Recommended list of antivirus exclusions for SQL Server when used for Enterprise Vault, Compliance Accelerator and Discovery Accelerator

Article: 100007613
Last Published: 2017-12-06
Ratings: 2 0
Product(s): Enterprise Vault

Problem

The purpose of this document is to provide a list of recommended antivirus exclusions for SQL Server in order to maintain Enterprise Vault, Compliance Accelerator and Discovery Accelerator data integrity. Configuring the following antivirus exclusions verifies any files required by SQL are not locked or modified by antivirus software when they are needed. Overall SQL Server performance may also be improved by implementing the following antivirus exclusions, especially when using Discovery Accelerator Analytics. These guidelines apply to both Real-Time and On-Demand antivirus scanning.

It is important to reach a balance between a secure server antivirus configuration that does not cause reliability issues and performance degradation; therefore, it is highly recommended that any SQL Server antivirus exclusions be tested in a test environment while subjected to the maximum load expected in a production environment.

For information on the recommended list of antivirus exclusions for Enterprise Vault reference 
100017720

Solution

Important: The locations listed below are based on a default installation of SQL. If the SQL installation paths have been customized, be sure to adjust the antivirus exclusion locations accordingly.

SQL Server Data Files
These files contain the data in the Databases and typically have the following extensions:
.mdf - Primary Data filegroups.
.ndf - Secondary Data filegroups.
.ldf - Transaction Log filegroups.

SQL Server Backup Files
These files contain the backup files and typically have the following extensions:
.bak - Database backup files.
.trn - Transaction Log backup files.

Full-Text Catalog Files
This is the FTData folder in the SQL Server installation path, located by default at \Program Files\Microsoft SQL Server\MSSQLX.X\MSSQL\FTData on the SQL Server installation drive. (Check each MSSQLX.X folder, there will be multiple FTData folders which need to be excluded from antivirus scanning)

Analysis Services Data
Note: If Analysis Services are not configured, the OLAP folder will not be present.
These locations contain the Analysis data files, Analytics temporary files, Analysis Log files and Analysis backup files. The default locations for these files on the SQL Server installation drive are:
\Program Files\Microsoft SQL Server\MSASX.X\OLAP\Data - Analysis data and temporary files.
\Program Files\Microsoft SQL Server\MSASX.X\OLAP\Backup - Analysis backup files.
\Program Files\Microsoft SQL Server\MSASX.X\OLAP\Log - Analysis Log files.

SQL Profiler Trace Files
These files contain any SQL Profiler Trace log files and can be contained in any folder as specified by a user when running a SQL Profiler Trace. These files usually have the following extensions:
.trc

Extended Events files
These files contain any Extended Events Trace log files and can be contained in any folder as specified by a user when running an Extended Events Trace. These files usually have the following extensions:
.xel

Special Considerations For SQL Server Clustering
If running antivirus on a SQL Cluster, be sure to select an antivirus application that is cluster-aware. The following locations should be excluded from scanning:
- Q:\ (the Quorum drive).
- C:\Windows\Cluster.

Special Considerations for the Accelerator Databases
If running Compliance Accelerator (CA) and/or Discovery Accelerator (DA), be sure to exclude the Database and Transaction Log files for these products. DA version 8.0 and higher also has additional files required for Analytics. The following files must be excluded from antivirus scanning:
- Configuration Database and Transaction Log files:
These can be determined by reviewing the AcceleratorManager.exe.config file, usually located in the \Program Files\Enterprise Vault Business Accelerator\ folder, in Notepad and checking the Database name listed in the 'Initial Catalog' section in the following line:
    <add key="DSNConfiguration" value="server='sql_server_name';Integrated Security=true;Initial Catalog='configuration_database_name'
To find the Database and Transaction Log files locations for these Databases go to SQL Server Management Studio > expand Databases > right-click on the Configuration Database > Properties > Files. Check the 'Path' column and exclude the files listed in this screen.
- Customer (CA, DA) and Custodian (DA only) Database and Transaction Log files:
These can be determined by logging on to the CA and/or DA Server as the Vault Service Account (VSA) and opening the EVBAAdmin webpage, usually located at https://localhost/evbaadmin. Click on each Customer and view the Database name listed under Database Details > Database.
To find the Database and Transaction Log files locations for these Databases go to SQL Server Management Studio > expand Databases > right-click on the Configuration Database > Properties > Files. Check the 'Path' column and exclude the files listed in the 'File Name' column.
- DA Analytics files:
These can be determined by logging on to the DA Server as the VSA and opening the EVBAAdmin webpage, usually located at https://localhost/evbaadmin. Click on each DA Customer and note each Location entry under Database Locations For Analytics. The location will contain the .ndf files and DataFullTextIndexing folders/files associated with Analytics. Exclude each location listed, being sure to exclude all files and sub-folders under the location.

For more information on SQL Server antivirus exclusions please see the following articles:
- Guidelines for choosing antivirus software to run on the computers that are running SQL Server:
https://support.microsoft.com/kb/309422
- 10 Ways to Optimize SQL Server Full-text Indexing:
https://msdn.microsoft.com/en-us/library/aa175787%28v=sql.80%29.aspx

Was this content helpful?