May
25
2017

Antivirus Exclusion List for SQL Server

After struggling a lot and working with vendor, identified list of exclusions for SQL Server related to Anti Virus Software (McAfee, Symantec, etc.), the details can be found in this link, last one is important as it impacts performance.

 

https://support.microsoft.com/en-us/help/309422/how-to-choose-antivirus-software-to-run-on-computers-that-are-running-sql-server

 

Directories and file-name extensions to exclude from virus scanning

When you configure your antivirus software settings, make sure that you exclude the following files or directories (as applicable) from virus scanning. Doing this improves the performance of the files and helps make sure that the files are not locked when the SQL Server service must use them. However, if these files become infected, your antivirus software cannot detect the infection.

 

The official exceptions in the KB are:
– SQL Server data files (*.mdf, *.ldf, *.ndf)
– Backup files (*.trn, *.tuf, *.bak usually)
– Full text catalog files. This is the FTData folder in SQL Server
– The directory that holds Analysis Services data
– Trace files (*.trc. *.xel)

– Audit Files (These files have the .sqlaudit file-name extension)

– TSQL Files (.sql file extension)

Processes to exclude from virus scanning

  • %ProgramFiles%\Microsoft SQL Server\MSSQL11.<Instance Name>\MSSQL\Binn\SQLServr.exe
  • %ProgramFiles%\Microsoft SQL Server\MSRS11.<Instance Name>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
  • %ProgramFiles%\Microsoft SQL Server\MSAS11.<Instance Name>\OLAP\Bin\MSMDSrv.exe

 

If you are running antivirus software on a cluster, make sure that you also exclude these locations from virus scanning:

  • Q:\ (Quorum drive)
  • C:\Windows\Cluster

If you back up the database to a disk or if you back up the transaction log to a disk, you can exclude the backup files from the virus scanning.

 

Especially for MSDTC (if used extensively): https://msdn.microsoft.com/en-us/library/cc615012(v=bts.10).aspx

 

MOST IMPORTANT: Detours or similar techniques may cause unexpected behaviors with SQL Server

 

Refer to https://support.microsoft.com/en-us/help/920925/detours-or-similar-techniques-may-cause-unexpected-behaviors-with-sql-server

 

Antivirus programs that track SQL injection attacks can detour SQL Server code. In this scenario, the output of the !for_each_module “!chkimg -v @#Base -d” extension may show that the SQL Server functions yyparse and ex_raise2 are modified:

 

It is recommended to contact the provider of the detours or similar techniques for detailed information about how it uses the detours in SQL Server. Microsoft does not warrant or certify these third-party products or how the third-party products interact with Microsoft products and services. Instead, third-party vendors are responsible for the identification and trustworthiness of their products and services.

 

To identify is any third party module is loading its DLL’s in the SQL Server address space, please use (sys.dm_os_loaded_modules) to see if DLL is loaded in the process of SQL Server.exe and verify with the vendor.

 

select product_version,
language, description, name from
sys.dm_os_loaded_modules

where company not
like
‘Microsoft Corporation’

 


 

Hope this helps!

 

References:

https://blogs.technet.microsoft.com/jeff_stokes/2010/05/28/anti-virus-exclusions-and-you/

https://social.technet.microsoft.com/wiki/contents/articles/953.microsoft-anti-virus-exclusion-list.aspx

https://community.mcafee.com/thread/4438?start=40&tstart=0

 

Only for SQL Server:

https://support.microsoft.com/en-us/help/309422/how-to-choose-antivirus-software-to-run-on-computers-that-are-running-sql-server

 

Biz talk and MSDTC AV exclusion:

https://msdn.microsoft.com/en-us/library/cc615012(v=bts.10).aspx

Download PDF

About the Author: Nitin G

Indian born, trekker, biker, photographer, lover of monsoons. I've been working full time with SQL Server since year 2005 and blogs to post the content aquired during my research on new topics or fixing issues faced by me as a DBA while working in different kind of projects, hope some of my posts may helps others in SQLDBA community. Everything you read on my blog is my own personal opinion and any code is provided "AS-IS" with no warranties!

Leave a comment

Subscribe to this blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 34 other subscribers

Translate this blog!

EnglishFrenchGermanItalianPortugueseRussianSpanish

Calender

December 2017
M T W T F S S
« Nov    
 123
45678910
11121314151617
18192021222324
25262728293031

View Post by Categories

%d bloggers like this: