December 1, 2013 at 6:53 am
All, I'm having an issue where my current antivirus vendor is having issues when scanning my larger sql server machines. These are servers with large amounts of memory 256 GB with >115 GB in use. It appears that when the scan begins to scan the memory, prior to scanning the files, it chokes when it sees all of that memory in use. This causes significant resource contention including timeouts when connecting to SQL Server. We've already contacted the vendor for an enhancement request, but it seems they are unlikely to act on it quickly.
Is anyone else out there running machines with large amounts of memory with large amounts in use and running antivirus. If so what are you running and how is it performing for you? I'm about to deploy machines with even more memory and I'm concerned this issue will continue, and I'm looking for other alternatives. Local policies state I need to have AV installed and scanning daily (so uninstalling isn't an option), I'm just looking for one that will work with my current systems.
Thanks,
-Luke.
December 1, 2013 at 8:38 am
Hi,
in our environment we have excluded mdf,ldf,ndf files from antivirus scanning.
December 1, 2013 at 9:44 am
December 1, 2013 at 5:54 pm
I don't have an answer right now but I have a friend that works with servers that half a half TByte and more. I know he's running some form of AV on them. I'll try to remember to ask him tomorrow.
--Jeff Moden
Change is inevitable... Change for the better is not.
December 1, 2013 at 6:18 pm
December 2, 2013 at 3:36 am
We use A/V on our servers and a lot of our production SQL Servers have anything from 256GB to 1TB of memory. As well as setting the file exclusions as stated above, we also configured the A/V not to scan the sqlserver.exe service/process or any spawned child processes, and that seems to work fine.
December 2, 2013 at 4:54 am
I believe the SQLSERVER.exe process is excluded as well. I'm uncertain if we have the option to exclude all spawned processes, but I'll check.
Can you tell me which AV you are using? If you would rather not post it publicly please send me a private message.
Thanks,
-Luke.
December 2, 2013 at 8:14 am
McAfee Enterprise runs fine on our servers.
512 GB of RAM
We use the exclusions mentioned above and do not have contention with the memory scan.
Steve
December 2, 2013 at 11:10 am
Luke L (12/1/2013)
Thanks Jeff! We're looking at upgrading to systems in that neighborhood and want to get this resolved prior to putting them into production.Luke.
Wow! I talked with that DBA (he has literally dozens of multi-terrabyte databases on his servers and, as I said before, a half Tbyte of memory or more on those servers) and he doesn't run any form of anti-virus on them. I didn't have the time to talk with him at any great length about it but he said that he's not concerned because he's taken care of that problem in some other fashion.
--Jeff Moden
Change is inevitable... Change for the better is not.
December 2, 2013 at 1:18 pm
December 4, 2013 at 4:08 am
For PCI DSS purposes we had to run A/V on SQL Servers, but with it configured in such a way with the exclusions on them, it never caused any performance issues.
December 4, 2013 at 7:20 am
Luke L (12/2/2013)
Jeff thanks for checking into it. I'm curious how he handles that problem in other ways.
Me too! I hoping that he doesn't somehow think that he's simply made his server secure enough to not need it. My feeling even if it's a stand alone machine that's not attached to any network (when's the last time you saw an SQL Server in THAT configuration?), you at least need to check any CD's or DVD's that you may use on the server for upgrades, etc.
--Jeff Moden
Change is inevitable... Change for the better is not.
December 5, 2013 at 9:08 am
Jeff Moden (12/2/2013)
Wow! I talked with that DBA ... and he doesn't run any form of anti-virus on them. I didn't have the time to talk with him at any great length about it but he said that he's not concerned because he's taken care of that problem in some other fashion.
He's crazy?
FYI, I feel like a piker, but I do know that Sophos works fine on a quarter-terabyte of RAM and with realtime scanning with the usual mdf, ndf, ldf, bak, trn, etc. etc. exclusions for data files, log files, and backup files.
I would NOT ever exclude an executable, including sqlserver.exe - what if sqlserver.exe gets infected? What if some does
copy StealingYourData.exe sqlserver.exe
sqlserver.exe is also so small it shouldn't matter - it can be scanned whenever.
Viewing 13 posts - 1 through 12 (of 12 total)
You must be logged in to reply to this topic. Login to reply