Windows Defender, Microsoft's long-standing malware protection component of the Windows client, will now come as a default installation of the next version of Windows Server.
The next version of Windows Server is currently in Technical Preview, and those that have it installed for testing might not immediately be aware that Windows Defender is running. Windows Defender is installed and running by default and can only be recognized through a glance through the running services. In this version for Windows Server, Microsoft decided to simply install the service without also supplying the interface required to view and manage the service. Who needs a UI on a server, right?
The UI can be installed, you just need to go through the Add Roles and Features Wizard or install it using the standard PowerShell command Install-WindowsFeature. Microsoft's intent for not including the UI by default was to allow administrators to manage the server using WMI, PowerShell, or Group Policy instead. In addition, if you want to use a different product for antimalware services, or just want to uninstall Windows Defender for Windows Server, you'll have to use the aforementioned options to accomplish it.
The PowerShell cmdlets for Windows Server haven't changed since released for Windows Server 2012 R2 and Windows 8.1. The same cmdlets are utilized for the next version of Windows Server, though I expect new functionality will be added over time. The full set of PowerShell cmdlets for Windows Defender are:
- Add-MpPreference – modify settings
- Get-MpComputerStatus – shows status of Defender
- Get-MpPreference – shows current Defender preferences
- Get-MpThreat – shows the threat history
- Get-MpThreatCatalog – shows known threats
- Get-MpThreatDetection – shows history of threats detected by Defender
- Remove-MpPreference – configures exclusions and default actions
- Remove-MpThreat – removes active threats
- Set-MpPreference – configures scans and updates
- Start-MpScan – initiates a scan
- Update-MpSignature – forces a signature file update
Just like the Windows client version, Windows Defender for Windows Server requires a connection to Windows Update to get update antimalware definitions, so the Windows Update service must be constantly running. During the Technical Preview, these updates are not downloaded and installed automatically, which is a bit strange. And, just like the Windows client version, you have to jump into the Windows Update component in Control Panel to adjust the settings, again, like the client piece, choosing to install automatically or download and notify for installation.
The following services are required to be running for Windows Defender for Windows Server to operate correctly:
- Windows Defender Service
- Windows Defender Network Inspection service
- Windows Error Reporting service
- Windows Firewall
- Windows Update service