Norton Antivirus Windows Server 2016
Janie Leverone
You may have antivirus software installed and running on a Hyper-V host. For optimal operation of Hyper-V and the running virtual machines, you should configure several exclusions and options. These configurations will help avoid issues, such as those that are described in the following article:
This article contains information that shows how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. These specific configuration changes should be made only on the following systems:
If you are using Windows Defender as an anti-malware solution on your server, you may not need to configure additional exclusions. For a list of Windows Defender automatic exclusions, see List of automatic exclusions.
We strongly recommend that you individually assess the security risk for each computer that's running SQL Server in your environment. Based on the assessment, you must select the appropriate tools for the security risk level of each computer that's running SQL Server.
Virus protection software requires system resources to execute. You must perform testing before and after you install your antivirus software to determine whether there's any adverse performance effects on the computer that's running SQL Server and on SQL Server itself.
Virus sweep software: Virus sweep software scans existing files for file infection. It detects issues after files are infected by a virus. This kind of scanning may cause the following SQL Server database recovery and SQL Server full-text catalog file issues:
If the virus sweep software has opened a database file when SQL Server tries to open the database, the database to which the file belongs might be marked as suspect. SQL Server opens a database when it starts or when a database with Auto-Close enabled was closed and is accessed again. SQL Server database files typically have .mdf, .ldf, or .ndf file name extensions.
Vulnerability scanning software: The Microsoft Security Compliance Toolkit includes a set of tools that enable enterprise administrators to perform a wide range of security tasks. These tasks include download, analyze, test, edit, store Microsoft-recommended security configuration baselines for Windows and other Microsoft products, and compare them against other security configurations. To download it, go to Microsoft Security Compliance Toolkit 1.0.
Microsoft also released the Windows Malicious Software Removal Tool to help remove specific, prevalent malicious software from computers. For more information about the Microsoft Windows Malicious Software Removal Tool, see Remove specific prevalent malware with Windows Malicious Software Removal Tool (KB890830).
Windows Server 2016 and later versions automatically enable Windows Defender. Make sure that Windows Defender is configured to exclude Filestream files. Failure to do this can result in decreased backup and restore operations performance. For more information, see Configure and validate exclusions for Windows Defender Antivirus scans.
Applications installed on a SQL Server computer can load modules into the SQL Server process (sqlservr.exe). The applications use this functionality to run business logic or for intrusion monitoring and protection. To detect if an unknown module or a module from third-party software was loaded into the process memory space, check the output of the sys.dm_os_loaded_modules Dynamic Management View (DMV).
In some cases, applications or drivers may be used to detour SQL Server or Windows code to provide malware protection or monitoring services. However, if such applications or drivers aren't designed correctly, they may cause a wide variety of issues for products like SQL Server. For information about third-party detours or similar techniques in SQL Server, see Detours or similar techniques may cause unexpected behaviors with SQL Server.
When you configure your antivirus software settings, make sure that you exclude the following files or directories (as applicable) from virus scanning. Exclusion may improve SQL Server performance and ensures that the files aren't locked when the SQL Server service must use them. However, if these files become infected, your antivirus software can't detect the infection. For more information about the default file locations for SQL Server, see File Locations for Default and Named Instances of SQL Server.
The memory dump files typically use the .mdmp file name extension. These are system-generated files, which are saved in the \LOG subfolder for that instance or in the folder that following registry key points to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\\CPE.For more information about memory dumps, see Use the Sqldumper.exe tool to generate a dump file in SQL Server.
xtp is a prefix used to indicate the association with In-memory OLTP. The placeholder represents either "t" for table or "p" for procedure. The placeholder refers to the database ID of the user database where the memory-optimized object is located. The placeholder indicates the object ID assigned to the memory-optimized object (either the table or the procedure).
The following table contains the Replication executables and server-side COM objects. DBCC CHECKDB creates temporary files for the duration of the DBCC command after which they get removed automatically.
