Windows Defender is integrated into Windows Server 2016 and is also activated by default. This can lead to problems if another managed virus scanner is installed. As most companies use a virus scanner from a third-party manufacturer (Symantec, Kaspersky, TrendMicro, Intel Security, etc.), it makes sense to uninstall Windows Defender.
The uninstallation can be carried out via the server manager:
Alternatively, Windows Defender can also be removed via Powershell:
Remove-WindowsFeature Windows-Defender-Features
After uninstalling, the server must be restarted.
Of course, Windows Defender can also be reinstalled in this way if required. Installation is also possible via Server Manager or PowerShell:
Add-WindowsFeature Windows-Defender-Features,Windows-Defender-Gui
In the case of an installed Windows Defender, signature updates are not installed automatically if the Windows Update settings provide for manual installation of the updates. In the following case, new signatures are not installed automatically:
In this case, signature updates can be installed automatically with a scheduled task. A new task can be created for this purpose, which is executed every hour:
The task then starts the signature update with the program:
"C:\Program Files\Windows Defender\MpCmdRun.exe -SignatureUpdate"
This means that updates for Windows Defender can also be installed via the command prompt:
Alternatively, the updates can also be carried out via PowerShell:
Update-MpSignature
If Windows Defender is used, it is essential to make appropriate exceptions depending on the application in order to avoid performance problems. Exceptions can also be easily configured via PowerShell:
Set-MpPreference -ExclusionExtension .edb,.log Set-MpPreference -ExclusionPath c:\Dir1,c:\Dir2 Set-MpPreference -ExclusionProcess proc1.exe,proc2.exe
I have already published a corresponding script for Exchange Server 2016 here:
https://www.frankysweb.de/exchange-2016-virenscanner-ausschlsse-script-fr-windows-defender/
Of course, the same applies to other services such as SQL Server.
Finally, a list of the available PowerShell CMDLets for Windows Defender:
- Add-MpPreference
- Get-MpComputerStatus
- Get-MpPreference
- Get-MpThreat
- Get-MpThreatCatalog
- Get-MpThreatDetection
- Remove-MpPreference
- Remove-MpThreat
- Set-MpPreference
- Start-MpScan
- Start-MpWDOScan
- Update-MpSignature
With the existing CMDLets, Windows Defender can also be adapted accordingly and tasks such as automatic virus scans and signature updates can be scheduled. Unfortunately, there is no clear report, but this can also be done using PowerShell.