Scan For Startup Procs
The scan for startup procs
option is used to scan for automatic execution of stored procedures at SQL Server startup time. If this option is set to 1, SQL Server scans for and runs all automatically run stored procedures that are defined on the server. The default value for scan for startup procs is 0 (do not scan).
If scan for startup procs is enabled, SQL Server will automatically run all stored procedures configured to execute on service start up, potentially allowing an attacker to gain or maintain access to a server.
Suggested Action
Disable scan for startup procs
.
How to Disable Scan For Startup Procs
EXEC sys.sp_configure @configname=N'show advanced options', @configvalue=N'1';
RECONFIGURE;
GO
EXEC sp_configure 'scan for startup procs', 0;
RECONFIGURE WITH OVERRIDE;
GO
EXEC sys.sp_configure @configname=N'show advanced options', @configvalue=N'0';
RECONFIGURE;
GO
Further Reading
Configure the Scan for Startup Procs Server Configuration Option | Microsoft Learn