antivirus protection

How can an Antivirus program affect your Database Performance

by Alon Vodovoz | June 12, 2017

antivirus protection

Protecting your server with an antivirus is a must, but unfortunately it will simultaneously slow your database and application down.
We’re not here to ask you to stay without an antivirus, since that would be irresponsible. We will overview how an antivirus scans your server and what you should reconsider to exclude in those scans.

“Note: Before you start excluding anything, you need to keep in mind that changing any default security settings could be risky, and you should consult with your IT specialist.”

An antivirus has several scan options:

  • Scheduled full disk scans.
    It is best practice to perform full disk scans on your server every week.
    You should find the time slot when your application is less used to schedule this scan.
  • Scan new/updates files like database and log files.
    An antivirus can scan any file created, updated or downloaded from the internet and it is important but scanning your database file will slow your application so you should consider excluding the database folder from your scan.

You should consider how to configure your antivirus scan in order to minimize its effects on your database and application performance.

The best practice is to exclude SQL Server’s following files and directories:

  • SQL Server data files
    • *.mdf
    • *.ldf
    • *.ndf
  • SQL Server backup files
    • *.bak
    • *.trn
  • Full-Text catalog files
    • Default instance: Program Files\Microsoft SQL Server\MSSQL\FTDATA
    • Named instance: Program Files\Microsoft SQL Server\MSSQL$instancename\FTDATA
  • Trace files
    • *.trc – these files can be generated either when you configure profiler tracing manually or when you enable C2 auditing for the server.
  • SQL audit files (for SQL Server 2008 or later versions)
    • *.sqlaudit
  • SQL query files
    • *.sql

Since scan definition of an antivirus is part of the IT security policies, this definition can be changed once in a while.

In Order to catch database affected by Antivirus scans in real-time you need to monitor your entire database environment (Database and Operation System).