We have a hardened PCI environment using SQL Server 2008 R2 and our information security office recently detected SQL Server Compact 3.5 SP2 which is an unsupported product and therefore puts us at risk of PCI certification. We need to uninstall this. Are there any issues with doing so?
Also in our dev/test environment, we ran a scan against the servers, unhardened, that also have SQL Server Compact 3.5 SP2 installed and it wasn't detected. These dev/test servers are patched to the same level as our PCI production servers so why would the scan not detect SQL Server Compact 3.5 SP2?
Is it possible that somethat has activated SQL Server Compact 3.5 SP2 on our production servers and that's why the scan is detecting it? Is there a service for SQL Server Compact 2.5 SP2 and if so what is it called? If not, what will it appear as under processes in Task Manager?
Thanks.
Michael MacGregor, Senior SQL Server DBA