antivirus Exclusions for SQL Server are added.

Agree? Disagree? Comment below.

Mark Varnas

Mark Varnas

Hey I'm Mark, one of the guys behind Red9. I make a living performance tuning SQL Servers and making them more stable. I channel my SQL into our SQL Managed Services, SQL Consulting and our internal database products.

2 Responses

    1. MDF and LDF files are always open and actively being written to. You don’t want Antivirus software to be messing with those files. One – its a performance hit. Two – it can corrupt a file. Antivirus software looks for certain patterns in the file, so its quite possible to find that pattern. And then it will try modify db files and you will end up with corrupt database files.

      I have also seen Antivirus to completely corrupt FileStream databases. As those store files on disk.

      And #3 – Microsoft recommends to skip scanning of SQL db files. More info SQL Server and Antivirus Configuration.

Leave a Reply

Your email address will not be published. Required fields are marked *