Guidelines for choosing antivirus software to run on the computers that are running SQL Server | SansSQL

Wednesday, August 29, 2012

Guidelines for choosing antivirus software to run on the computers that are running SQL Server

These are the very general guidelines to help you decide which kind of antivirus software to run on the computers that are running Microsoft SQL Server and I personally recommend to perform some testing before and after the installation of antivirus to determine if there are any performance issues as the antivirus software will utilize some system resources to perform their duties.

To drill own, basically there are two kinds of servers, one is High Risk Servers which are generally exposed to public internet or which have open ports to the servers that are not behind firewall or which hosts file shares or HTTP services like IIS or Apache.
And the servers which do not meet the above criteria of High Risk servers will fall under the category of Low Risk Server although not always.

When you configure antivirus software on a server running SQL Server, make sure to exclude the following

File Extensions and Directories

  • SQL Server database files
    • .mdf
    • .ndf
    • .ldf
  • SQL Server backup files
    • .bak
    • .trn
  • Full-Text catalog files
    • Default instance: Program Files\Microsoft SQL Server\MSSQL\FTDATA
    • Named instance: Program Files\Microsoft SQL Server\MSSQL$instancename\FTDATA
  • Trace Files
    • .trc
  • Audit files
    • .sqlaudit
  • Query files
    • .sql
  • Directory that holds Analysis Services Data and Temporary files
  • Directory that holds Analysis Services Log files
  • Analysis Services backup files

Processes

  • SQLServr.exe - Process related to SQL Server Database engine
  • ReportingServicesService.exe  - Process related to SQL Server Reporting Services
  • MSMDSrv.exe  - Process related to SQL Server Analysis Services
We can also run antivirus software on a SQL Server cluster. For this we have make sure that the antivirus software we choose supports cluster. 
When running antivirus on cluster make sure to exclude 
  • Q:\ (Quorum drive)
  • C:\Windows\Cluster
Doing this improves the performance of the files and helps make sure that the files are not locked when the SQL Server service must use them. However, if these files become infected, the antivirus software cannot detect the infection. So if you suspect a virus infection then you have to scan the entire system without any exclusions.

No comments:

Post a Comment