SQL Server database or similar file is quarantined or deleted by Endpoint Protection when a threat is detected within the file

book

Article ID: 177961

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

After a scan with Symantec Endpoint Protection (SEP) reveals a threat embedded within a SQL Server database (or a similar type of database file), the file is quarantined or deleted, depending on how Symantec Endpoint Protection is configured to handle the detected threat. You want to know how you can prevent Symantec Endpoint Protection from damaging a database or mail server.

Cause

Symantec Endpoint Protection is unable to remove the threat from within the database file; therefore, the entire file is handled according to the settings. This behavior, while undesireable, is expected due to the limitations of working with database files.

Resolution

Symantec recommends creating exceptions for Symantec Endpoint Protection to exclude Microsoft SQL Server database files, email databases and other similar database files that could be put at risk. These databases can be protected with other products specially designed to interact with their file types.

Symantec Endpoint Protection automatically excludes Microsoft Exchange files.  However, you need to make exclusions for other mail program databases, SQL Server database files, and so on.

Information on Microsoft Exchange exclusions in Symantec Endpoint Protection:

Creating exclusions in Symantec Endpoint Protection: