[Company Logo Image] 

Home Up Contents Coffee Break Credits Glossary Links Search

 Configuring Antivirus for MSSQL servers
 

 

 

Home
Analysis Services
Azure
CLR Integration
High Availability
Open Source
SQL Server 2008
SQL Server 2012
SQL Server 2014
Tips
Troubleshooting
Tuning

Configuring Antivirus Software for Protecting Microsoft SQL Server Servers


Applies: Microsoft SQL Server 7.0, Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2008, Windows NT Server 4, Windows 2000 Server, Windows Server 2003.


Antivirus activity can cause performance degradation and data corruption. The following are some of the possible issues:

Antivirus activity SQL Server file system can potentially cause high disk utilization.

High CPU spikes or high CPU usage.

On clustering environments, you may experience resource failures or problems when you try to move a group to a different node.

Access denied to SQL Server files.

Originate stop errors on Windows Server.

 

Exclusions from virus scanning.


Exclude the following files: Edb*.log, Res1.log, Res2.log, Edb.chk, Tmp.edb, pagefile.sys (Windows paging file)

Exclude the spool directory (%systemroot%\System32\Spool) and subfolders, if they exist.

Exclude folder related to Windows Update (%systemroot%\SoftwareDistribution\Datastore) and subfolders.

Exclude SQL Server directories: \Program Files\Microsoft SQL Server\

Exclude the following file extensions from virus scanning activity: *.mdf, *.ldf, *.ndf

Exclude database backup and transaction log backup files.
 

Additional exclusions on clusters:


Exclude the quorum drive
Exclude the \MSDTC directory in the MSDTC share drive
Exclude the %Systemroot%\Cluster directory
The temp folder for the Cluster Service account



Known issues with antivirus software.


1) Antivirus software that is not cluster-aware may cause problems with Cluster Services
 

2) Cannot start SQL Server Profiler due to a DDL added by Symantec Protection Agent 5.1

3) Cannot start SQL Server Profiler after installing Symantec Endpoint Protection 11.

4) Compatibility issue with SQL Server Profiler tool.

5) Symantec Endpoint Protection Manager query to SQL database is causing a very high CPU spike. Fix ID: 1460880. Fix ID: 1533966.

6) Symantec Endpoint Protection Manager query to SQL database is causing a very high CPU spike. Fix ID: 1460880.

7) Performance loss reported with Microsoft SQL and VirusScan Enterprise.

8) Delays on accessing SQL databases after installing VirusScan Enterprise.

9) Access denied to files sometimes (McAfee).



References.


Antivirus software that is not cluster-aware may cause problems with Cluster Services

Guidelines for choosing antivirus software to run on the computers that are running SQL Server

Windows, SQL Server and the Antivirus don't go well?

Virus scanning recommendations for computers that are running Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows 2000, Windows XP, or Windows Vista

McaFee File System Filter Driver may cause STOP Error on Windows Server 2003

 


 

 

.Send mail to webmaster@sqlcoffee.com with questions or comments about this web site.