Just Say No!

Most security administrators are eager beavers when it comes to deploying and running antivirus software on any computer they can get their hands on. This includes Microsoft Windows Servers running your SQL Server Database engine.

Do not let security administrators scan your database files and make your 2012 Dell xeon with eight cores perform like a 1996 Gateway Pentium 4 single core.

I have seen the results of antivirus software scanning the database files while I am trying to execute basic queries.

It is extremely painful.


With that said. Please make sure your security administrator is not scanning the following files.

*.mdf primary data files
*.ndf secondary data files
*.ldf log files
*.bak backup files
*.trn transaction files
*.trc trace files


Other important directories that should not be scanned are the following.

\backup default directory for backup files
\data default directory for data files
\log default directory for error, log, dump files
\ftdata default directory for full text index files
\repldata default directory for snapshot & replication data files
user defined ntfs share directory for filestream blobs


Most of these sub-directories are in the default installation path.

“C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL”.

Files are constantly being created or updated in theses directories. Allowing a antivirus program to run in these directories will effect the performance of your database.

Please see Brian Kelley’s article which adds the operating system page file to the list of do not scan.

“Just Say No!” to your security administrator when he wants to degrade the performance of your database server.

Related posts

Leave a Comment