Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Summary
This article provides guidance for setting up antivirus software on Windows computers that run SQL Server, including which processes, folders, and file name extensions to exclude from virus scanning. Proper antivirus exclusions help protect database files, backups, full-text catalogs, and SQL Server services like Analysis Services (SSAS), Integration Services (SSIS), Reporting Services (SSRS), PolyBase, and Power BI Report Server from scan-related performance issues and file locking.
Assess the security risk for each SQL Server computer individually, and select tools that match that risk level. Test the full system under a representative load both before and after you install antivirus software to measure any impact on stability and performance. Antivirus software consumes system resources at run time, so testing helps you spot adverse effects on the host and on SQL Server itself.
Security risk factors
Consider the following factors when deciding on anti-malware solutions:
- The business value of the information that's stored on the computer.
- The required security level for the information.
- The cost of losing access to the information.
- The risk of either viruses or bad information propagating from that computer.
High-risk servers
Any server is at some risk of infection. The highest-risk servers generally meet one or more of the following criteria:
- The servers are open to the public Internet.
- The servers have open ports to servers that aren't behind a firewall.
- The servers read or execute files from other servers.
- The servers run HTTP servers, such as Internet Information Services (IIS) or Apache.
- The servers host file shares.
- The servers use Database Mail to handle incoming or outgoing email messages.
Servers that don't meet the criteria for a high-risk server are generally at a lower risk, although not always.
Antivirus software types
Antivirus products generally fall into a few categories. Each category interacts with SQL Server differently, so it helps to know what each kind does before you plan exclusions.
Active virus scanning: This kind of scanning checks incoming and outgoing files for viruses.
Virus sweep software: Virus sweep software scans existing files for file infection. It detects problems after a virus infects files. This kind of scanning can cause the following SQL Server database recovery and SQL Server full-text catalog file problems:
If the virus sweep software opens a database file when SQL Server tries to open the database, the database to which the file belongs might be marked as suspect. SQL Server opens a database when it starts or when a database with Auto-Close enabled was closed and is accessed again. SQL Server database files typically have .mdf, .ldf, or .ndf file name extensions.
If the virus sweep software opens a SQL Server full-text catalog file when Full-Text Search tries to use the file, you might have problems with the full-text catalog.
Vulnerability scanning software: The Microsoft Security Compliance Toolkit includes a set of tools that enterprise administrators can use to perform a wide range of security tasks. These tasks include downloading, analyzing, testing, editing, and storing Microsoft-recommended security configuration baselines for Windows and other Microsoft products, and comparing them against other security configurations. To download it, go to Microsoft Security Compliance Toolkit 1.0.
Microsoft also released the Windows Malicious Software Removal Tool to help remove specific, prevalent malicious software from computers. For more information about the Microsoft Windows Malicious Software Removal Tool, see Remove specific prevalent malware with Windows Malicious Software Removal Tool (KB890830).
Note
Windows Server 2016 and later versions automatically enable Microsoft Defender Antivirus. Make sure that Microsoft Defender is set up to exclude Filestream files. Otherwise, backup and restore performance can degrade. For more information, see Configure and validate exclusions for Microsoft Defender Antivirus scans.
SQL Server processes to exclude from virus scanning
When you set up your antivirus software, make sure that you exclude the following processes (as applicable) from virus scanning.
- sqlservr.exe (SQL Server Database Engine)
- sqlagent.exe (SQL Server Agent)
- sqlbrowser.exe (SQL Server Browser service)
- %ProgramFiles%\Microsoft SQL Server\1<NN>\Shared\SQLDumper.exe (SQLDumper utility)
For an updated list of services and file paths, see Services installed by SQL Server.
Applications installed on a SQL Server computer can load modules into the SQL Server process (sqlservr.exe). The applications use this functionality to run business logic or for intrusion monitoring and protection. To detect whether an unknown module or a module from third-party software was loaded into the process memory space, check the output of the sys.dm_os_loaded_modules Dynamic Management View (DMV).
In some cases, applications or drivers detour SQL Server or Windows code to provide malware protection or monitoring services. But if those applications or drivers aren't designed correctly, they can cause a wide range of issues for products like SQL Server. For information about third-party detours or similar techniques in SQL Server, see Detours or similar techniques may cause unexpected behaviors with SQL Server.
