How to configure Antivirus running on SQL Server

How to configure Antivirus running on SQL Server

 

First, I’d question having Antivirus on SQL Server if it is a “must have”.

Then question it again. Seriously. Not joking.

 

SQL Servers are often internal. Behind firewalls. Not accessible from outside. Only accessible by internal apps.

Therefore, it may not make sense to run antivirus on SQL box.

 

But not everything is under DBA’s control. When you know you can’t win Antivirus battle, you at least want to configure Antivirus properly, which leads us to Antivirus Exclusions.

 

How do you configure Antivirus for SQL Server (and improve SQL Server performance?)

 

Add Antivirus exclusions to these:

  • All SQL Server data files. These will have extensions of .mdf, .ldf, .ndf, .bak, .trn.
  • Remove filestream containers (if you use them).
  • If you use third party SQL backup solution – like Idera, Red-Gate, LiteSpeed, add those file extensions too.
  • Schedule scans during lowest activity hours.

 

For Windows Failover Clusters, add these additional Antivirus exclusions (don’t forget this needs to be done on each node):

  • The entire quorum/witness disk.
  • The \MSDTC directory on disks used by an MSDTC resource.
  • The \Cluster subdirectory of the Windows installation.
  • All full-text catalog files.
  • If using Analysis Services, the entire directory on the shared drives containing all Analysis Services data files. If you do not know this location now, remember to set the filter post installation.
  • Antivirus software should be ‘Cluster-Aware’. Check with the Antivirus vendor if it is.

 

Here are few useful links:

 

Conclusion

Plan A – try not to run Antivirus on SQL Servers.

Plan B – when you have to, then make sure proper Antivirus Exclusions for SQL Server are added.

 

Agree? Disagree? Comment below.

 

 

Share this post

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email