cancel
Showing results for 
Search instead for 
Did you mean: 
sazzad
Level 7
Report Inappropriate Content
Message 1 of 4

VSE8.8.8 installation on SQL2012 Server

We are having active/active MSSQL2012 server (cluster) & planning to install VSE8.8.0 on them. I have checked the KB for exclusion & found nothing for MSSQL2012.

Can you please suggest something for us?

3 Replies
exbrit
Level 21
Report Inappropriate Content
Message 2 of 4

Re: VSE8.8.8 installation on SQL2012 Server

Moved to VirusScan Enterprise

---

Peter

Moderator

Re: VSE8.8.8 installation on SQL2012 Server

Hi ,


sazzad wrote:



We are having active/active MSSQL2012 server (cluster) & planning to install VSE8.8.0 on them. I have checked the KB for exclusion & found nothing for MSSQL2012.


Can you please suggest something for us?






Well, McAfee's Knowledge base article KB67211 doesn't specify support for SQL 2012:


URL=https://kc.mcafee.com/corporate/index?page=content&id=KB67211 wrote:



McAfee/Intel Security



Knowledge Center



Recommended exclusions for VirusScan Enterprise on Microsoft SQL Servers



Technical Articles ID:  KB67211


Last Modified:  2/26/2015



Environment



McAfee VirusScan Enterprise (VSE) 8.x



Microsoft Windows 2008 SQL Server


Microsoft Windows 2005 SQL server


Microsoft Windows 2003 SQL server


Microsoft Windows 2000 SQL server



For details of VSE 8.x supported environments, see KB51111.



Summary



Recommended exclusions for running VSE on a Microsoft SQL Server



CAUTION: Creating exclusions can introduce risks to an environment.



Before you proceed, see KB79589 for details on how to make On-Access Scanner


(real-time) exclusions more secure.



Solution



File Type Exclusions:



.MDF     SQL Server data files


.LDF     SQL Server data files


.NDF     SQL Server data files


.BAK     SQL Server backup files


.TRN     SQL Server backup files



Directory Exclusions:



\Program Files\Microsoft SQL Server\MSSQL$instancename\DATA\


    - Data files



\Program Files\Microsoft SQL Server\MSSQL$instancename\BACKUP\


    - Backup files



\Program Files\Microsoft SQL Server\MSSQL$instancename\FTDATA\


    - Full-text catalog files



\Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Data\


    - Folder that holds Analysis Services data


      Folder holding Analysis Services temporary files used during Analysis


    Services processing



\Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Backup\


    - Analysis Services backup files



\Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Log\


    - Folder holding Analysis Services log files



NOTE: Some of the these locations are configurable and you should exclude


those directories as well.




Considerations when clustering:



"Q:\" (Quorum drive)


"%SystemRoot%\Cluster\" folder



The temp folder for the Cluster Service account. Exclude the folder


    "%SystemDrive%\ClusterServiceAccount\Local Settings\Temp\"


from scanning for example.



IMPORTANT: When adding directories to be excluded in VSE, all directory names


must end with a backslash to distinguish them from file names.


For details, see KB50998.



Affected Products Configuration


VirusScan Enterprise 8.8


VirusScan Enterprise 8.7i



© 2003-2015 McAfee, Inc.






Not surprisingly, Microsoft's article (KB309422) is very similar, and includes support for SQL 2012.


URL=https://support.microsoft.com/en-us/kb/309422 wrote:



Microsoft



How to choose antivirus software to run on computers that are running SQL


Server



This article was previously published under Q309422



Summary



This article contains general guidelines to help you decide which kind of


antivirus software to run on the computers that are running Microsoft SQL


Server in your environment.



More information



We strongly recommend that you individually assess the security risk for each


computer that is running SQL Server in your environment and that you select the


tools that are appropriate for the security risk level of each computer that is


running SQL Server. Additionally, we recommend that before you roll out any


virus-protection project, you test the whole system under a full load to


measure any changes in stability and performance.



