deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 06:47:21 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update windows-defender-antivirus-on-windows-server-2016.md

Browse Source
This commit is contained in:
Denise Vangel-MSFT 2020-02-25 14:41:37 -08:00
parent c597c5ddf6
commit b08e711a9c
1 changed files with 72 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

137
windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md
View File

@ -1,6 +1,6 @@
--- ---
title: Windows Defender Antivirus on Windows Server 2016 title: Windows Defender Antivirus on Windows Server 2016 and 2019
description: Enable and configure Windows Defender AV on Windows Server 2016 description: Enable and configure Windows Defender AV on Windows Server 2016 and 2019
keywords: windows defender, server, scep, system center endpoint protection, server 2016, current branch, server 2012 keywords: windows defender, server, scep, system center endpoint protection, server 2016, current branch, server 2012
search.product: eADQiWindows 10XVcnh search.product: eADQiWindows 10XVcnh
ms.pagetype: security ms.pagetype: security
@ -11,44 +11,47 @@ ms.pagetype: security
ms.localizationpriority: medium ms.localizationpriority: medium
author: denisebmsft author: denisebmsft
ms.author: deniseb ms.author: deniseb
ms.date: 09/10/2019 ms.date: 02/25/2020
ms.reviewer: ms.reviewer:
manager: dansimp manager: dansimp
--- ---
# Windows Defender Antivirus on Windows Server 2016 # Windows Defender Antivirus on Windows Server 2016 and 2019
**Applies to:** **Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
Windows Defender Antivirus is available on Windows Server 2016. In some instances it is referred to as Endpoint Protection - however, the protection engine is the same. Windows Defender Antivirus is available on Windows Server 2016 and Windows Server 2019. In some instances, Windows Defender Antivirus is referred to as Endpoint Protection; however, the protection engine is the same.
While the functionality, configuration, and management is largely the same for Windows Defender AV either on Windows 10 or Windows Server 2016, there are a few key differences: While the functionality, configuration, and management is largely the same for Windows Defender Antivirus on Windows 10, there are a few key differences on Windows Server 2016 or Windows Server 2019:
- In Windows Server 2016, [automatic exclusions](configure-server-exclusions-windows-defender-antivirus.md) are applied based on your defined Server Role. - In Windows Server, [automatic exclusions](configure-server-exclusions-windows-defender-antivirus.md) are applied based on your defined Server Role.
- In Windows Server 2016, Windows Defender AV will not disable itself if you are running another antivirus product. - In Windows Server, Windows Defender Antivirus will not disable itself if you are running another antivirus product.
This topic includes the following instructions for setting up and running Windows Defender AV on a server platform: The process of setting up and running Windows Defender Antivirus on a server platform includes several steps:
- [Enable the interface](#enable-or-disable-the-interface-on-windows-server-2016) 1. [Enable the interface](#enable-or-disable-the-user-interface-on-windows-server-2016-or-2019)
- [Verify Windows Defender AV is running](#verify-windows-defender-is-running) 2. [Install Windows Defender Anvirus]()
- [Update antimalware Security intelligence](#update-antimalware-security-intelligence) 2. [Verify Windows Defender Antivirus is running](#verify-windows-defender-is-running)
- [Submit Samples](#submit-samples) 3. [Update your antimalware Security intelligence](#update-antimalware-security-intelligence)
- [Configure automatic exclusions](#configure-automatic-exclusions) 4. (As needed) [Submit samples](#submit-samples)
## Enable or disable the interface on Windows Server 2016 5. (As needed) [Configure automatic exclusions](#configure-automatic-exclusions)
By default, Windows Defender AV is installed and functional on Windows Server 2016. The user interface is installed by default on some SKUs, but is not required.
