3 Replies Latest reply on Sep 23, 2015 2:56 AM by sazzad

    VSE8.8.8 installation on SQL2012 Server

    sazzad

      We are having active/active MSSQL2012 server (cluster) & planning to install VSE8.8.0 on them. I have checked the KB for exclusion & found nothing for MSSQL2012.

      Can you please suggest something for us?

        • 1. Re: VSE8.8.8 installation on SQL2012 Server
          exbrit

          Moved to VirusScan Enterprise

          ---

          Peter

          Moderator

          • 2. Re: VSE8.8.8 installation on SQL2012 Server
            rmetzger

            Hi sazzad,

            sazzad wrote:

             

            We are having active/active MSSQL2012 server (cluster) & planning to install VSE8.8.0 on them. I have checked the KB for exclusion & found nothing for MSSQL2012.

            Can you please suggest something for us?

            Well, McAfee's Knowledge base article KB67211 doesn't specify support for SQL 2012:

            URL=https://kc.mcafee.com/corporate/index?page=content&id=KB67211 wrote:

             

            McAfee/Intel Security

             

            Knowledge Center

             

            Recommended exclusions for VirusScan Enterprise on Microsoft SQL Servers

             

            Technical Articles ID:  KB67211

            Last Modified:  2/26/2015

             

            Environment

             

            McAfee VirusScan Enterprise (VSE) 8.x

             

            Microsoft Windows 2008 SQL Server

            Microsoft Windows 2005 SQL server

            Microsoft Windows 2003 SQL server

            Microsoft Windows 2000 SQL server

             

            For details of VSE 8.x supported environments, see KB51111.

             

            Summary

             

            Recommended exclusions for running VSE on a Microsoft SQL Server

             

            CAUTION: Creating exclusions can introduce risks to an environment.

             

            Before you proceed, see KB79589 for details on how to make On-Access Scanner

            (real-time) exclusions more secure.

             

            Solution

             

            File Type Exclusions:

             

            .MDF     SQL Server data files

            .LDF     SQL Server data files

            .NDF     SQL Server data files

            .BAK     SQL Server backup files

            .TRN     SQL Server backup files

             

            Directory Exclusions:

             

            \Program Files\Microsoft SQL Server\MSSQL$instancename\DATA\

                - Data files

             

            \Program Files\Microsoft SQL Server\MSSQL$instancename\BACKUP\

                - Backup files

             

            \Program Files\Microsoft SQL Server\MSSQL$instancename\FTDATA\

                - Full-text catalog files

             

            \Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Data\

                - Folder that holds Analysis Services data

                  Folder holding Analysis Services temporary files used during Analysis

                Services processing

             

            \Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Backup\

                - Analysis Services backup files

             

            \Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Log\

                - Folder holding Analysis Services log files

             

            NOTE: Some of the these locations are configurable and you should exclude

            those directories as well.

             

             

            Considerations when clustering:

             

            "Q:\" (Quorum drive)

            "%SystemRoot%\Cluster\" folder

             

            The temp folder for the Cluster Service account. Exclude the folder

                "%SystemDrive%\ClusterServiceAccount\Local Settings\Temp\"

            from scanning for example.

             

            IMPORTANT: When adding directories to be excluded in VSE, all directory names

            must end with a backslash to distinguish them from file names.

            For details, see KB50998.

             

            Affected Products Configuration

            VirusScan Enterprise 8.8

            VirusScan Enterprise 8.7i

             

            © 2003-2015 McAfee, Inc.

            Not surprisingly, Microsoft's article (KB309422) is very similar, and includes support for SQL 2012.

            URL=https://support.microsoft.com/en-us/kb/309422 wrote:

             

            Microsoft

             

            How to choose antivirus software to run on computers that are running SQL

            Server

             

            This article was previously published under Q309422

             

            Summary

             

            This article contains general guidelines to help you decide which kind of

            antivirus software to run on the computers that are running Microsoft SQL

            Server in your environment.

             

            More information

             

            We strongly recommend that you individually assess the security risk for each

            computer that is running SQL Server in your environment and that you select the

            tools that are appropriate for the security risk level of each computer that is

            running SQL Server. Additionally, we recommend that before you roll out any

            virus-protection project, you test the whole system under a full load to

            measure any changes in stability and performance.

