Windows OS Hub
  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange

 Windows OS Hub / Windows Server 2016 / Windows Defender Antivirus on Windows Server 2016

July 30, 2018 Windows Server 2016

Windows Defender Antivirus on Windows Server 2016

In Windows Server 2016 there is a built-in native Microsoft antivirus — Windows Defender, which is installed and enabled by default. In this article we’ll look at the features of Windows Defender in Windows Server 2016.

Contents:
  • Windows Defender GUI
  • How to Uninstall Windows Defender on Windows Server 2016
  • Managing Windows Defender Using PowerShell Commands
  • How to Exclude files and Folder from Windows Defender Scans
  • Updating Windows Defender Definitions

Windows Defender GUI

By default, only the Windows Defender anti-virus engine is installed in Windows Server. To install the graphic interface of the Defender, install the server component GUI for Windows Defender using the Server Manager console (it is located in Windows Defender Features section).

Install Windows feature - GUI for Windows Defender

You can enable the Defender GUI using PowerShell:

Install-WindowsFeature -Name Windows-Defender-GUI

Windows Defender GUI on WIndows Server 2016

To uninstall the Defender graphic console, the following PowerShell command is used:
Uninstall-WindowsFeature -Name Windows-Defender-GUI

How to Uninstall Windows Defender on Windows Server 2016

In Windows 10, when you install any third-party antivirus (McAfee, Avast, Kaspersky, Symantec, etc.), the built-in Windows Defender is disabled. However, it doesn’t happen in Windows Server 2016. You have to disable the integrated antivirus engine manually (in most cases, it is not recommended to use several antivirus programs at a time on one computer or server).

You can uninstall Windows Defender in Windows Server 2016 using Server Manager or with the following command:

Uninstall-WindowsFeature -Name Windows-Defender

The component is installed with the following command:

Add-WindowsFeature Windows-Defender-Features,Windows-Defender-GUI

Add-WindowsFeature Windows-Defender-Features,Windows-Defender-GUI

Managing Windows Defender Using PowerShell Commands

Let’s consider typical PowerShell commands to manage Windows Defender.

You can make sure if Windows Defender service is running using this PowerShell command:

Get-Service WinDefend

Get-Service WinDefend - get service status

As you can see, the service is started (Status – Running)

You can display the current status and settings of Defender using the following cmdlet:

Get-MpComputerStatus

Get-MpComputerStatus - get defender settings and stats

The cmdlet displays the version and the date of the latest antivirus database update, enabled components, the time of the last scan, etc.

You can disable Windows Defender real time protection as follows:

Set-MpPreference -DisableRealtimeMonitoring $true

After running this command, the antivirus won’t scan all files processed by the system on the go.

This is how you enable real time protection:

Set-MpPreference -DisableRealtimeMonitoring $false

For example, you need to enable AV scanning for external USB storage devices. Get the current settings with command:

Get-MpPreference | fl disable*

If the USB drive scanning is disabled (DisableRemovableDriveScanning = True), you can enable the scan using the command:

Set-MpPreference -DisableRemovableDriveScanning $false

A complete list of Defender module cmdlets can be displayed with the command:

Get-Command -Module Defender

How to Exclude files and Folder from Windows Defender Scans

You can set the list of exclusions – these are names, file extensions, directories to be excluded from the automatic Windows Defender scan. The peculiarity of Windows Defender in Windows Server 2016 is the automatically generated list of exclusions applied depending on the installed server roles. You must admit that it is logical to exclude the files of virtual and differencing disks, VHDS disks (*.vhd, *.vhdx, *.avhd), snapshots and other virtual machine files from the antivirus check if the Hyper-V role is installed.

To add the specific directories to the exclusion list of the antivirus manually, run this command:

Set-MpPreference -ExclusionPath "C:\Test", "C:\VM", "C:\Nano"

To exclude the antivirus check of certain processes use the following command:

Set-MpPreference -ExclusionProcess "vmms.exe", "Vmwp.exe"

Updating Windows Defender Definitions

Windows Defender can automatically update online from Windows Update servers. If there is an internal WSUS server in your network, the antivirus can receive updates from it. You just need to make sure that the installation of updates has been approved on your WSUS server (the updates of Windows Defender antivirus databases are called Definition Updates in the WSUS console), and clients are targeted to the right WSUS server using GPO.

Windows Defender Definition Updates on wsus
In some cases, Windows Defender may work incorrectly after getting a broken update. Then it is recommended to reset current databases and re-download them again:

"%PROGRAMFILES%\Windows Defender\MPCMDRUN.exe" -RemoveDefinitions -All
"%PROGRAMFILES%\Windows Defender\MPCMDRUN.exe" –SignatureUpdate

Some reasons why Windows Defender doesn’t start in Windows 10 are described in the article Windows Defender Threat Service has stopped.

0 comment
1
Facebook Twitter Google + Pinterest
previous post
HP Printer Prints Only One Copy of Document
next post
How to Export (Backup) and Restore Device Drivers in Windows 10 and 8.1

Related Reading

How to Configure and Connect an iSCSI Disk...

January 26, 2021

Preparing Windows for Adobe Flash End of Life...

January 22, 2021

How to Disable/Remove Thumbs.db File on Network Folders...

January 21, 2021

USB Device Passthrough (Redirect) to Hyper-V Virtual Machine

January 15, 2021

How to Enable and Configure User Disk Quotas...

December 23, 2020

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange
  • Windows 10
  • Windows 8
  • Windows 7
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2008 R2
  • PowerShell
  • VMWare
  • MS Office

Recent Posts

  • How to Configure and Connect an iSCSI Disk on Windows Server?

    January 26, 2021
  • Preparing Windows for Adobe Flash End of Life on December 31, 2020

    January 22, 2021
  • Checking User Logon History in Active Directory Domain with PowerShell

    January 22, 2021
  • How to Disable/Remove Thumbs.db File on Network Folders in Windows?

    January 21, 2021
  • MS SQL Server 2019 Installation Guide: Basic Settings and Recommendations

    January 19, 2021
  • USB Device Passthrough (Redirect) to Hyper-V Virtual Machine

    January 15, 2021
  • Windows 10: No Internet Connection After Connecting to VPN Server

    January 13, 2021
  • Updating the PowerShell Version on Windows

    December 24, 2020
  • How to Enable and Configure User Disk Quotas in Windows?

    December 23, 2020
  • Restoring Deleted Active Directory Objects/Users

    December 21, 2020

Follow us

woshub.com
  • Facebook
  • Twitter
  • RSS
Popular Posts
  • How to Run Program without Admin Privileges and to Bypass UAC Prompt?
  • Updating List of Trusted Root Certificates in Windows 10/8.1/7
  • How to Upgrade Windows Server 2019/2016 Evaluation to Full Version?
  • Installing SFTP (SSH FTP) Server on Windows with OpenSSH
  • Managing Printers and Drivers with PowerShell in Windows 10 / Server 2016
  • SMB 1.0 Support in Windows Server 2012 R2 / Windows Server 2016
  • PSWindowsUpdate: Managing Windows Updates from PowerShell
Footer Logo

@2014 - 2018 - Windows OS Hub. All about operating systems for sysadmins


Back To Top