6. (If needed) [Uninstall Windows Defender Antivirus](#need-to-uninstall-windows-defender-antivirus)
## Enable the user interface on Windows Server 2016 or 2019
By default, Windows Defender Antivirus is installed and functional on Windows Server 2016 and Windows Server 2019. The user interface is installed by default on some SKUs, but is not required. If the interface is not installed on your server, you can add it in the **Add Roles and Features Wizard** at the **Features** step, under **Windows Defender Features** by selecting the **GUI for Windows Defender** option.
>[!NOTE] >[!NOTE]
>You can't uninstall the Windows Security app, but you can disable the interface with these instructions. >You can't uninstall the Windows Security app, but you can disable the interface with these instructions.
If the interface is not installed, you can add it in the **Add Roles and Features Wizard** at the **Features** step, under **Windows Defender Features** by selecting the **GUI for Windows Defender** option.
![Add roles and feature wizard showing the GUI for Windows Defender option](images/server-add-gui.png) ![Add roles and feature wizard showing the GUI for Windows Defender option](images/server-add-gui.png)
See the [Install or uninstall roles, role services, or features](https://docs.microsoft.com/windows-server/administration/server-manager/install-or-uninstall-roles-role-services-or-features) topic for information on using the wizard. See the [Install or uninstall roles, role services, or features](https://docs.microsoft.com/windows-server/administration/server-manager/install-or-uninstall-roles-role-services-or-features) topic for information on using the wizard.
@ -66,51 +69,38 @@ To hide the interface, use the **Remove Roles and Features Wizard** and deselect
Uninstall-WindowsFeature -Name Windows-Defender-GUI Uninstall-WindowsFeature -Name Windows-Defender-GUI
``` ```
>[!IMPORTANT] >[!IMPORTANT]
> Windows Defender AV will still run normally without the user interface, but the user interface cannot be enabled if you disable the core **Windows Defender** feature. > Windows Defender AV will still run normally without the user interface, but the user interface cannot be enabled if you disable the core **Windows Defender** feature.
## Install or uninstall Windows Defender AV on Windows Server 2016 ## Install Windows Defender Antivirus on Windows Server 2016 or 2019
You can use the Add Roles and Features Wizard or PowerShell to install Windows Defender Antivirus.
You can also uninstall Windows Defender AV completely with the **Remove Roles and Features Wizard** by deselecting the **Windows Defender Features** option at the **Features** step in the wizard. ### Use the Add Roles and Features Wizard
This is useful if you have a third-party antivirus product installed on the machine already. Multiple AV products can cause problems when installed and actively running on the same machine. See the question "Should I run Microsoft security software at the same time as other security products?" on the [Windows Defender Security Intelligence Antivirus and antimalware software FAQ](https://www.microsoft.com/wdsi/help/antimalware-faq#multiple-products). 1. Refer to [this article](https://docs.microsoft.com/windows-server/administration/server-manager/install-or-uninstall-roles-role-services-or-features#install-roles-role-services-and-features-by-using-the-add-roles-and-features-wizard), and use the **Add Roles and Features Wizard**.
>[!NOTE] 2. When you get to the **Features** step of the wizard, select the Windows Defender Antivirus option. Also select the **GUI for Windows Defender** option.
>Deselecting **Windows Defender** on its own under the **Windows Defender Features** section will automatically prompt you to remove the interface option **GUI for Windows Defender**.
### Use PowerShell
The following PowerShell cmdlet will also uninstall Windows Defender AV on Windows Server 2016:
```PowerShell
Uninstall-WindowsFeature -Name Windows-Defender
```
To install Windows Defender AV again, use the **Add Roles and Features Wizard** and ensure the **Windows Defender** feature is selected. You can also enable the interface by selecting the **GUID for Windows Defender** option.
You can also use the following PowerShell cmdlet to install Windows Defender AV:
```PowerShell ```PowerShell
Install-WindowsFeature -Name Windows-Defender Install-WindowsFeature -Name Windows-Defender
``` ```
> [!TIP] > [!TIP]
> Event messages for the antimalware engine included with Windows Defender AV can be found in [Windows Defender AV Events](troubleshoot-windows-defender-antivirus.md). > Event messages for the antimalware engine included with Windows Defender Antivirus can be found in [Windows Defender AV Events](troubleshoot-windows-defender-antivirus.md).
## Verify Windows Defender is running ## Verify Windows Defender Antivirus is running
To verify that Windows Defender AV is running on the server, run the following PowerShell cmdlet: To verify that Windows Defender Antivirus is running on your server, run the following PowerShell cmdlet:
```PowerShell ```PowerShell
Get-Service -Name windefend Get-Service -Name windefend
``` ```
To verify that firewall protection through Windows Defender is turned on, run the following PowerShell cmdlet: To verify that firewall protection is turned on, run the following PowerShell cmdlet:
```PowerShell ```PowerShell
Get-Service -Name mpssvc Get-Service -Name mpssvc
@ -122,35 +112,28 @@ As an alternative to PowerShell, you can use Command Prompt to verify that Windo
sc query Windefend sc query Windefend
``` ```
The `sc query` command returns information about the Windows Defender service. If Windows Defender is running, the `STATE` value displays `RUNNING`. The `sc query` command returns information about the Windows Defender Antivirus service. When Windows Defender Antivirus is running, the `STATE` value displays `RUNNING`.
## Update antimalware Security intelligence ## Update antimalware Security intelligence
In order to get updated antimalware Security intelligence , you must have the Windows Update service running. If you use an update management service, like Windows Server Update Services (WSUS), make sure that updates for Windows Defender Antivirus Security intelligence are approved for the computers you manage. In order to get updated antimalware Security intelligence, you must have the Windows Update service running. If you use an update management service, like Windows Server Update Services (WSUS), make sure that updates for Windows Defender Antivirus Security intelligence are approved for the computers you manage.
By default, Windows Update does not download and install updates automatically on Windows Server 2016. You can change this configuration by using one of the following methods: By default, Windows Update does not download and install updates automatically on Windows Server 2016 or 2019. You can change this configuration by using one of the following methods:
- **Windows Update** in Control Panel.
- **Install updates automatically** results in all updates being automatically installed, including Windows Defender Security intelligence updates. |Method |Description |
|---------|---------|
- **Download updates but let me choose whether to install them** allows Windows Defender to download and install Security intelligence updates automatically, but other updates are not automatically installed. |**Windows Update** in Control Panel |- **Install updates automatically** results in all updates being automatically installed, including Windows Defender Security intelligence updates. <br/>- **Download updates but let me choose whether to install them** allows Windows Defender to download and install Security intelligence updates automatically, but other updates are not automatically installed. |
|**Group Policy** | You can set up and manage Windows Update by using the settings available in Group Policy, in the following path: **Administrative Templates\Windows Components\Windows Update\Configure Automatic Updates** |
- **Group Policy**. You can set up and manage Windows Update by using the settings available in Group Policy, in the following path: **Administrative Templates\Windows Components\Windows Update\Configure Automatic Updates** |The **AUOptions** registry key |The following two values allow Windows Update to automatically download and install Security intelligence updates: <br/>- **4** Install updates automatically. This value results in all updates being automatically installed, including Windows Defender Security intelligence updates. <br/>- **3** Download updates but let me choose whether to install them. This value allows Windows Defender to download and install Security intelligence updates automatically, but other updates are not automatically installed. |
- The **AUOptions** registry key. The following two values allow Windows Update to automatically download and install Security intelligence updates.
- **4** Install updates automatically. This value results in all updates being automatically installed, including Windows Defender Security intelligence updates.
- **3** Download updates but let me choose whether to install them. This value allows Windows Defender to download and install Security intelligence updates automatically, but other updates are not automatically installed.