             

            Virus protection software requires some system resources to execute. You must

            perform testing before and after you install your antivirus software to

            determine whether there is any performance effect on the computer that is

            running SQL Server.

             

            Security risk factors

             

            + The value to your business of the information that is stored on the

               computer.

            + The required security level for that information.

            + The cost of losing access to that information.

            + The risk of either virus or bad information propagating from that computer.

             

            High-risk servers

             

            Any server is at some risk of infection. The highest risk servers generally

            meet one or more of the following criteria:

             

            + The servers are on the public Internet.

            + The servers have open ports to servers that are not behind a firewall.

            + The servers read or execute files from other servers.

            + The servers run HTTP servers, such as Internet Information Services (IIS) or

               Apache. (For example: SQL XML for SQL Server 2000.)

            + The servers are also hosting file shares.

            + The servers use SQL Mail or Database Mail to handle incoming or outgoing

               email messages.

             

            Servers that do not meet the criteria for a high-risk server are generally at

            a lower risk, although not always.

             

            Virus tool types

             

            + Active virus scanning: This kind of scanning checks incoming and outgoing

               files for viruses.

            + Virus sweep software: Virus sweep software scans existing files for file

               infection. It detects files after they are infected with a virus. This kind

               of scanning may cause the following SQL Server database recovery and SQL

               Server full-text catalog file issues:

               + If the virus sweep has opened a database file and still has it open when

                 SQL Server tries to open the database (such as when SQL Server starts or

                 when SQL Server opens a database that AutoClose has closed), the database

                 to which the file belongs might be marked as suspect. The SQL Server

                 database files typically have the .mdf, .ldf, and .ndf file suffixes.

             

               + If the virus sweep software has a SQL Server full-text catalog file open

                 when the Microsoft Search service (MSSearch) tries to access the file,

                 you may have problems with the full text catalog.

             

            + Vulnerability scanning software: The Microsoft Security Tool Kit CD includes

               best practice guidelines, information about how to help secure your system,

               and service packs and updates that can protect your system against virus

               attacks. It also provides Microsoft tools to help you secure your systems

               and keep them secure. To download it, visit the following Microsoft

               website:

             

                 http://www.microsoft.com/security/

             

            + Antispyware software: Spyware and unwanted software refers to software that

               performs certain tasks on your computer, typically without your consent.

               For more information about how to help protect the computer from spyware

               and unwanted software, visit the following Microsoft website:

             

                 http://www.microsoft.com/protect/computer/spyware/default.mspx

             

               Additionally, Microsoft has released the Microsoft Windows Malicious

               Software Removal Tool to help remove specific, prevalent malicious software

               from computers that are running Windows Server 2003, Windows XP, or

               Microsoft Windows 2000. For more information about the Microsoft Windows

               Malicious Software Removal Tool, click the following article number to view

               the article in the Microsoft Knowledge Base:

             

                 890830 ( https://support.microsoft.com/en-us/kb/890830 )

             

                 The Microsoft Windows Malicious Software Removal Tool helps remove

                 specific, prevalent malicious software from computers that are running

                 Windows Vista, Windows Server 2003, Windows XP, or Windows 2000.

             

            Directories and file-name extensions to exclude from virus scanning

             

            When you configure your antivirus software settings, make sure that you

            exclude the following files or directories (as applicable) from virus

            scanning. Doing this improves the performance of the files and helps make sure

            that the files are not locked when the SQL Server service must use them.

            However, if these files become infected, your antivirus software cannot detect

            the infection.

             

            Note: For more information about the default file locations for SQL Server,

            refer to the "File Locations for Default and Named Instances of SQL Server"

            topic for your specific version of SQL Server in SQL Server Books Online.