Set up antivirus software for SQL Server Database Engine
This section applies to SQL Server installations on Windows operating systems, both stand-alone and Failover Cluster Instances (FCI). The same exclusions apply to currently supported releases, including SQL Server 2016, 2017, 2019, 2022, and 2025.
Directories and file name extensions to exclude from virus scanning
When you set up your antivirus software, make sure that you exclude the following files or directories (as applicable) from virus scanning. Exclusions can improve SQL Server performance and help make sure that files aren't locked when the SQL Server service needs them. Be aware that if any excluded file becomes infected, your antivirus software can't detect the infection. For more information about the default file locations for SQL Server, see File Locations for Default and Named Instances of SQL Server.
SQL Server data files
These files usually have one of the following file name extensions:
- .mdf
- .ldf
- .ndf
By default, the data files are located in the following directories. However, the database administrators of the system can place them in any directory.
| SQL Server instance | Default data directory |
|---|---|
| SQL Server default instance | %ProgramFiles%\Microsoft SQL Server\MSSQL<NN>.MSSQLSERVER\MSSQL\DATA |
| SQL Server named instance | %ProgramFiles%\Microsoft SQL Server\MSSQL<NN>.<InstanceName>\MSSQL\DATA |
Note
<NN> and <InstanceName> are placeholders.
SQL Server backup files
These files typically have one of the following file name extensions:
- .bak
- .trn
By default, the backup folders are located in the following directories. However, database administrators can place backup files in any directory.
| SQL Server instance | Default backup directory |
|---|---|
| SQL Server default instance | %ProgramFiles%\Microsoft SQL Server\MSSQL<NN>.MSSQLSERVER\MSSQL\Backup |
| SQL Server named instance | %ProgramFiles%\Microsoft SQL Server\MSSQL<NN>.<InstanceName>\MSSQL\Backup |
Full-Text catalog files
| SQL Server instance | Process/Executable file |
|---|---|
| SQL Server default instance | %ProgramFiles%\Microsoft SQL Server\MSSQL<NN>.MSSQLSERVER\MSSQL\FTDATA |
| SQL Server named instance | %ProgramFiles%\Microsoft SQL Server\MSSQL<NN>.<InstanceName>\MSSQL\FTDATA |
Trace files
These files usually have the .trc file name extension. They're generated when you set up SQL tracing manually or when you turn on C2 auditing for the server.
Extended Event file targets
- Typically saved as .xel or .xem.
- System-generated files are saved in the LOG folder for that instance.
SQL audit files
These files have the .sqlaudit file name extension. For more information, see SQL Server Audit (Database Engine).
SQL query files
These files typically have the .sql file name extension and contain Transact-SQL statements.
Filestream data files
- No specific file extension for the files.
- The folder structure identified by the container type FILESTREAM from sys.database_files contains the files.
<drive>:\RsFxName- The
<drive>refers to the root drive of the folder structure identified by the container type FILESTREAM from sys.database_files.
- The
Remote Blob Storage files
- Refers to the directory that stores Reporting Services temporary files and logs (RSTempFiles and LogFiles). For more information, see Reporting Services Log Files and Sources - SQL Server Reporting Services (SSRS) and RsReportServer.config Configuration File - SQL Server Reporting Services (SSRS).
Exception dump files
The memory dump files typically use the .mdmp file name extension. These system-generated files are saved in the \LOG subfolder for that instance or in the folder that the following registry key points to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\<instance name>\CPE. For more information about memory dumps, see Use the Sqldumper.exe tool to generate a dump file in SQL Server.
In-memory OLTP files
In essence, the In-Memory OLTP technology has two sets of files:
Files related to natively compiled stored procedures and memory-optimized tables.
The In-memory OLTP files are typically stored in an xtp subfolder under the DATA directory for the instance.
File formats include the following types:
- xtp_<t/p>_<dbid>_<objid>.c
- xtp_<t/p>_<dbid>_<objid>.dll
- xtp_<t/p>_<dbid>_<objid>.obj
- xtp_<t/p>_<dbid>_<objid>.out
- xtp_<t/p>_<dbid>_<objid>.pdb
- xtp_<t/p>_<dbid>_<objid>.xml
Note
xtp is a prefix used to indicate the association with In-memory OLTP. The placeholder
<t/p>represents either "t" for table or "p" for procedure. The placeholder<dbid>refers to the database ID of the user database where the memory-optimized object is located. The placeholder<objid>indicates the object ID assigned to the memory-optimized object (either the table or the procedure).
