Title: Applications providing malware and/or firewall protection must monitor inbound and outbound communications for unauthorized activities or conditions.
Vulnerability ID: V-32588
IA Controls: None
Description: Unusual/unauthorized activities or conditions include internal traffic indicating the presence of malicious code within an information system or propagating among system components, the unauthorized export of information, or signaling to an external information system.
Evidence of malicious code is used to identify potentially compromised information systems or information system components.
Examples of applications that provide monitoring capability for unusual/unauthorized activities include, but are not limited to, Intrusion Detection, Anti-Virus and Malware etc.
This requirement is specific to applications providing malicious code protection and/or firewall functionality. This requirement is NA for databases.
Check Text: This check is NA for databases.
Fix Text: This fix is NA for databases.[divider]
SQL Server doe not perform any malware or virus checks on itself. It is common to have an Anti-virus running on a SQL Server though. In the interest of performance you want ot make sure that any active SQL Server data and log files are not part of an active scan. The files are opened and locked by SQL Server, and adding scanning can have a very serious impact on performance. It is a common best practice to exclude .MDF, .NDF, .LDF, .TRN and .BAK file extensions from the scan of the directories which SQL Server is using.
Each extension relates to a different type of file generates and used by SQL Server.
.MDF / .NDF – Data files
.LDF – Transaction log files
.BAK – Backup file default extension
.TRN – Transaction log backup file default extension