Solved

AV for MSSQL

Posted on 2014-11-26
2
76 Views
Last Modified: 2014-12-03
I have seen a few articles about aligning the configuration of your servers anti virus with microsofts recommendations, namely MS recommend excluding certain paths and file types from you scanning process. Out of interest, what is the risk if you don't exempt such directories, what could go wrong? what file types and paths do you exclude?
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 50

Accepted Solution

by:
Vitor Montalvão earned 250 total points
ID: 40466695
Follow the Microsoft recommendations in 100%. The risk is the AV performing a full scan in a file that your application needs and would create locks. I saw that happening few times and trust me, isn't good to see hundreds of blocking processes and unhappy clients. It can also throw the CPU usage to 100% and that's no good either.
0
 
LVL 10

Assisted Solution

by:PadawanDBA
PadawanDBA earned 250 total points
ID: 40466784
So most of the proverbs around anti-virus on SQL servers revolve around performance.  One of the jobs of a DBA (especially ops DBAs) is to ensure that data access is provided with the lowest possible latency to satisfy business needs.  The impact of anti-virus on SQL Server is mostly performance.  To optimize performance you go without it - there really shouldn't be much in the way of an attack surface area on your SQL Servers, it should be abstracted from direct access via an application layer that controls public data access and you shouldn't be installing much/anything else beyond SQL Server on it.  That said, security-minded folks will skewer you alive for such statements and in some companies it may not be possible to go without anti-virus.  That said, you have to make the best of whatever world you live in.  That means optimizing anti-virus applications to have as minimal a footprint on the core performance-driving aspects of SQL Server.  I would propose that the driver is mainly performance.  As to what file types/paths do you exclude, this is a pretty exhaustive list: http://blogs.technet.com/technet_blog_images/b/sql_server_sizing_ha_and_performance_hints/archive/2014/01/16/sql-server-and-anti-virus-best-practices-recommendations-for-exlusion-lists-for-anti-virus-scanner.aspx
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Slowly Changing Dimension Transformation component in data task flow is very useful for us to manage and control how data changes in SSIS.
Ever needed a SQL 2008 Database replicated/mirrored/log shipped on another server but you can't take the downtime inflicted by initial snapshot or disconnect while T-logs are restored or mirror applied? You can use SQL Server Initialize from Backup…
Via a live example, show how to set up a backup for SQL Server using a Maintenance Plan and how to schedule the job into SQL Server Agent.
Using examples as well as descriptions, and references to Books Online, show the documentation available for datatypes, explain the available data types and show how data can be passed into and out of variables.

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question