Files related to checkpoint and delta files.
- No specific file extension for the files.
- The folder structure identified by the container type FILESTREAM from
sys.database_filescontains the files.
DBCC CHECKDB files
The DBCC CHECKDB files use the following format:
<Database_data_filename.extension>_MSSQL_DBCC<database_id_of_snapshot>
These are temporary files. For more information, see Internal database snapshot.
Replication
The following table contains the Replication executables and server-side COM objects. DBCC CHECKDB creates temporary files for the duration of the DBCC command after which it removes them automatically.
Replication executables and server-side COM objects
Default location Process/Executable directory x86 default location <drive>:\Program Files (x86)\Microsoft SQL Server\<NNN>\COM\ x64 default location <drive>:\Program Files\Microsoft SQL Server\<NNN>\COM\ Note
The
<NNN>placeholder represents version-specific information. To find the correct value, check your installation or search for "Replication and server-side COM objects" in Specifying File Paths. For example, the full path for SQL Server 2022 is <Drive>:\Program Files\Microsoft SQL Server\160\COM\.Starting with SQL Server 2017 CU22 (including SQL 2019 RTM and later versions), if you're using Transactional Replication and the Distribution Agent is using the OLEDB streaming profile, or if you're using the
-UseOledbStreamingparameter, the Distribution Agent creates temporary files (*.lob) in the AppData folder of the account running the distribution agent where the job is being invoked. For example, C:\Users\<DistributionAgentAccount>\AppData\Temp\*.lob. For prior versions of SQL Server, the default COM folder (already listed) is used.For more information, see "The distribution agent failed to create temporary files" error message.
Files in the Replication Snapshot folder
The default path for the snapshot files is \Microsoft SQL Server\MSSQL<NN>.MSSQLSERVER\MSSQL\ReplData. These files typically have file name extensions such as .sch, .idx, .bcp, .pre, .cft, .dri, .trg, or .prc.
Considerations for Failover Cluster Instances
You can run antivirus software on a SQL Server cluster. However, you must make sure that the antivirus software is a cluster-aware version.
Contact your antivirus vendor about cluster-aware versions and interoperability.
If you're running antivirus software on a cluster, make sure that you also exclude these locations from virus scanning:
- Q:\ (Quorum drive)
- C:\Windows\Cluster
- MSDTC directory in the MSDTC drive
If you back up the database to a disk or back up the transaction log to a disk, you can exclude the backup files from the virus scanning.
For more information about antivirus considerations on a cluster, see Antivirus software that isn't cluster-aware may cause problems with Cluster Services.
Arc-enabled SQL Server
When you run antivirus software on an Arc-enabled SQL Server instance, some files and executables (also referred to as system objects) might be flagged. However, these system objects are necessary for Arc-enabled SQL Server to function properly. To ensure optimal performance and stability, we recommend that you exclude these necessary system objects from antivirus scanning.
Starting with SQL Server 2025, SQL Server instances can use the Azure Arc machine's managed identity. You might need to add an exemption for the token folder. Follow the steps in Configure a managed identity for Arc-enabled SQL Server for the proper setup and the folder path.
We also recommend that you keep the extension up to date, as it includes ongoing security and feature updates. For more information, see the latest extension release.
Set up antivirus software for Analysis Services
You can exclude the following Analysis Services (SSAS) directories and processes from antivirus scanning to reduce contention and avoid file locks during cube processing and queries.
SSAS processes to exclude from virus scanning
| SSAS instance | Process/Executable file |
|---|---|
| Default instance | %ProgramFiles%\Microsoft SQL Server\\MSAS<ID>.MSSQLSERVER\OLAP\bin\MSMDSrv.exe |
| Named instance | %ProgramFiles%\Microsoft SQL Server\\MSAS<ID>.<InstanceName>\OLAP\bin\MSMDSrv.exe |
The <ID> is a placeholder for the build ID. For example, a default Analysis Services 2022 instance binary location is C:\Program Files\Microsoft SQL Server\MSAS16.MSSQLSERVER\OLAP\bin.
SSAS directories and file name extensions to exclude from virus scanning
When you set up your antivirus software, make sure that you exclude the following SSAS files or directories (as applicable) from virus scanning. Excluding the files improves SSAS performance and helps make sure that files aren't locked when the SQL Server service needs them. If an excluded file becomes infected, your antivirus software can't detect the infection.
