File Integrity Monitoring system and Database Server

  • Looking to find if it is a feasible idea to install FIM system on a SQL Server. It is a sensitive and highly transnational system and I dont feel comfortable.

     

    For people who do not know what FIM is please read the below link.

     

    https://en.wikipedia.org/wiki/File_integrity_monitoring

     

     

    It may end up messing stuff. Can some one knowledgeable and experience person comment and advice on this.

  • I can't comment on this, but it seems like a file level filter driver, similar to what AV does. Those are not compatible with SQL Server and cause issues, especially blocking problems. I would not do this on any folder where database files reside.

     

  • Thanks for the input.

     

    Will it be a good idea to have them scan the SQL Server binaries installed on C drive, for example, lets say , C:/Program files (x86). there are plenty of dll(s) there and I am even concerned about those as well?

  • That's an interesting idea. Might be worth scanning those, though I'd expect you get some alerts when you apply patches. I haven't heard issues with SQL Server binaries, but I'd certainly start testing this on a server that is either dev/test or isn't critical if it causes issues. Throw a workload at it, try different things that might load different DLLs, like linked servers, xp_cmdshell, sp_oa_create, etc. See if anything triggers with your monitor.

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply