Bart's Weblog

Just a blog…

Windows Server 2016 and Windows Defender

Posted by bartvdw on 3030/0505/2018

Recently I was working on a recently deployed Windows Server 2016 and opened Task Manager for some reason. Windows Defender processes were taking away quite some CPU, and upon checking in the Settings panel noticed that all AV scanning features were enabled. The server had third-party AV installed though…

By default Windows Defender is installed on Windows Server 2016, but unlike Windows 10, it doesn’t disable the AV if a third-party AV is detected. Why this is, no idea.

In Windows Server 2016, Windows Defender AV will not disable itself if you are running another antivirus product.

 

Remove Windows Defender AV using PowerShell:

Uninstall-WindowsFeature -Name Windows-Defender,Windows-Defender-Gui -IncludeManagementTools -Restart:[$false|$True] [-Remove]

* A restart is required after the operation. If you use the -Remove switch, payload will be removed from the system as well.

 

This removes the Windows Defender AV from the system. Another approach could be to control the functionality through GPO.

 

References

Windows Defender Antivirus on Windows Server 2016
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

 
%d bloggers like this: