Windows OS Hub
  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange

 Windows OS Hub / Windows Server 2016 / Windows Defender Antivirus on Windows Server 2016

July 30, 2018 Windows Server 2016

Windows Defender Antivirus on Windows Server 2016

In Windows Server 2016 there is a built-in native Microsoft antivirus — Windows Defender, which is installed and enabled by default. In this article we’ll look at the features of Windows Defender in Windows Server 2016.

Contents:
  • Windows Defender GUI
  • How to Uninstall Windows Defender on Windows Server 2016
  • Managing Windows Defender Using PowerShell Commands
  • How to Exclude files and Folder from Windows Defender Scans
  • Updating Windows Defender Definitions

Windows Defender GUI

By default, only the Windows Defender anti-virus engine is installed in Windows Server. To install the graphic interface of the Defender, install the server component GUI for Windows Defender using the Server Manager console (it is located in Windows Defender Features section).

Install Windows feature - GUI for Windows Defender

You can enable the Defender GUI using PowerShell:

Install-WindowsFeature -Name Windows-Defender-GUI

Windows Defender GUI on WIndows Server 2016

To uninstall the Defender graphic console, the following PowerShell command is used:
Uninstall-WindowsFeature -Name Windows-Defender-GUI

How to Uninstall Windows Defender on Windows Server 2016

In Windows 10, when you install any third-party antivirus (McAfee, Avast, Kaspersky, Symantec, etc.), the built-in Windows Defender is disabled. However, it doesn’t happen in Windows Server 2016. You have to disable the integrated antivirus engine manually (in most cases, it is not recommended to use several antivirus programs at a time on one computer or server).

You can uninstall Windows Defender in Windows Server 2016 using Server Manager or with the following command:

Uninstall-WindowsFeature -Name Windows-Defender

The component is installed with the following command:

Add-WindowsFeature Windows-Defender-Features,Windows-Defender-GUI

Add-WindowsFeature Windows-Defender-Features,Windows-Defender-GUI

Managing Windows Defender Using PowerShell Commands

Let’s consider typical PowerShell commands to manage Windows Defender.

You can make sure if Windows Defender service is running using this PowerShell command:

Get-Service WinDefend

Get-Service WinDefend - get service status

As you can see, the service is started (Status – Running)

You can display the current status and settings of Defender using the following cmdlet:

Get-MpComputerStatus

Get-MpComputerStatus - get defender settings and stats

The cmdlet displays the version and the date of the latest antivirus database update, enabled components, the time of the last scan, etc.

You can disable Windows Defender real time protection as follows:

Set-MpPreference -DisableRealtimeMonitoring $true

After running this command, the antivirus won’t scan all files processed by the system on the go.

This is how you enable real time protection:

Set-MpPreference -DisableRealtimeMonitoring $false

For example, you need to enable AV scanning for external USB storage devices. Get the current settings with command:

Get-MpPreference | fl disable*

If the USB drive scanning is disabled (DisableRemovableDriveScanning = True), you can enable the scan using the command:

Set-MpPreference -DisableRemovableDriveScanning $false

A complete list of Defender module cmdlets can be displayed with the command:

Get-Command -Module Defender

How to Exclude files and Folder from Windows Defender Scans

You can set the list of exclusions – these are names, file extensions, directories to be excluded from the automatic Windows Defender scan. The peculiarity of Windows Defender in Windows Server 2016 is the automatically generated list of exclusions applied depending on the installed server roles. You must admit that it is logical to exclude the files of virtual and differencing disks, VHDS disks (*.vhd, *.vhdx, *.avhd), snapshots and other virtual machine files from the antivirus check if the Hyper-V role is installed.

To add the specific directories to the exclusion list of the antivirus manually, run this command:

Set-MpPreference -ExclusionPath "C:\Test", "C:\VM", "C:\Nano"

To exclude the antivirus check of certain processes use the following command:

Set-MpPreference -ExclusionProcess "vmms.exe", "Vmwp.exe"

Updating Windows Defender Definitions

Windows Defender can automatically update online from Windows Update servers. If there is an internal WSUS server in your network, the antivirus can receive updates from it. You just need to make sure that the installation of updates has been approved on your WSUS server (the updates of Windows Defender antivirus databases are called Definition Updates in the WSUS console), and clients are targeted to the right WSUS server using GPO.

Windows Defender Definition Updates on wsus
In some cases, Windows Defender may work incorrectly after getting a broken update. Then it is recommended to reset current databases and re-download them again:

"%PROGRAMFILES%\Windows Defender\MPCMDRUN.exe" -RemoveDefinitions -All
"%PROGRAMFILES%\Windows Defender\MPCMDRUN.exe" –SignatureUpdate

Some reasons why Windows Defender doesn’t start in Windows 10 are described in the article Windows Defender Threat Service has stopped.

0 comment
1
Facebook Twitter Google + Pinterest
previous post
HP Printer Prints Only One Copy of Document
next post
How to Export (Backup) and Restore Device Drivers in Windows 10 and 8.1

Related Reading

Configuring SSO (Single Sign-On) Authentication on Windows Server...

January 29, 2019

How to Inject Drivers into a Windows 10...

January 15, 2019

How to Enable Access-Based Enumeration (ABE) on Windows...

January 8, 2019

Licensing Mode for Remote Desktop Session Host is...

December 7, 2018

Remote IIS Management in Windows Server 2016/2012 R2

November 30, 2018

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange
  • Windows 10
  • Windows 8
  • Windows 7
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2008 R2
  • PowerShell
  • VMWare
  • MS Office

Recent Posts

  • ESXi: Slow Disk Performance on HPE Gen8

    February 15, 2019
  • Integrating Windows Updates into Windows 10 Install Image

    February 12, 2019
  • Copying Large Files over an Unreliable Network Using BITS and PowerShell

    February 11, 2019
  • Fix: Clock Reverts to Wrong Time After Computer (Server) Reboot

    February 8, 2019
  • Fix: BSOD Error 0x0000007B on Boot on Windows 7 and Server 2008 R2

    February 7, 2019
  • How to Disable Automatic Driver Updates in Windows 10?

    February 6, 2019
  • WSUS Windows Update Error 0x80244010: Exceeded max server round trips

    January 31, 2019
  • Configuring SSO (Single Sign-On) Authentication on Windows Server RDS

    January 29, 2019
  • Unable to Start or Connect to Virtual Disk Service in Disk Management

    January 28, 2019
  • How to Inject Drivers into a Windows 10 WIM/ISO Install Image?

    January 15, 2019
woshub.com

Follow us

  • Facebook
  • Twitter
  • RSS
Popular Posts
  • SMB 1.0 Support in Windows Server 2012 R2 / Windows Server 2016
  • How to Upgrade Windows Server 2016 Evaluation to Full Version
  • How to Stop a Hung Virtual Machine on Hyper-V 2016
  • Unable to Connect RDP: CredSSP Encryption Oracle Remediation
  • User Profile Disks on Windows Server 2012 R2 / 2016 RDS
  • Configure Storage Spaces Direct (S2D) on Windows Server 2016
  • Windows XP Can’t RDP to Windows 10 / Server 2012R2/2016 RDS
Footer Logo

@2014 - 2018 - Windows OS Hub. All about operating systems for sysadmins


Back To Top