Best practices

SQL Server instance with ‘3625’ trace flag enabled

Risk Level

Informational (4)

Compliance Frameworks


We have found that {GcpSQLInstance} has '3625' trace flag enabled. 3625 (trace log) Limits the amount of information returned to users who are not members of the sysadmin fixed server role, by masking the parameters of some error messages using '******'. This can help prevent disclosure of sensitive information, hence this is recommended to disable this flag.
  • Recommended Mitigation

    Make sure '3625' trace flag is set to 'off'