             

            SQL Server 2012

            http://msdn.microsoft.com/en-us/library/ms143547(v=sql.110).aspx

             

            SQL Server 2008 R2

            http://msdn.microsoft.com/en-us/library/ms143547(v=sql.105).aspx

             

            SQL Server 2008

            http://msdn.microsoft.com/en-us/library/ms143547(SQL.100).aspx

             

            SQL Server 2005

            http://msdn.microsoft.com/en-us/library/ms143547(SQL.90).aspx

             

            + SQL Server data files

             

               These files usually have one of the following file-name extensions:

               + .mdf

               + .ldf

               + .ndf

             

            + SQL Server backup files

             

               These files frequently have one of the following file-name extensions:

               + .bak

               + .trn

             

            + Full-Text catalog files

               + Default instance:

                 Program Files\Microsoft SQL Server\MSSQL\FTDATA

             

               + Named instance:

                 Program Files\Microsoft SQL Server\MSSQL$instancename\FTDATA

             

            + Trace files

                 These files usually have the .trc file-name extension. These files can be

                 generated either when you configure profiler tracing manually or when you

                 enable C2 auditing for the server.

             

            + SQL audit files (for SQL Server 2008 or later versions)

                 These files have the .sqlaudit file-name extension. For more information,

                 see the following topic in SQL Server Books Online:

             

                   Audits (General Page)

                   http://msdn.microsoft.com/en-us/library/cc280649.aspx

             

            + SQL query files

                 These files typically have the .sql file-name extension and contain

                 Transact-SQL statements.

             

            + The directory that holds Analysis Services data

             

               Note: The directory that holds all Analysis Services data is specified by

               the DataDir property of the instance of Analysis Services. By default, the

               path of this directory is

             

                 C:\Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Data.

             

               If you use Analysis Services 2000, you can view and change the data

               directory by using Analysis Manager. To do this, follow these steps:

                 1. In Analysis Manager, right-click the server, and then click

                    Properties.

             

                 2. In the Properties dialog box, click the General tab. The directory

                    appears under Data folder.

             

            + The directory that holds Analysis Services temporary files that are used

               during Analysis Services processing

             

               Note: For Analysis Services 2005 and later versions, temporary files during

               processing are specified by the TempDir property of the instance of

               Analysis Services. By default, this property is empty. When this property

               is empty, the default directory is used. This directory is

             

                 C:\Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Data.

             

               If you use Analysis Services 2000, you can view and change the directory

               that holds temporary files in Analysis Manager. To do this, follow these

               steps:

                 1. In Analysis Manager, right-click the server, and then click

                    Properties.

             

                 2. In the Properties dialog box, click the General tab.

             

                 3. On the General tab, notice the directory under Temporary file folder.

             

               Optionally, you can add a second temporary directory for Analysis Services

               2000 by using the TempDirectory2 registry entry. If you use this registry

               entry, consider excluding from virus scanning the directory to which this

               registry entry points. For more information about the TempDirecotry2

               registry entry, see the "TempDirectory2" section of the following Microsoft

               Developer Network (MSDN) website:

             

                 http://msdn.microsoft.com/en-us/library/aa902654(SQL.80).aspx#sql2k_anservregset tings_topic52

             

            + Analysis Services backup files

             

               Note: By default, in Analysis Services 2005 and later versions, the backup

               file location is the location that is specified by the BackupDir property.

               By default, this directory is

             

                 C:\Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Backup.

             

               You can change this directory in the properties of the instance of Analysis

               Services. Any backup command can point to a different location. Or, the

               backup files may be copied elsewhere.

             

            + The directory that holds Analysis Services log files

             

               Note: By default, in Analysis Services 2005 and later versions, the log

               file location is the location that is specified by the LogDir property. By

               default, this directory is

             

               C:\Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Log.

             

            + Directories for any Analysis Services 2005 and later-version partitions

               that are not stored in the default data directory

             

               Note: When you create the partitions, these locations are defined in the

               Storage location section of the Processing and Storage Locations page of

               the Partition Wizard.

