Windows Server ships with Microsoft Defender. Microsoft has updated its documentation to reflect this position since Windows Server now includes Windows Defender.
As all of us know, Windows Defender is the free malware protection software pre-installed on Windows computers. Now the Windows Server operating system too, will ship with Windows Defender pre-installed and protect the Windows Server editions against known malware and regularly update its antimalware definitions through Windows Update.
Windows Server includes Microsoft Defender
Although Windows Defender will be installed, the user interface is not installed by default. You must manage Windows Defender using WMI, Windows PowerShell, or Group Policy.
To use the user interface for Windows Defender, you will have to activate it via the Control Panel Add Features functionality or the Install-WindowsFeature cmdlet.
But system administrators will be able to confirm and verify that it is running by running the following command:
sc query Windefend
If Windows Defender is running, the State value will display Running.
To be able to receive antimalware definition updates, you must have the Windows Update service running. If you use an update management service, like Windows Server Update Services (WSUS), you will have to ensure that updates for Windows Defender definitions are approved for the system.
If you wish to disable real-time monitoring, you can do so as follows:
Disable Microsoft Defender real-time monitoring in Windows Server
To disable real-time monitoring, start a Windows PowerShell console as an administrator run the following command, and hit Enter:
Set-MpPreference -DisableRealtimeMonitoring $true
Enable Windows Defender real-time monitoring
To enable real-time monitoring, open a Windows PowerShell console as an administrator run the following command, and hit Enter:
Set-MpPreference -DisableRealtimeMonitoring $false
For a detailed read, visit Microsoft.