Virus protection software requires some system resources to execute. You must


perform testing before and after you install your antivirus software to


determine whether there is any performance effect on the computer that is


running SQL Server.



Security risk factors



+ The value to your business of the information that is stored on the


   computer.


+ The required security level for that information.


+ The cost of losing access to that information.


+ The risk of either virus or bad information propagating from that computer.



High-risk servers



Any server is at some risk of infection. The highest risk servers generally


meet one or more of the following criteria:



+ The servers are on the public Internet.


+ The servers have open ports to servers that are not behind a firewall.


+ The servers read or execute files from other servers.


+ The servers run HTTP servers, such as Internet Information Services (IIS) or


   Apache. (For example: SQL XML for SQL Server 2000.)


+ The servers are also hosting file shares.


+ The servers use SQL Mail or Database Mail to handle incoming or outgoing


   email messages.



Servers that do not meet the criteria for a high-risk server are generally at


a lower risk, although not always.



Virus tool types



+ Active virus scanning: This kind of scanning checks incoming and outgoing


   files for viruses.


+ Virus sweep software: Virus sweep software scans existing files for file


   infection. It detects files after they are infected with a virus. This kind


   of scanning may cause the following SQL Server database recovery and SQL


   Server full-text catalog file issues:


   + If the virus sweep has opened a database file and still has it open when


     SQL Server tries to open the database (such as when SQL Server starts or


     when SQL Server opens a database that AutoClose has closed), the database


     to which the file belongs might be marked as suspect. The SQL Server


     database files typically have the .mdf, .ldf, and .ndf file suffixes.



   + If the virus sweep software has a SQL Server full-text catalog file open


     when the Microsoft Search service (MSSearch) tries to access the file,


     you may have problems with the full text catalog.



+ Vulnerability scanning software: The Microsoft Security Tool Kit CD includes


   best practice guidelines, information about how to help secure your system,


   and service packs and updates that can protect your system against virus


   attacks. It also provides Microsoft tools to help you secure your systems


   and keep them secure. To download it, visit the following Microsoft


   website:



     http://www.microsoft.com/security/



+ Antispyware software: Spyware and unwanted software refers to software that


   performs certain tasks on your computer, typically without your consent.


   For more information about how to help protect the computer from spyware


   and unwanted software, visit the following Microsoft website:



     http://www.microsoft.com/protect/computer/spyware/default.mspx



   Additionally, Microsoft has released the Microsoft Windows Malicious


   Software Removal Tool to help remove specific, prevalent malicious software


   from computers that are running Windows Server 2003, Windows XP, or


   Microsoft Windows 2000. For more information about the Microsoft Windows


   Malicious Software Removal Tool, click the following article number to view


   the article in the Microsoft Knowledge Base:



     890830 ( https://support.microsoft.com/en-us/kb/890830 )



     The Microsoft Windows Malicious Software Removal Tool helps remove


     specific, prevalent malicious software from computers that are running


     Windows Vista, Windows Server 2003, Windows XP, or Windows 2000.



Directories and file-name extensions to exclude from virus scanning



When you configure your antivirus software settings, make sure that you


exclude the following files or directories (as applicable) from virus


scanning. Doing this improves the performance of the files and helps make sure


that the files are not locked when the SQL Server service must use them.


However, if these files become infected, your antivirus software cannot detect


the infection.



Note: For more information about the default file locations for SQL Server,


refer to the "File Locations for Default and Named Instances of SQL Server"


topic for your specific version of SQL Server in SQL Server Books Online.



