SQL Server database or similar file is quarantined or deleted by Endpoint Protection when a threat is detected within the file


Article ID: 177961


Updated On:


Endpoint Protection


After a scan with Symantec Endpoint Protection (SEP) reveals a threat embedded within a SQL Server database (or a similar type of database file), the file is quarantined or deleted, depending on how Symantec Endpoint Protection is configured to handle the detected threat. You want to know how you can prevent Symantec Endpoint Protection from damaging a database or mail server.


Symantec Endpoint Protection is unable to remove the threat from within the database file; therefore, the entire file is handled according to the settings. This behavior, while undesireable, is expected due to the limitations of working with database files.


Symantec recommends creating exceptions for Symantec Endpoint Protection to exclude Microsoft SQL Server database files, email databases and other similar database files that could be put at risk. These databases can be protected with other products specially designed to interact with their file types.

Symantec Endpoint Protection automatically excludes Microsoft Exchange files.  However, you need to make exclusions for other mail program databases, SQL Server database files, and so on.

Information on Microsoft Exchange exclusions in Symantec Endpoint Protection:

Creating exclusions in Symantec Endpoint Protection: