?
Solved

AV for MSSQL

Posted on 2014-11-26
2
Medium Priority
?
83 Views
Last Modified: 2014-12-03
I have seen a few articles about aligning the configuration of your servers anti virus with microsofts recommendations, namely MS recommend excluding certain paths and file types from you scanning process. Out of interest, what is the risk if you don't exempt such directories, what could go wrong? what file types and paths do you exclude?
0
Comment
Question by:pma111
2 Comments
 
LVL 53

Accepted Solution

by:
Vitor Montalvão earned 1000 total points
ID: 40466695
Follow the Microsoft recommendations in 100%. The risk is the AV performing a full scan in a file that your application needs and would create locks. I saw that happening few times and trust me, isn't good to see hundreds of blocking processes and unhappy clients. It can also throw the CPU usage to 100% and that's no good either.
0
 
LVL 10

Assisted Solution

by:PadawanDBA
PadawanDBA earned 1000 total points
ID: 40466784
So most of the proverbs around anti-virus on SQL servers revolve around performance.  One of the jobs of a DBA (especially ops DBAs) is to ensure that data access is provided with the lowest possible latency to satisfy business needs.  The impact of anti-virus on SQL Server is mostly performance.  To optimize performance you go without it - there really shouldn't be much in the way of an attack surface area on your SQL Servers, it should be abstracted from direct access via an application layer that controls public data access and you shouldn't be installing much/anything else beyond SQL Server on it.  That said, security-minded folks will skewer you alive for such statements and in some companies it may not be possible to go without anti-virus.  That said, you have to make the best of whatever world you live in.  That means optimizing anti-virus applications to have as minimal a footprint on the core performance-driving aspects of SQL Server.  I would propose that the driver is mainly performance.  As to what file types/paths do you exclude, this is a pretty exhaustive list: http://blogs.technet.com/technet_blog_images/b/sql_server_sizing_ha_and_performance_hints/archive/2014/01/16/sql-server-and-anti-virus-best-practices-recommendations-for-exlusion-lists-for-anti-virus-scanner.aspx
0

Featured Post

Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This shares a stored procedure to retrieve permissions for a given user on the current database or across all databases on a server.
MSSQL DB-maintenance also needs implementation of multiple activities. However, unprecedented errors can hamper the database management. In that case, deploying Stellar SQL Database Toolkit ensures fast and accurate database and backup repair as wel…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
SQL Database Recovery Software repairs the MDF & NDF Files, corrupted due to hardware related issues or software related errors. Provides preview of recovered database objects and allows saving in either MSSQL, CSV, HTML or XLS format. Ensures recov…

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question