Bart's Weblog

Just a blog…

Archive for the ‘Windows Defender’ Category

Windows Server 2016 and Windows Defender

Posted by bartvdw on 3030/0505/2018

Recently I was working on a recently deployed Windows Server 2016 and opened Task Manager for some reason. Windows Defender processes were taking away quite some CPU, and upon checking in the Settings panel noticed that all AV scanning features were enabled. The server had third-party AV installed though…

By default Windows Defender is installed on Windows Server 2016, but unlike Windows 10, it doesn’t disable the AV if a third-party AV is detected. Why this is, no idea.

In Windows Server 2016, Windows Defender AV will not disable itself if you are running another antivirus product.

 

Remove Windows Defender AV using PowerShell:

Uninstall-WindowsFeature -Name Windows-Defender,Windows-Defender-Gui -IncludeManagementTools -Restart:[$false|$True] [-Remove]

* A restart is required after the operation. If you use the -Remove switch, payload will be removed from the system as well.

 

This removes the Windows Defender AV from the system. Another approach could be to control the functionality through GPO.

 

References

Windows Defender Antivirus on Windows Server 2016
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016

 

 

Advertisements

Posted in AV, Microsoft, Security, Windows, Windows Defender, Windows Server 2016 | Leave a Comment »