             

            + Filestream data files (SQL 2008 and later versions)

             

            +  Remote Blob Storage files (SQL 2008 and later versions)

             

            +  The directory that holds Reporting Services temporary files and Logs

                (RSTempFiles and LogFiles)

             

            Processes to exclude from virus scanning

             

            SQL Server 2012

                %ProgramFiles%\Microsoft SQL Server\MSSQL11.<Instance Name>\MSSQL\Binn\SQLServr.exe

                %ProgramFiles%\Microsoft SQL Server\MSRS11.<Instance Name>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe

                %ProgramFiles%\Microsoft SQL Server\MSAS11.<Instance Name>\OLAP\Bin\MSMDSrv.exe

             

            SQL Server 2008 R2

                %ProgramFiles%\Microsoft SQL Server\MSSQL10_50.<Instance Name>\MSSQL\Binn\SQLServr.exe

                %ProgramFiles%\Microsoft SQL Server\MSSQL10_50.<Instance Name>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe

                %ProgramFiles%\Microsoft SQL Server\MSSQL10_50.<Instance Name>\OLAP\Bin\MSMDSrv.exe

             

            SQL Server 2008

                %ProgramFiles%\Microsoft SQL Server\MSSQL10.<Instance Name>\MSSQL\Binn\SQLServr.exe

                %ProgramFiles%\Microsoft SQL Server\MSSQL10.<Instance Name>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe

                %ProgramFiles%\Microsoft SQL Server\MSSQL10.<Instance Name>\OLAP\Bin\MSMDSrv.exe

             

            SQL Server 2005

                %ProgramFiles%\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLServr.exe

                %ProgramFiles%\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\Bin\ReportingServicesService.exe

                %ProgramFiles%\Microsoft SQL Server\MSSQL.2\OLAP\Bin\MSMDSrv.exe

             

            Considerations for clustering

             

            You can run antivirus software on a SQL Server cluster. However, you must make

            sure that the antivirus software is a cluster-aware version. Contact your

            antivirus vendor about cluster-aware versions and interoperability.

             

            If you are running antivirus software on a cluster, make sure that you also

            exclude these locations from virus scanning:

             

            + Q:\ (Quorum drive)

            + C:\Windows\Cluster

             

            If you back up the database to a disk or if you back up the transaction log to

            a disk, you can exclude the backup files from the virus scanning.

             

            References

             

            To find general information about SQL Server security, visit the following

            topics in SQL Server Books Online:

             

            Securing SQL Server

            http://msdn.microsoft.com/en-us/library/bb283235.aspx

             

            Security Checklists for the Database Engine

            http://msdn.microsoft.com/en-us/library/ff848778%28v=SQL.105%29.aspx

             

            To find general information about SQL Server security, visit the following

            Microsoft website. (This information includes best practices, various security

            models, and security bulletins.)

             

            http://www.microsoft.com/sql/technologies/security/default.mspx

             

            For more information about additional antivirus considerations on a cluster,

            click the following article number to view the article in the Microsoft

             

            Knowledge Base:

             

              250355 Antivirus software may cause problems with Cluster services

              ( https://support.microsoft.com/en-us/kb/250355 )

             

            For general recommendations from Microsoft for scanning on Enterprise systems,

            click the following article number to view the article in the Microsoft

             

            Knowledge Base:

             

              822158 Virus scanning recommendations for Enterprise computers that are

              running currently supported versions of Windows

              ( http://support.microsoft.com/kb/822158 )

             

            For information about third-party detours or similar techniques in SQL Server,

            click the following article number to view the article in the Microsoft

             

            Knowledge Base:

             

              920925 The use of third-party detours or similar techniques is not supported

              in SQL Server

              ( https://support.microsoft.com/en-us/kb/920925 )

             

            Properties

             

            Article ID: 309422 - Last Review: 10/09/2013 09:01:00 - Revision: 23.0

             

            Applies to

                Microsoft SQL Server 7.0 Standard Edition

                Microsoft SQL Server 2000 Developer Edition

                Microsoft SQL Server 2000 Enterprise Edition

                Microsoft SQL Server 2000 Personal Edition

                Microsoft SQL Server 2000 Standard Edition

                Microsoft SQL Server 2005 Standard Edition

                Microsoft SQL Server 2005 Developer Edition

                Microsoft SQL Server 2005 Enterprise Edition

                Microsoft SQL Server 2005 Express Edition

                Microsoft SQL Server 2005 Workgroup Edition

                Microsoft SQL Server 2008 Developer

                Microsoft SQL Server 2008 Enterprise

                Microsoft SQL Server 2008 Standard

                Microsoft SQL Server 2008 Web

                Microsoft SQL Server 2008 Workgroup

                Microsoft SQL Server 2008 R2 Standard

                Microsoft SQL Server 2008 R2 Developer

                Microsoft SQL Server 2008 R2 Enterprise

                Microsoft SQL Server 2008 R2 Web

                Microsoft SQL Server 2008 R2 Workgroup

                Microsoft SQL Server 2012 Developer

                Microsoft SQL Server 2012 Enterprise

                Microsoft SQL Server 2012 Standard

                Microsoft SQL Server 2012 Web

             