SQL Server 2012


http://msdn.microsoft.com/en-us/library/ms143547(v=sql.110).aspx



SQL Server 2008 R2


http://msdn.microsoft.com/en-us/library/ms143547(v=sql.105).aspx



SQL Server 2008


http://msdn.microsoft.com/en-us/library/ms143547(SQL.100).aspx



SQL Server 2005


http://msdn.microsoft.com/en-us/library/ms143547(SQL.90).aspx



+ SQL Server data files



   These files usually have one of the following file-name extensions:


   + .mdf


   + .ldf


   + .ndf



+ SQL Server backup files



   These files frequently have one of the following file-name extensions:


   + .bak


   + .trn



+ Full-Text catalog files


   + Default instance:


     Program Files\Microsoft SQL Server\MSSQL\FTDATA



   + Named instance:


     Program Files\Microsoft SQL Server\MSSQL$instancename\FTDATA



+ Trace files


     These files usually have the .trc file-name extension. These files can be


     generated either when you configure profiler tracing manually or when you


     enable C2 auditing for the server.



+ SQL audit files (for SQL Server 2008 or later versions)


     These files have the .sqlaudit file-name extension. For more information,


     see the following topic in SQL Server Books Online:



       Audits (General Page)


       http://msdn.microsoft.com/en-us/library/cc280649.aspx



+ SQL query files


     These files typically have the .sql file-name extension and contain


     Transact-SQL statements.



+ The directory that holds Analysis Services data



   Note: The directory that holds all Analysis Services data is specified by


   the DataDir property of the instance of Analysis Services. By default, the


   path of this directory is



     C:\Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Data.



   If you use Analysis Services 2000, you can view and change the data


   directory by using Analysis Manager. To do this, follow these steps:


     1. In Analysis Manager, right-click the server, and then click


        Properties.



     2. In the Properties dialog box, click the General tab. The directory


        appears under Data folder.



+ The directory that holds Analysis Services temporary files that are used


   during Analysis Services processing



   Note: For Analysis Services 2005 and later versions, temporary files during


   processing are specified by the TempDir property of the instance of


   Analysis Services. By default, this property is empty. When this property


   is empty, the default directory is used. This directory is



     C:\Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Data.



   If you use Analysis Services 2000, you can view and change the directory


   that holds temporary files in Analysis Manager. To do this, follow these


   steps:


     1. In Analysis Manager, right-click the server, and then click


        Properties.



     2. In the Properties dialog box, click the General tab.



     3. On the General tab, notice the directory under Temporary file folder.



   Optionally, you can add a second temporary directory for Analysis Services


   2000 by using the TempDirectory2 registry entry. If you use this registry


   entry, consider excluding from virus scanning the directory to which this


   registry entry points. For more information about the TempDirecotry2


   registry entry, see the "TempDirectory2" section of the following Microsoft


   Developer Network (MSDN) website:



     http://msdn.microsoft.com/en-us/library/aa902654(SQL.80).aspx#sql2k_anservregsettings_topic52



+ Analysis Services backup files



   Note: By default, in Analysis Services 2005 and later versions, the backup


   file location is the location that is specified by the BackupDir property.


   By default, this directory is



     C:\Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Backup.



   You can change this directory in the properties of the instance of Analysis


   Services. Any backup command can point to a different location. Or, the


   backup files may be copied elsewhere.



+ The directory that holds Analysis Services log files



   Note: By default, in Analysis Services 2005 and later versions, the log


   file location is the location that is specified by the LogDir property. By


   default, this directory is



   C:\Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Log.



+ Directories for any Analysis Services 2005 and later-version partitions


   that are not stored in the default data directory



   Note: When you create the partitions, these locations are defined in the


   Storage location section of the Processing and Storage Locations page of


   the Partition Wizard.