To ensure that protection from malware is maintained, we recommend that you enable the following services: To ensure that protection from malware is maintained, we recommend that you enable the following services:
- Windows Error Reporting service - Windows Error Reporting service
- Windows Update service - Windows Update service
The following table lists the services for Windows Defender and the dependent services. The following table lists the services for Windows Defender Antivirus and the dependent services.
|Service Name|File Location|Description| |Service Name|File Location|Description|
|--------|---------|--------| |--------|---------|--------|
@ -169,13 +152,13 @@ We collect program executable files, such as .exe files and .dll files. We do no
To enable automatic sample submission, start a Windows PowerShell console as an administrator, and set the **SubmitSamplesConsent** value data according to one of the following settings: To enable automatic sample submission, start a Windows PowerShell console as an administrator, and set the **SubmitSamplesConsent** value data according to one of the following settings:
- **0** Always prompt. The Windows Defender service prompts you to confirm submission of all required files. This is the default setting for Windows Defender, but is not recommended for Windows Server 2016 installations without a GUI.
- **1** Send safe samples automatically. The Windows Defender service sends all files marked as "safe" and prompts for the remainder of the files. |Setting |Description |
|---------|---------|
- **2** Never send. The Windows Defender service does not prompt and does not send any files. |**0** Always prompt. |The Windows Defender Antivirus service prompts you to confirm submission of all required files. This is the default setting for Windows Defender Antivirus, but is not recommended for installations on Windows Server 2016 or 2019 without a GUI. |
|**1** Send safe samples automatically. |The Windows Defender Antivirus service sends all files marked as "safe" and prompts for the remainder of the files. |
- **3** Send all samples automatically. The Windows Defender service sends all files without a prompt for confirmation. |**2** Never send. |The Windows Defender Antivirus service does not prompt and does not send any files. |
|**3** Send all samples automatically. |The Windows Defender Antivirus service sends all files without a prompt for confirmation. |
## Configure automatic exclusions ## Configure automatic exclusions
@ -183,6 +166,30 @@ To help ensure security and performance, certain exclusions are automatically ad
See the [Configure exclusions in Windows Defender AV on Windows Server](configure-server-exclusions-windows-defender-antivirus.md) topic for more information. See the [Configure exclusions in Windows Defender AV on Windows Server](configure-server-exclusions-windows-defender-antivirus.md) topic for more information.
## Need to uninstall Windows Defender Antivirus?
If you are using a third-party antivirus solution and you're running into issues with that solution and Windows Defender Antivirus, you can consider uninstalling Windows Defender Antivirus. Before you do that, review the following resources:
- See the question "Should I run Microsoft security software at the same time as other security products?" on the [Windows Defender Security Intelligence Antivirus and antimalware software FAQ](https://www.microsoft.com/wdsi/help/antimalware-faq#multiple-products).
- See [Better together: Windows Defender Antivirus and Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/why-use-microsoft-antivirus). This article describes 10 advantages to using Windows Defender Antivirus together with Microsoft Defender Advanced Threat Protection.
If you determine you do want to uninstall Windows Defender Antivirus, follow these steps:
### Uninstall Windows Defender Antivirus using the Remove Roles and Features wizard
1. Refer to [this article](https://docs.microsoft.com/windows-server/administration/server-manager/install-or-uninstall-roles-role-services-or-features#remove-roles-role-services-and-features-by-using-the-remove-roles-and-features-wizard), and use the **Remove Roles and Features Wizard**.
2. When you get to the **Features** step of the wizard, unselect the **Windows Defender Features** option. If you unselect **Windows Defender** by itself under the **Windows Defender Features** section, you will be prompted to remove the interface option **GUI for Windows Defender**.
### Uninstall Windows Defender Antivirus using PowerShell
The following PowerShell cmdlet will also uninstall Windows Defender AV on Windows Server 2016:
```PowerShell
Uninstall-WindowsFeature -Name Windows-Defender
```
## Related topics ## Related topics
- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) - [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)