The is a placeholder for version-specific information. To specify the correct value, check your installation or search for "Replication and server-side COM objects" in Specifying File Paths. For example, the full path for SQL Server 2022 would be :\Program Files\Microsoft SQL Server\160\COM\.
Starting with SQL Server 2017 CU22 (including SQL 2019 RTM and later versions), if you're using Transactional Replication and the Distribution Agent is using OLEDB streaming profile, or you're using the -UseOledbStreaming parameter, the Distribution Agent creates temporary files (*.lob) in the AppData folder of the account running the distribution agent where the job is being invoked. For example, C:\Users\\AppData\Temp\*.lob. For prior versions of SQL Server, the default COM folder (already listed) is used.
The default path for the snapshot files is \Microsoft SQL Server\MSSQL.MSSQLSERVER\MSSQL\ReplData. These files typically have file name extensions such as .sch, .idx, .bcp, .pre, .cft, .dri, .trg, or .prc.
The is a placeholder for the build ID. For example, a default Analysis Services 2016 instance binary installation location by default is C:\Program Files\Microsoft SQL Server\MSAS13.MSSQLSERVER\OLAP\bin.
When you configure your antivirus software settings, make sure that you exclude the following SSAS files or directories (as applicable) from virus scanning. Excluding the files improves SSAS performance and helps make sure that the files aren't locked when the SQL Server service must use them. However, if these files become infected, your antivirus software can't detect the infection.
For Analysis Services 2012 and later versions, temporary files during processing are specified by the TempDir property of the instance of Analysis Services. By default, this property is empty. When this property is empty, the default directory is used. The following table shows the Temp path by default.
In Analysis Services 2012 and later versions, the backup file location is the location that is specified by the BackupDir property. The following table shows the default backup path for the Analysis Service instance:
You can change this directory in the properties of the instance of Analysis Services. Any backup command can point to a different location also. Or, the backup files can be copied elsewhere for restore.
When you create the partitions, these locations are defined in the Storage location section of the Processing and Storage Locations page of the Partition Wizard. Be sure to exclude those from scanning.
When you configure your antivirus software settings, make sure that you exclude the following files or directories (as applicable) from virus scanning. This improves the performance of the files and helps make sure that the files aren't locked when the SSIS service must use them. However, if these files become infected, your antivirus software can't detect the infection.
When you configure your antivirus software settings, make sure that you exclude the following files or directories (as applicable) from virus scanning. This improves the performance of the files and helps make sure that the files aren't locked when the PolyBase service must use them. However, if these files become infected, your antivirus software can't detect the infection.
Antivirus programs use filter drivers to attach to the I/O path on a computer and scan the I/O packets for known virus patterns. In Windows, you can use the Fltmc utility to enumerate the filter drivers and the volumes they're configured to scan. The fltmc instances output may guide you through excluding volumes or folders from scanning.
Here's a sample output. You need the Allocated filter altitudes document to look up filter drivers by using the uniquely assigned altitude. For example, you may find that the altitude 328010 is in the 320000 - 329998: FSFilter Anti-Virus table in the document. Therefore, based on the table name in the document, you know that the WdFilter.sys driver is used by the antivirus program on your computer and that it's developed by Microsoft.
In the sample output, you may notice that the WdFilter.sys driver scans the X:\MSSQL15.SQL10\MSSQL\DATA folder, which appears to be a SQL Server data folder. This folder is a good candidate to be excluded from antivirus scanning.
When it comes to protecting your Windows Server 2019 from potential threats, one name stands out: Norton Antivirus. With its advanced security features and robust protection, it is the top choice for businesses and professionals alike. Did you know that Norton Antivirus for Windows Server 2019 blocks over 4 million cyber attacks every day? This staggering statistic showcases the power and effectiveness of Norton in safeguarding your valuable data and ensuring the smooth operation of your server.
64591212e2