Data directory for Analysis Services
The directory that holds all Analysis Services data files is specified in the DataDir property of the instance of Analysis Services. The following table shows the default path of the SSAS instance:
| SSAS instance | Default data directory |
|---|---|
| Default instance | C:\Program Files\Microsoft SQL Server\MSAS<ID>.MSSQLSERVER\OLAP\Data |
| Named instance | C:\Program Files\Microsoft SQL Server\MSAS<ID>.<InstanceName>\OLAP\Data |
Temporary files for Analysis Services
For Analysis Services 2012 and later versions, temporary files during processing are specified by the TempDir property of the instance of Analysis Services. By default, this property is empty. When this property is empty, the default directory is used. The following table shows the Temp path by default.
| SSAS instance | Temporary files directory |
|---|---|
| Default instance | C:\Program Files\Microsoft SQL Server\MSAS<ID>.MSSQLSERVER\OLAP\Temp |
| Named instance | C:\Program Files\Microsoft SQL Server\MSAS<ID>.<InstanceName>\OLAP\Temp |
The backup files for Analysis Services
In Analysis Services 2012 and later versions, the backup file location is the location that is specified by the BackupDir property. The following table shows the default backup path for the Analysis Service instance:
| SSAS instance | Backup files directory (default) |
|---|---|
| Default instance | C:\Program Files\Microsoft SQL Server\MSAS<ID>.MSSQLSERVER\OLAP\Backup |
| Named instance | C:\Program Files\Microsoft SQL Server\MSAS<ID>.<InstanceName>\OLAP\Backup |
You can change this directory in the properties of the instance of Analysis Services. Any backup command can point to a different location also. Or, the backup files can be copied elsewhere for restore.
The directory that holds Analysis Services log files
By default, in Analysis Services 2012 and later versions, the log file location is the location that is specified by the LogDir property. By default, the Log path is located as follows:
| SSAS instance | Log files directory |
|---|---|
| Default instance | C:\Program Files\Microsoft SQL Server\MSAS<ID>.MSSQLSERVER\OLAP\Log |
| Named instance | C:\Program Files\Microsoft SQL Server\MSAS<ID>.<InstanceName>\OLAP\Log |
Directories for partitions not stored in the default data directories for Analysis Services 2012 and later versions
When you create the partitions, these locations are defined in the Storage location section of the Processing and Storage Locations page of the Partition Wizard. Be sure to exclude those locations from scanning.
Set up antivirus software for Integration Services
Exclude the following SQL Server Integration Services (SSIS) processes and directories from antivirus scanning to avoid package execution failures and slowdowns.
SSIS processes to exclude from virus scanning
| Service | Process/Executable file |
|---|---|
| SSIS instance | %Program Files%\Microsoft SQL Server\<VersionNum>\DTS\Binn\ISServerExec.exe |
| DTSExec instance | %Program Files%\Microsoft SQL Server\<VersionNum>\DTS\Binn\DTExec.exe |
Note
The placeholder <VersionNum> refers to the version-specific details.
SSIS directories to exclude from virus scanning
When you set up your antivirus software, make sure that you exclude the following files or directories (as applicable) from virus scanning. This action improves performance and helps make sure that files aren't locked when the SSIS service needs them. If an excluded file becomes infected, your antivirus software can't detect the infection.
| Description | Directories to exclude |
|---|---|
| Directories to exclude | %Program Files%\Microsoft SQL Server\<VersionNum>\DTS |
Note
The placeholder <VersionNum> refers to the version-specific details.
Set up antivirus software for PolyBase
Exclude the following PolyBase service processes and directories from antivirus scanning.
PolyBase processes to exclude from virus scanning
| Service | Process/Executable file |
|---|---|
| PolyBase Engine service | %ProgramFiles%\Microsoft SQL Server\<InstanceID>.<InstanceName>\MSSQL\Binn\Polybase\mpdwsvc.exe |
| PolyBase Data Movement (DMS) and Engine services | %ProgramFiles%\Microsoft SQL Server\<InstanceID>.<InstanceName>\MSSQL\Binn\Polybase\mpdwsvc.exe |
PolyBase Data Movement service (DMS) and Engine services use the same executable with different command line parameters.