            Keywords:

             

                kbsql2005cluster kbinfo KB309422

                Terms of use Privacy & cookies Trademarks © 2015 Microsoft

             

            See the following for help on configuring High-Risk, Low-Risk, and Default Processes,

            using Best Practices.

             

                PD22941, VSE 8.8 Product Guide:

                https://kc.mcafee.com/corporate/index?page=content&id=PD22941

             

                PD22940, VSE 8.8 Best Practices Guide:

                https://kc.mcafee.com/corporate/index?page=content&id=PD22940

             

                KB55139, Understanding High-Risk, Low-Risk, and Default processes

                configuration and usage:

                https://kc.mcafee.com/corporate/index?page=content&id=KB55139

             

            Now, for SQL 2012, extrapolating from both and applying the High/Low Risk Processes, I would:

             

            1) Assign to a Low Risk Process

                %ProgramFiles%\Microsoft SQL Server\MSSQL11.<Instance Name>\MSSQL\Binn\SQLServr.exe

                %ProgramFiles%\Microsoft SQL Server\MSRS11.<Instance Name>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe

                %ProgramFiles%\Microsoft SQL Server\MSAS11.<Instance Name>\OLAP\Bin\MSMDSrv.exe

             

            Within this Low-Risk Process you could define the following exclusions:

             

            2) Exclude Directories:

               %ProgramFiles%\Microsoft SQL Server\MSSQL$instancename\DATA\

               %ProgramFiles%\Microsoft SQL Server\MSSQL$instancename\BACKUP\

               %ProgramFiles%\Microsoft SQL Server\MSSQL$instancename\FTDATA\

               %ProgramFiles%\Microsoft SQL Server\MSSQL11\OLAP\Data\

               %ProgramFiles%\Microsoft SQL Server\MSSQL11\OLAP\Backup\

               %ProgramFiles%\Microsoft SQL Server\MSSQL11\OLAP\Log\

               %ProgramFiles%\Microsoft SQL Server\MSSQL.X\OLAP\Data\

               %ProgramFiles%\Microsoft SQL Server\MSSQL.X\OLAP\Backup\

               %ProgramFiles%\Microsoft SQL Server\MSSQL.X\OLAP\Log\

             

               A more generic set of exclusions might look like this:

               %ProgramFiles%\Microsoft SQL Server\**\DATA\

               %ProgramFiles%\Microsoft SQL Server\**\BACKUP\

               %ProgramFiles%\Microsoft SQL Server\**\FTDATA\

               %ProgramFiles%\Microsoft SQL Server\**\Log\

               This will include more 'exclusions' than the examples above, but avoids having to adjust for version specific SQL directories

               and for every new Instance Name added.

             

            If MS SQL has been installed in another directory, adjust the exclusions accordingly. Verify that these directories actually exist.

             

            3) Exclude Extensions

               .MDF     SQL Server data files

               .LDF     SQL Server data files

               .NDF     SQL Server data files

               .BAK     SQL Server backup files (or .BAC, or whatever backup file extension you use)

               .TRN     SQL Server backup files

             

            4) Exclude Clustering:

               Q:\ (Quorum drive)

               %SystemRoot%\Cluster\

               %SystemDrive%\ClusterServiceAccount\Local Settings\Temp\

             

            This should be a good starting point. Review everything.

             

            Hope this helps. and post back with additional questions or what worked for you.

            Ron Metzger

            1 of 1 people found this helpful
            • 3. Re: VSE8.8.8 installation on SQL2012 Server
              sazzad

              Thanks for everything!

              I will execute as described & keep you updated!