Symptoms:

• SQL Server performance degrades significantly over time following a guest OS reboot or service restart
• High I/O latency measured within the guest OS (e.g., 100ms to 700ms+), while hypervisor and storage array latency remain low (1ms to 2ms)
• Sustained high processor utilization impacting application responsiveness

vSphere (All versions)

Microsoft SQL based Virtual Machines, running high transactional operations (Such as with EPIC)

Ransomware protection and AV Solutions

Third-party security software (e.g., SentinelOne, Carbon Black, or Symantec Endpoint Protection) using kernel-mode minifilters/VSS calls to inspect SQL Server I/O operations without proper exclusions.

This adds significant overhead to every read and write operation in the Windows storage stack.

Resolution: Configure the security software with the Microsoft-published SQL Server antivirus exclusion list. This typically includes:

1. Path Exclusions:
   • SQL Server Data files (.mdf, .ndf)
   • SQL Server Transaction Log files (.ldf)
   • Backup directories and files
   • TempDB files
2. Process Exclusions:
   • sqlservr.exe
   • SQL Server Agent processes

For a comprehensive and up-to-date list of required exclusions, refer to the official Microsoft documentation: Microsoft's Configure antivirus software to work with SQL Server Best Practices

Verification: After applying exclusions, monitor I/O latency using tools like procmon (guest-side) and esxtop (hypervisor-side). Latency within the guest should align more closely with the storage array's response time