PolyBase directories and file name extensions to exclude from virus scanning
When you set up your antivirus software, make sure that you exclude the following files or directories (as applicable) from virus scanning. This action improves performance and helps make sure that files aren't locked when the PolyBase service needs them. If an excluded file becomes infected, your antivirus software can't detect the infection.
| Description | Directories to exclude |
|---|---|
| PolyBase log files | %ProgramFiles%\Microsoft SQL Server\<InstanceID>.<InstanceName>\MSSQL\Log\Polybase\ |
Set up antivirus software for Reporting Services
Exclude the following SQL Server Reporting Services (SSRS) processes and directories from antivirus scanning. Exclusions vary by SSRS version because the install layout changed in SSRS 2017.
SSRS processes to exclude from virus scanning
The executables that you must exclude evolved across different versions of SSRS. The following table lists them according to the SSRS version.
| SSRS version | Process/Executable file |
|---|---|
| SSRS 2016 | %ProgramFiles%\Microsoft SQL Server\<InstanceID>.<InstanceName>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe %ProgramFiles%\Microsoft SQL Server\<InstanceID>.<InstanceName>\Reporting Services\RSWebApp\Microsoft.ReportingServices.Portal.WebHost.exe |
| SSRS 2017 and later versions | %ProgramFiles%\Microsoft SQL Server Reporting Services\SSRS\Management\RSManagement.exe %ProgramFiles%\Microsoft SQL Server Reporting Services\SSRS\Portal\RSPortal.exe %ProgramFiles%\Microsoft SQL Server Reporting Services\SSRS\ReportServer\bin\ReportingServicesService.exe %ProgramFiles%\Microsoft SQL Server Reporting Services\SSRS\RSHostingService\RSHostingService.exe |
SSRS directories to exclude from virus scanning
The following table lists the SSRS directories that you must exclude:
| SSRS version | Directories to exclude |
|---|---|
| SSRS 2016 | %ProgramFiles%\Microsoft SQL Server\<InstanceID>.<InstanceName>\Reporting Services |
| SSRS 2017 and later versions | %ProgramFiles%\Microsoft SQL Server Reporting Services\SSRS %ProgramFiles%\Microsoft SQL Server Reporting Services\Shared Tools |
Set up antivirus software for Power BI Report Server
For Power BI Report Server, exclude the following processes and directories from antivirus scanning.
Power BI Report Server processes to exclude from virus scanning
- %ProgramFiles%\Microsoft Power BI Report Server\PBIRS\ASEngine\msmdsrv.exe
- %ProgramFiles%\Microsoft Power BI Report Server\PBIRS\Management\RSManagement.exe
- %ProgramFiles%\Microsoft Power BI Report Server\PBIRS\Office\RSOffice.exe
- %ProgramFiles%\Microsoft Power BI Report Server\PBIRS\Portal\RSPortal.exe
- %ProgramFiles%\Microsoft Power BI Report Server\PBIRS\PowerBI\Microsoft.Mashup.Container.exe
- %ProgramFiles%\Microsoft Power BI Report Server\PBIRS\PowerBI\Microsoft.Mashup.Container.NetFX40.exe
- %ProgramFiles%\Microsoft Power BI Report Server\PBIRS\PowerBI\Microsoft.Mashup.Container.NetFX45.exe
- %ProgramFiles%\Microsoft Power BI Report Server\PBIRS\PowerBI\RSPowerBI.exe
- %ProgramFiles%\Microsoft Power BI Report Server\PBIRS\ReportServer\bin\ReportingServicesService.exe
- %ProgramFiles%\Microsoft Power BI Report Server\PBIRS\RSHostingService\RSHostingService.exe
Power BI Report Server directories to exclude from virus scanning
- %ProgramFiles%\Microsoft Power BI Report Server\PBIRS
- %ProgramFiles%\Microsoft Power BI Report Server\Shared Tools
Check which volumes antivirus programs scan
Antivirus programs use filter drivers to attach to the I/O path on a computer and scan I/O packets for known virus patterns. In Windows, use the Fltmc utility to list the filter drivers and the volumes they're set up to scan. The fltmc instances output can guide you on which volumes or folders to exclude from scanning.
Run fltmc from an elevated prompt
fltmc instances
Identify the antivirus driver from the output
Here's a sample output. Use the Allocated filter altitudes document to look up filter drivers by using the uniquely assigned altitude. For example, you might find that the altitude 328010 is in the 320000 - 329998: FSFilter Anti-Virus table in the document. Therefore, based on the table name in the document, you know that the WdFilter.sys driver is used by the antivirus program on your computer and that it's developed by Microsoft.
