Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Behaviour SEP 12.1.x on DB servers

Created: 24 Oct 2013 • Updated: 24 Oct 2013 | 7 comments
This issue has been solved. See solution.

Hi all,

I have a simple question about the behaviour of SEP client when installed on a database machine like MS SQL.
Does the installed SEP clients protect the database "insertions" in real time? Does it scan the database when a scheduled scan is activated? And for example how does it work with Blob files in a sharepoint database?

 

ThankS Allready!

LEVD

Operating Systems:

Comments 7 CommentsJump to latest comment

James007's picture

IF you Exclude SQL server file and folder it's not scanning
Excluding Microsoft SQL Server files and folders using Centralized Exceptions

 

Article:TECH105240 | Created: 2008-01-27 | Updated: 2012-11-12 | Article URL http://www.symantec.com/docs/TECH105240

Best Practices guide for Installing the Symantec Endpoint Protection Manager 11 RU5 with a SQL Server 2008 Database
http://www.symantec.com/docs/TECH96451

SMLatCST's picture

AFAIK, SEP has no visibility of the internal SQL actions.  It cannot see an insertion, all it will see is that a file has changed and to scan it again.

Same with the scheduled scan, SEP cannot scan the contents, merely the DB file as a whole to see if it matches any infection sigs.

It's worth noting that the scanning of the DB file can lock it from being accessed by other processes (i.e. sql ones), potentially causing corruption.  This is why vendor references normalyl suggest you exclude DB files and stuff from AV scans

Rafeeq's picture

It will consider it as a file, if any changes it will scan again. thats why its recommeded to exclude it from scanning to avoid the resource dead lock.

levd's picture

SMLatCST,

 

Im running some SEP's on SQL servers right now, i didnt excluded the database files. On this servers im not running scheduled scans im only running the on demand scan, is it also wise to exclude the db files here?
Any idea about Sharepoint? I believe theres a special version of SEP for it ?

 

LEVD

SMLatCST's picture

As the others have already posted, there are a few articles on recommended SQL exclusions.  For MS's part, here's what they recommend:

http://support.microsoft.com/kb/309422

"When you configure your antivirus software settings, make sure that you exclude the following files or directories (as applicable) from virus scanning. Doing this improves the performance of the files and helps make sure that the files are not locked when the SQL Server service must use them. However, if these files become infected, your antivirus software cannot detect the infection."

For the Sharepoint side of things, Symantec offer the below product to protect Sharepoint content:

http://www.symantec.com/protection-for-sharepoint-servers

It is still recommended to install SEP on a Shrepoint server to protect the OS, leaving the above product to protect the content.

Again, for the SEP side of things, the below MS article suggests recommended exceptions:

http://support.microsoft.com/kb/952167

 

SOLUTION
levd's picture

Hello,

Ok thank you.
So basically, there isnt really a good way to protect a SQL DB itself since vendors advice to exclude it from scanning. However the OS from the DB system can be protected.

If i want to secure Sharepoint i need to look at the special product for Sharepoint servers.

Thanks,

LEVD

TORB's picture

Thumbs up: SMLatCST