Installation details
#ScyllaDB version: 2025.3.1
#Cluster size: standalone
os (RHEL/CentOS/Ubuntu/AWS AMI): Ubuntu (Azure VM)
Hi , I am facing issue while running scylladb with sentinelone antivirus.
Sentinelone is killing the scylla process. I have allowed most of the scylla files which are required to run the scylla , but still getting issue .
Can i get any checklist of scylla files to allow ,so that scylla can run.
Below is a comprehensive checklist based on official ScyllaDB security and requirements docs, as well as database best practices for AV exclusions.
For a standalone ScyllaDB deployment on Ubuntu, you should exclude these from antivirus real-time scanning and mitigation, especially with Sentinelone:
ScyllaDB server binary (default location):
/usr/bin/scyllaScyllaDB system service scripts (typically):
/usr/lib/systemd/system/scylla-server.serviceConfiguration files:
/etc/scylla/Data directories (most critical, required for disk access and integrity):
/var/lib/scylla/
/var/lib/scylla/data/
/var/lib/scylla/commitlog/
/var/lib/scylla/hints/
/var/lib/scylla/saved_caches/
Runtime directories and logs:
/var/log/scylla/
/tmp/scylla* (used for temporary files and socket communication)
Whitelist any custom install location if you use non-default paths for binaries or configs.
For upgrade scripts or web installer, also exclude:
/opt/scylladb/ (used in some package installs)Do NOT exclude entire /var/ or /usr/ unless the path is dedicated to ScyllaDB.
Use path-based exclusions for all listed directories and binaries.
If Sentinelone flagged specific binaries, exclude the SHA1 hash as a targeted file exclusion.
Avoid excluding the entire system; only necessary paths/binaries to minimize risk.
After adding exclusions, restart Sentinelone services and verify that ScyllaDB processes (scylla, scylla-server) can start and run without interruption.
Running a database engine with antivirus, even with exclusions, can sometimes interfere with performance and stability. Ensure excluded directories (especially /var/lib/scylla/) are never quarantined or locked.
Always keep ScyllaDB up to date for best security alongside active antivirus.
Summary Table: ScyllaDB Antivirus Exclusion Checklist
| File/Folder | Purpose | Exclusion Type |
|---|---|---|
/usr/bin/scylla |
Main binary | File/Path |
/etc/scylla/ |
Config files | Directory |
/var/lib/scylla/ |
Data root | Directory |
/var/lib/scylla/data/ |
SSTable data | Directory |
/var/lib/scylla/commitlog/ |
Commit logs | Directory |
/var/lib/scylla/hints/ |
Repair hints | Directory |
/var/lib/scylla/saved_caches/ |
Cache files | Directory |
/var/log/scylla/ |
Log files | Directory |
/tmp/scylla* |
Temp/runtime files | Directory/Pattern |
/opt/scylladb/ |
Alternative install path | Directory |
Ensure AV exclusions are correctly configured in the Sentinelone console, either by hash or directory path, as appropriate.
Thanks a lot Gabriel.