+ Filestream data files (SQL 2008 and later versions)



+  Remote Blob Storage files (SQL 2008 and later versions)



+  The directory that holds Reporting Services temporary files and Logs


    (RSTempFiles and LogFiles)



Processes to exclude from virus scanning



SQL Server 2012


    %ProgramFiles%\Microsoft SQL Server\MSSQL11.<Instance Name>\MSSQL\Binn\SQLServr.exe


    %ProgramFiles%\Microsoft SQL Server\MSRS11.<Instance Name>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe


    %ProgramFiles%\Microsoft SQL Server\MSAS11.<Instance Name>\OLAP\Bin\MSMDSrv.exe



SQL Server 2008 R2


    %ProgramFiles%\Microsoft SQL Server\MSSQL10_50.<Instance Name>\MSSQL\Binn\SQLServr.exe


    %ProgramFiles%\Microsoft SQL Server\MSSQL10_50.<Instance Name>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe


    %ProgramFiles%\Microsoft SQL Server\MSSQL10_50.<Instance Name>\OLAP\Bin\MSMDSrv.exe



SQL Server 2008


    %ProgramFiles%\Microsoft SQL Server\MSSQL10.<Instance Name>\MSSQL\Binn\SQLServr.exe


    %ProgramFiles%\Microsoft SQL Server\MSSQL10.<Instance Name>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe


    %ProgramFiles%\Microsoft SQL Server\MSSQL10.<Instance Name>\OLAP\Bin\MSMDSrv.exe



SQL Server 2005


    %ProgramFiles%\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLServr.exe


    %ProgramFiles%\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\Bin\ReportingServicesService.exe


    %ProgramFiles%\Microsoft SQL Server\MSSQL.2\OLAP\Bin\MSMDSrv.exe



Considerations for clustering



You can run antivirus software on a SQL Server cluster. However, you must make


sure that the antivirus software is a cluster-aware version. Contact your


antivirus vendor about cluster-aware versions and interoperability.



If you are running antivirus software on a cluster, make sure that you also


exclude these locations from virus scanning:



+ Q:\ (Quorum drive)


+ C:\Windows\Cluster



If you back up the database to a disk or if you back up the transaction log to


a disk, you can exclude the backup files from the virus scanning.



References



To find general information about SQL Server security, visit the following


topics in SQL Server Books Online:



Securing SQL Server


http://msdn.microsoft.com/en-us/library/bb283235.aspx



Security Checklists for the Database Engine


http://msdn.microsoft.com/en-us/library/ff848778%28v=SQL.105%29.aspx



To find general information about SQL Server security, visit the following


Microsoft website. (This information includes best practices, various security


models, and security bulletins.)



http://www.microsoft.com/sql/technologies/security/default.mspx



For more information about additional antivirus considerations on a cluster,


click the following article number to view the article in the Microsoft



Knowledge Base:



  250355 Antivirus software may cause problems with Cluster services


  ( https://support.microsoft.com/en-us/kb/250355 )



For general recommendations from Microsoft for scanning on Enterprise systems,


click the following article number to view the article in the Microsoft



Knowledge Base:



  822158 Virus scanning recommendations for Enterprise computers that are


  running currently supported versions of Windows


  ( http://support.microsoft.com/kb/822158 )



For information about third-party detours or similar techniques in SQL Server,


click the following article number to view the article in the Microsoft



Knowledge Base:



  920925 The use of third-party detours or similar techniques is not supported


  in SQL Server


  ( https://support.microsoft.com/en-us/kb/920925 )



Properties



Article ID: 309422 - Last Review: 10/09/2013 09:01:00 - Revision: 23.0



Applies to


    Microsoft SQL Server 7.0 Standard Edition


    Microsoft SQL Server 2000 Developer Edition


    Microsoft SQL Server 2000 Enterprise Edition


    Microsoft SQL Server 2000 Personal Edition


    Microsoft SQL Server 2000 Standard Edition


    Microsoft SQL Server 2005 Standard Edition


    Microsoft SQL Server 2005 Developer Edition


    Microsoft SQL Server 2005 Enterprise Edition


    Microsoft SQL Server 2005 Express Edition


    Microsoft SQL Server 2005 Workgroup Edition


    Microsoft SQL Server 2008 Developer


    Microsoft SQL Server 2008 Enterprise


    Microsoft SQL Server 2008 Standard


    Microsoft SQL Server 2008 Web


    Microsoft SQL Server 2008 Workgroup


    Microsoft SQL Server 2008 R2 Standard


    Microsoft SQL Server 2008 R2 Developer


    Microsoft SQL Server 2008 R2 Enterprise


    Microsoft SQL Server 2008 R2 Web


    Microsoft SQL Server 2008 R2 Workgroup


    Microsoft SQL Server 2012 Developer


    Microsoft SQL Server 2012 Enterprise


    Microsoft SQL Server 2012 Standard


    Microsoft SQL Server 2012 Web



Keywords:



    kbsql2005cluster kbinfo KB309422


    Terms of use Privacy & cookies Trademarks © 2015 Microsoft






See the following for help on configuring High-Risk, Low-Risk, and Default Processes,

using Best Practices.

    PD22941, VSE 8.8 Product Guide:

    https://kc.mcafee.com/corporate/index?page=content&id=PD22941

    PD22940, VSE 8.8 Best Practices Guide:

    https://kc.mcafee.com/corporate/index?page=content&id=PD22940

    KB55139, Understanding High-Risk, Low-Risk, and Default processes

    configuration and usage:

    https://kc.mcafee.com/corporate/index?page=content&id=KB55139

Now, for SQL 2012, extrapolating from both and applying the High/Low Risk Processes, I would:

1) Assign to a Low Risk Process

    %ProgramFiles%\Microsoft SQL Server\MSSQL11.<Instance Name>\MSSQL\Binn\SQLServr.exe

    %ProgramFiles%\Microsoft SQL Server\MSRS11.<Instance Name>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe

    %ProgramFiles%\Microsoft SQL Server\MSAS11.<Instance Name>\OLAP\Bin\MSMDSrv.exe

Within this Low-Risk Process you could define the following exclusions:

2) Exclude Directories:

   %ProgramFiles%\Microsoft SQL Server\MSSQL$instancename\DATA\

   %ProgramFiles%\Microsoft SQL Server\MSSQL$instancename\BACKUP\

   %ProgramFiles%\Microsoft SQL Server\MSSQL$instancename\FTDATA\

   %ProgramFiles%\Microsoft SQL Server\MSSQL11\OLAP\Data\

   %ProgramFiles%\Microsoft SQL Server\MSSQL11\OLAP\Backup\

   %ProgramFiles%\Microsoft SQL Server\MSSQL11\OLAP\Log\

   %ProgramFiles%\Microsoft SQL Server\MSSQL.X\OLAP\Data\

   %ProgramFiles%\Microsoft SQL Server\MSSQL.X\OLAP\Backup\

   %ProgramFiles%\Microsoft SQL Server\MSSQL.X\OLAP\Log\

   A more generic set of exclusions might look like this:

   %ProgramFiles%\Microsoft SQL Server\**\DATA\

   %ProgramFiles%\Microsoft SQL Server\**\BACKUP\

   %ProgramFiles%\Microsoft SQL Server\**\FTDATA\

   %ProgramFiles%\Microsoft SQL Server\**\Log\

   This will include more 'exclusions' than the examples above, but avoids having to adjust for version specific SQL directories

   and for every new Instance Name added.

If MS SQL has been installed in another directory, adjust the exclusions accordingly. Verify that these directories actually exist.

3) Exclude Extensions

   .MDF     SQL Server data files

   .LDF     SQL Server data files

   .NDF     SQL Server data files

   .BAK     SQL Server backup files (or .BAC, or whatever backup file extension you use)

   .TRN     SQL Server backup files

4) Exclude Clustering:

   Q:\ (Quorum drive)

   %SystemRoot%\Cluster\

   %SystemDrive%\ClusterServiceAccount\Local Settings\Temp\

This should be a good starting point. Review everything.

Hope this helps. and post back with additional questions or what worked for you.

Ron Metzger

sazzad
Level 7
Report Inappropriate Content
Message 4 of 4

Re: VSE8.8.8 installation on SQL2012 Server

Thanks for everything!

I will execute as described & keep you updated!