Anti-virus is a devilish beast. If you don’t implement it, someone’s sure to log onto your SQL Server and download some free tool that puts you at risk as soon as you’re not looking. If you do implement it, sometimes it can make you crazy.
And often it’s not even up to you: you need to follow corporate policy.
Here’s what you should know if you’ve got an anti-virus tool on your SQL Server.
Set the right Anti-Virus folder, file, and process exclusions
Good news: you don’t have take my word on what types of files and directories your anti-virus software should exclude. Microsoft lays it all out for you in KB 309422
Special cases: Keep outta my Address space
If you use any of the following products, read KB 2033238, “Performance and consistency issues when certain modules are loaded into SQL Server address space”:
- McAfee VirusScan Enterprise
- McAfee Host Intrusion Prevention
- Sophos Antivirus
- PI OLEDB provider
Virtualization Guests need staggered schedules
Scheduling matters. VMware recommends that you set anti-virus scans to run at non-peak hours in your guests, and to set scheduling so that multiple guests don’t all fire up burn all their resources at the same time on a single hosts.
Need proof? See page 41 in the Performance Best Practices for VMware vSphere® 5.5 Guide.
Windows Failover Clusters
Check out KB 250355 for special steps for Failover Clusters. (Thanks, Gary, for pointing out this has a bit more info than KB 309422 mentioned above!)
If you’re Running Anti-Virus, Run it in Pre-Production, too
Anti-virus isn’t just for production servers. If you run into any problems, you want to be able to check for a repro outside of production, too, right?