Article ID: 309422 - View products that this article applies to.
This article was previously published under Q309422
This article contains general guidelines to help you decide which kind of antivirus software to run on the computers that are running Microsoft SQL Server in your environment.
We strongly recommend that you individually assess the security risk for each computer that is running SQL Server in your environment and that you select the tools that are appropriate for the security risk level of each computer that is running SQL Server. Additionally, we recommend that before you roll out any virus-protection project, you test the whole system under a full load to measure any changes in stability and performance.
Virus protection software requires some system resources to execute. You must perform testing before and after you install your antivirus software to determine whether there is any performance effect on the computer that is running SQL Server.
Security risk factors
High-risk serversAny server is at some risk of infection. The highest risk servers generally meet one or more of the following criteria:
Virus tool types
Directories and file-name extensions to exclude from virus scanningWhen you configure your antivirus software settings, make sure that you exclude the following files or directories (as applicable) from virus scanning. Doing this improves the performance of the files and helps make sure that the files are not locked when the SQL Server service must use them. However, if these files become infected, your antivirus software cannot detect the infection.
Note For more information about the default file locations for SQL Server, refer to the "File Locations for Default and Named Instances of SQL Server" topic for your specific version of SQL Server in SQL Server Books Online.
SQL Server 2012
SQL Server 2008 R2
http://msdn.microsoft.com/en-us/library/ms143547(v=sql.105).aspxSQL Server 2008
http://msdn.microsoft.com/en-us/library/ms143547(SQL.100).aspxSQL Server 2005
Processes to exclude from virus scanningSQL Server 2012
SQL Server 2008 R2
Considerations for clusteringYou can run antivirus software on a SQL Server cluster. However, you must make sure that the antivirus software is a cluster-aware version. Contact your antivirus vendor about cluster-aware versions and interoperability.
If you are running antivirus software on a cluster, make sure that you also exclude these locations from virus scanning:
If you back up the database to a disk or if you back up the transaction log to a disk, you can exclude the backup files from the virus scanning.
To find general information about SQL Server security, visit the following topics in SQL Server Books Online:
Securing SQL ServerTo find general information about SQL Server security, visit the following Microsoft website. (This information includes best practices, various security models, and security bulletins.)
Security Checklists for the Database Engine
http://www.microsoft.com/sql/technologies/security/default.mspxFor more information about additional antivirus considerations on a cluster, click the following article number to view the article in the Microsoft Knowledge Base:
250355For general recommendations from Microsoft for scanning on Enterprise systems, click the following article number to view the article in the Microsoft Knowledge Base:
(https://support.microsoft.com/kb/250355/ )Antivirus software may cause problems with Cluster services
(http://support.microsoft.com/kb/822158)Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows
For information about third-party detours or similar techniques in SQL Server, click the following article number to view the article in the Microsoft Knowledge Base:
(https://support.microsoft.com/kb/920925/ )The use of third-party detours or similar techniques is not supported in SQL Server
Article ID: 309422 - Last Review: October 9, 2013 - Revision: 23.0