Filter Volume Name Altitude Instance Name Frame SprtFtrs VlStatus
-------------------- ------------------------------------- ------------ ---------------------- ----- -------- --------
CldFlt C: 180451 CldFlt 0 0000000f
CldFlt \Device\HarddiskVolumeShadowCopy3 180451 CldFlt 0 0000000f
FileInfo 40500 FileInfo 0 0000000f
FileInfo C: 40500 FileInfo 0 0000000f
FileInfo 40500 FileInfo 0 0000000f
FileInfo \Device\HarddiskVolumeShadowCopy3 40500 FileInfo 0 0000000f
FileInfo X:\MSSQL15.SQL10\MSSQL\DATA 40500 FileInfo 0 0000000f
FileInfo \Device\Mup 40500 FileInfo 0 0000000f
FileInfo \Device\RsFx0603 40500 FileInfo 0 0000000f
MsSecFlt 385600 MsSecFlt Instance 0 0000000f
MsSecFlt C: 385600 MsSecFlt Instance 0 0000000f
MsSecFlt 385600 MsSecFlt Instance 0 0000000f
MsSecFlt \Device\HarddiskVolumeShadowCopy3 385600 MsSecFlt Instance 0 0000000f
MsSecFlt \Device\Mailslot 385600 MsSecFlt Instance 0 0000000f
MsSecFlt \Device\Mup 385600 MsSecFlt Instance 0 0000000f
MsSecFlt \Device\NamedPipe 385600 MsSecFlt Instance 0 0000000f
MsSecFlt \Device\RsFx0603 385600 MsSecFlt Instance 0 0000000f
RsFx0603 C: 41006.03 RsFx0603 MiniFilter Instance 0 00000000
RsFx0603 \Device\Mup 41006.03 RsFx0603 MiniFilter Instance 0 00000000
WdFilter 328010 WdFilter Instance 0 0000000f
WdFilter C: 328010 WdFilter Instance 0 0000000f
WdFilter 328010 WdFilter Instance 0 0000000f
WdFilter X:\MSSQL15.SQL10\MSSQL\DATA 328010 WdFilter Instance 0 0000000f
WdFilter \Device\HarddiskVolumeShadowCopy3 328010 WdFilter Instance 0 0000000f
WdFilter \Device\Mup 328010 WdFilter Instance 0 0000000f
WdFilter \Device\RsFx0603 328010 WdFilter Instance 0 0000000f
Wof C: 40700 Wof Instance 0 0000000f
Wof 40700 Wof Instance 0 0000000f
Wof \Device\HarddiskVolumeShadowCopy3 40700 Wof Instance 0 0000000f
bfs 150000 bfs 0 0000000f
bfs C: 150000 bfs 0 0000000f
bfs 150000 bfs 0 0000000f
bfs \Device\HarddiskVolumeShadowCopy3 150000 bfs 0 0000000f
bfs \Device\Mailslot 150000 bfs 0 0000000f
bfs \Device\Mup 150000 bfs 0 0000000f
bfs \Device\NamedPipe 150000 bfs 0 0000000f
bfs \Device\RsFx0603 150000 bfs 0 0000000f
bindflt C: 409800 bindflt Instance 0 0000000f
luafv C: 135000 luafv 0 0000000f
npsvctrig \Device\NamedPipe 46000 npsvctrig 0 00000008
storqosflt C: 244000 storqosflt 0 0000000f
Find the volumes scanned by the antivirus driver
In the sample output, you might notice that the WdFilter.sys driver scans the X:\MSSQL15.SQL10\MSSQL\DATA folder, which appears to be a SQL Server data folder. This folder is a good candidate to be excluded from antivirus scanning.
Set up a firewall for SQL Server products
The following table contains information about how to use a firewall with SQL Server:
| Product | Information about firewall configuration |
|---|---|
| SQL Server Database Engine | Configure the Windows Firewall to allow SQL Server access |
| Analysis Services (SSAS) | Configure the Windows Firewall to Allow Analysis Services Access |
| Integration Services (SSIS) | Configure the Windows Firewall to allow SQL Server access with Integration Services |
| PolyBase | Which ports should I allow through my firewall for PolyBase? |
| Reporting services (SSRS) | Configure a Firewall for Report Server Access |