Shulou(Shulou.com)06/03 Report--

Windows Defender antivirus works with Windows Server 2016. In some cases it is called Endpoint Protection, but the protection engine is the same.

Although Windows Defender AV on Windows 10 and Windows Server 2016 is roughly the same in terms of functionality, configuration, and management, there are some key differences:

In Windows Server 2016, automatic exclusions are applied based on defined server roles.

In Windows Server 2016, Windows Defender AV cannot disable itself if you run other antivirus products.

1. Enables or disables the interface on Windows Server 2016.

By default, Windows Defender AV is installed and running properly on Windows Server 2016. The user interface is installed by default on some SKU, but is not required.

Note: you cannot uninstall the Windows Security Center application, but you can disable the interfaces in these instructions.

If the interface is not installed, you can add it by selecting the GUI option of Windows Defender under the Windows Defender feature of the feature step in the add roles and Features wizard.

The following PowerShell cmdlet also enables this interface:

Install-WindowsFeature-Name Windows-Defender-GUI

To hide the interface, use the remove roles and Features wizard and deselect the GUI option for Windows Defender in the feature step, or use the following PowerShell cmdlet:

Uninstall-WindowsFeature-Name Windows-Defender-GUI

Important: Windows Defender AV will continue to run without the user interface, but the user interface cannot be enabled if the core Windows Defender feature is disabled.

two。 Install or uninstall Windows Defender AV on Windows Server 2016

You can also use the remove roles and Features wizard to completely uninstall Windows Defender AV by deselecting the Windows Defender feature option in the function steps in the wizard.

This is useful if you have installed a third-party antivirus product on your computer. Problems may occur when installing and actively running multiple AV products on the same computer.

The following PowerShell cmdlet also uninstalls Windows Defender AV on Windows Server 2016:

Uninstall-WindowsFeature-Name Windows-Defender

To reinstall Windows Defender AV, use the add roles and Features wizard and make sure that the Windows Defender feature is selected. You can also enable the interface by selecting the GUID option of Windows Defender.

You can also install Windows Defender AV using the following PowerShell cmdlet:

Install-WindowsFeature-Name Windows-Defender

Tip: event messages for the anti-malware engine included in Windows Defender AV can be found in the Windows Defender AV event.

3. Verify that Windows Defender is running

To verify that Windows Defender AV is running on the server, run the following command at the command prompt:

Sc query Windefend4. Update anti-malware definition

In order to get an updated anti-malware definition, you must keep the Windows update service running. If you use an update management service like Windows Server Update Services (WSUS), make sure that updates to the Windows Defender AV definition are approved for the computer you manage.

By default, Windows updates do not automatically download and install updates on Windows Server 2016. You can use one of the following methods to change this configuration:

Windows updates in the control panel.

Automatic installation of updates causes all updates, including Windows Defender definition updates, to be installed automatically.

Download updates, but let me choose whether or not to install updates that allow Windows Defender to download and install definition updates automatically, but not other updates.

Group Policy. You can set and manage Windows updates by using the path management template\ Windows components\ Windows updates\ configure the settings in Group Policy under automatic updates.

AUOptions registry key. The following two values allow Windows updates to automatically download and install definition updates.

4 automatically install updates. This value causes all updates, including Windows Defender definition updates, to be automatically installed.

Download the update, but let me choose whether or not to install the update. This value allows Windows Defender to automatically download and install definition updates, but does not automatically install other updates.

To ensure that malware protection is always available, we recommend that the following services be enabled:

Windows error reporting Service

Windows Update Service

The following table lists the services of Windows Defender and related services.

Service name

File location

Description

Windows Defender Service (Windefend)

C:\ Program Files\ Windows Defender\ MsMpEng.exe

This is the primary Windows Defender antivirus service that needs to be run all the time.

Windows error reporting Service (Wersvc)

C:\ WINDOWS\ System32\ svchost.exe-k WerSvcGroup

This service sends error reports back to Microsoft.

Windows Defender Firewall (MpsSvc)

C:\ WINDOWS\ system32\ svchost.exe-k LocalServiceNoNetwork

We recommend that you keep the Windows Defender Firewall service enabled.

Windows updates (Wuauserv)

C:\ WINDOWS\ system32\ svchost.exe-k netsvcs

Definition updates and anti-malware engine updates need to be obtained through Windows updates

5. Submit a sample

Sample submission allows Microsoft to collect potential malware examples. To help provide continuous and up-to-date protection, Microsoft researchers use these examples to analyze suspicious activity and generate updated anti-malware definitions.

We collect program executables (such as .exe files and .dll files). We do not collect files that contain personal data, such as Microsoft Word documents and PDF files.

Enable automatic sample submission

To enable automatic sample submission, start the Windows PowerShell console as an administrator and set the SubmitSamplesConsent numeric data according to one of the following settings:

0 is always prompted. The Windows Defender service will prompt you to confirm the submission of all required documents. This is the default setting for Windows Defender, but it is not recommended when installing Windows Server 2016 without GUI.

1 automatically send security examples. The Windows Defender service sends all files marked as secure and prompts for the rest of the file.

2 never send. The Windows Defender service does not prompt and will not send any files.

3 automatically send all examples. The Windows Defender service will send all files without sending a confirmation prompt.

6. Configure automatic exclusion

To help ensure security and performance, when using Windows Defender AV on Server 2016, certain exclusions are automatically added based on the roles and features you install.

Sample submission allows Microsoft to collect potential malware examples. To help provide continuous and up-to-date protection, Microsoft researchers use these examples to analyze suspicious activity and generate updated anti-malware definitions.

We collect program executables (such as .exe files and .dll files). We do not collect files that contain personal data, such as Microsoft Word documents and PDF files.

7. Configure automatic exclusion

To help ensure security and performance, when using Windows Defender AV on Server 2016, certain exclusions are automatically added based on the roles and features you install.

Welcome to the official account of Wechat: Xiao Wen study Society.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.