MS SQL Server and Anti-Virus software

According Suhas’ (former Microsoft employee) blog http://blogs.msdn.com/b/suhde/archive/2009/04/08/introduction-to-database-corruption-in-sql-server.aspx “antivirus, that have the ability to take Kernel Level Handle on files, are also known to cause database corruption issues. In case you have Antivirus Installed on the system, please ensure that you exclude the SQL Server Database Files from Antivirus scans”.

You can also refer to Guidelines for choosing antivirus software to run on the computers that are running SQL Server.

 

Antivirus activity can cause your SQL Server performance degradation and data corruption. The following are some of the possible issues:

  • Antivirus activity on SQL Server file system can potentially cause high disk utilization
  • It can cause high CPU spikes or high CPU usage
  • On clustering environments, you may experience resource failures or problems when you try to move a group to a different node
  • Access denied to a certain SQL Server files as they been locked during the scan/monitor operation
  • It may originate stop errors on Windows Server

 

So what I do for the anti-virus to live in sync with SQL Server? 

When I install new SQL Server in our Melbourne office I always make sure to exclude all of the paths listed below from any type of scans or real-time monitoring

 

  1. Binaries. The paths to the actual executables for any of your running SQL Server Services (MSSQL, SQL Server Agent, SSAS, etc). These are found, by default, in the C:\Program Files\Microsoft SQL Server folder – though this could easily be a different path on many production machines. (note make sure that C:\Program Files (x86)\Microsoft SQL Server is included in any exclusions as well on x64 machines).
  2. SQL Server Error Logs. That is not database log files, but the text files that SQL Server uses to keep its own ‘event logs’ running or up-to-date.
  3. Data And Log Files. Actual .mdf, .ndf, and .ldf files – or the locations of data files and log files. Creation of new databases, file-growth operations, and other database operations can get blocked by anti-virus operations if you don’t exclude these files from anti-virus monitors
  4. Backups. Anti-virus doesn’t need to monitor all SQL server backup, so exclude those path locations from monitoring.

 

For the full list refer to the following AntiVirus exclusions list in PDf I compiled.

However as everything in IT world there is no one solution for various scenarios. If your SQL Server is running on a web server that is accessible from the Internet, then the anti-virus software need to be installed. Resource contention needs to be overcome by getting bigger and better hardware or optimising the current one to N-degree.

And don’t forget the Windows and SQL Server patching especially for critical security updates may help you avoid any security breach including viruses and mail ware.

Leave a Reply

Your email address will not be published. Required fields are marked *