Symantec Sysfer.dll Process injection causes SQL Server performance issues.
search cancel

Symantec Sysfer.dll Process injection causes SQL Server performance issues.

book

Article ID: 215714

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

When certain modules are loaded into the Microsoft SQL Server process address space (Sqlservr.exe), you may encounter the following symptoms:

  • Reports of various hang-related error messages and conditions (for example, SQL Server scheduler message such as 17883, application time-out messages, severe blocking within SQL Server)
  • Very slow response from SQL Server even if the concurrent amount of load is not unusually heavy.
  • Exceptions (such as access violations), critical error messages about database consistency, assertion messages or unexpected process termination
  • 100% CPU utilization and long database recovery times when you use in-memory OLTP tables in SQL Server.

Cause

Application and Device Control can inject Sysfer.dll into processes as part of its operation.

Resolution

Exclude SQLservr.exe from the exclusions section in SEPM.

  1. In the SEPM console, browse under Policies > Exceptions.
  2. Edit the policy applied to any SQL Server experiencing this issue.
  3. Add an exclusion for SQLServr.exe.
  4. See this article for more details: How to create an Application Control exception or stop sysfer.dll injection into a process with Endpoint Protection
  5. A restart of the SQL Server or the SQL Server services is required to clear the injection after the exclusion has reached the client.