29 February,2016 by Tom Collins
AntiVirus software on servers supporting SQL Server can be a double edged sword. On the one hand the corporate security policy may state all servers require antivirus to protect from downloads that may have a negative on the server. On the other hand an antivirus not implemented optimally could bring the server to a halt.
This problem could be further compounded if you have multiple VMs on a single host. If all the VMs are hosted on a single host than I’ve seen some serious impact on servers.
What can you do about this situation as a DBA?
2. Follow the corporate security policy and negotiate Virus scan exclusions for SQL Server
This tends to be the most likely situation to successfully negotiate with the security team. The security team can satisfy the corporate requirement and the DBA can at least not have the database files scanned
3. Negotiate to have antivirus uninstalled. This tends to be the trickiest option. It will require convincing security departments and acknowledging there are some risks. If you want to go down this route there are some convincing arguments:
a) Installing AntiVirus software increase the system attack surface. Not only do you have the OS and applicatication vulnerabilities but you have the added vulnerability of the antivirus software
b) Decreased system performance .
In the final analysis it comes down to finding the right balance between maintaining security and common sense. A very tightly applied security standard, including no browsing and security audits normally takes care of most issues. But antivirus gives you the extra protection
SQL Server – SAN and anti virus - SQL Server DBA
Virus scan exclusions for SQL Server
SQL Server Performance Checklist
This is only a preview. Your comment has not yet been posted.
As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.
Having trouble reading this image? View an alternate.
Posted by: |