Incorporating SQL DB file scanning capability in Symantec AV engine (Case # 04719136)
Wrt our discussion with Symantec support team on SQL DB files Scanning exclusion in AV, At present Symantec AV is not capable to read & scan these files (*.mdf, *.ndf, *.ldf,*.trn, *.bak*.wrk, *.tuf) and scanning of these files may lead to performance issue on these DB servers.
Besides the above observations, we also aware about previous Trojan attacks on SQL DB (W32.Narilam)! Considering all these analysis and protection from future threats, we want to raise a feature enhancement request with Symantec development support for incorporating below capabilities in upcoming scan engine.
- AV scanning availability for all SQL DB files (*.mdf, *.ndf, *.ldf,*.trn, *.bak*.wrk, *.tuf)
- AV scanning of SQL DB files should not impact on DB server performance
- AV scanning should not lock Core DB files (mdf, ldf, ndf), it may force DB in suspect mode
- AV scanning should not lock other DB files (trn, bak, wrk & tuf), It impact on log shipping
Please take this with Microsoft also and check the feasibility and availability of smooth scanning of SQL DB files with Symantec AV engine.
You can refer below case for more details.
Case # 04719136 - AV Exclusion for Microsoft SQL Server Database Related files has been created [ ref:_00D30jPy._50050MNa5T:ref ]