On your Windows Server endpoint, run the following PowerShell cmdlet:. To do that, run the following command from a command prompt:. The sc query command returns information about the Microsoft Defender Antivirus service. To get updated antimalware security intelligence, you must have the Windows Update service running. You can change this configuration by using one of the following methods:. To ensure that protection from malware is maintained, we recommend that you enable the following services:.
The following table lists the services for Microsoft Defender Antivirus and the dependent services. Sample submission allows Microsoft to collect samples of potentially malicious software. To help provide continued and up-to-date protection, Microsoft researchers use these samples to analyze suspicious activities and produce updated antimalware Security intelligence.
We collect program executable files, such as. To enable automatic sample submission, start a Windows PowerShell console as an administrator, and set the SubmitSamplesConsent value data according to one of the following settings:. Privacy policy. Microsoft Defender Antivirus on Windows Server and Windows Server automatically enrolls you in certain exclusions, as defined by your specified server role.
These exclusions do not appear in the standard exclusion lists that are shown in the Windows Security app. In addition to server role-defined automatic exclusions, you can add or remove custom exclusions. To do that, refer to these articles:. This article provides an overview of exclusions for Microsoft Defender Antivirus on Windows Server or later. Because Microsoft Defender Antivirus is built into Windows Server and later, exclusions for operating system files and server roles happen automatically.
However, you can define custom exclusions. You can also opt out of automatic exclusions if necessary. Because Microsoft Defender Antivirus is built in, it does not require exclusions for operating system files on Windows Server or later.
In addition, when you run Windows Server or later and install a role, Microsoft Defender Antivirus includes automatic exclusions for the server role and any files that are added while installing the role.
Operating system exclusions and server role exclusions do not appear in the standard exclusion lists that are shown in the Windows Security app.
Automatic exclusions for server roles and operating system files do not apply to Windows Server Automatic exclusions can apply if your servers running Windows Server R2 are onboarded to Defender for Endpoint. Set its value to 1 which sets the registry key's value to true , and select Hexadecimal for its base. In those cases, set Microsoft Defender Antivirus to passive mode to prevent problems caused by having multiple antivirus products installed on a server.
For passive mode to work on endpoints running Windows Server and Windows Server R2, those endpoints must be onboarded with the modern, unified solution described in Onboard Windows servers.
Defender for Endpoint includes capabilities that further extend the antivirus protection that is installed on your endpoint. You can benefit from running Microsoft Defender Antivirus alongside another antivirus solution. For example, Endpoint detection and response EDR in block mode provides added protection from malicious artifacts even if Microsoft Defender Antivirus is not the primary antivirus product. Such capabilities require Microsoft Defender Antivirus to be installed and running in passive mode or active mode.
In order for Microsoft Defender Antivirus to run in passive mode, endpoints must meet the following requirements:. Defender for Endpoint affects whether Microsoft Defender Antivirus can run in passive mode. Microsoft Defender Antivirus can affect certain capabilities in Defender for Endpoint, too. For example, real-time protection works when Microsoft Defender Antivirus is in active or passive mode, but not when Microsoft Defender Antivirus is disabled or uninstalled.
The following table is designed to be informational only. Do not turn off capabilities , such as real-time protection, cloud-delivered protection, or limited periodic scanning if you are using Microsoft Defender Antivirus in passive mode, or if you are using EDR in block mode , which works behind the scenes to detect and remediate malicious artifacts that were detected post-breach.
Microsoft Endpoint data loss prevention protection continues to operate normally when Microsoft Defender Antivirus is in either active or passive mode. Do not disable, stop, or modify any of the associated services that are used by Microsoft Defender Antivirus, Defender for Endpoint, or the Windows Security app. Manually modifying these services can cause severe instability on your devices and can make your network vulnerable. Disabling, stopping, or modifying those services can also cause problems when using non-Microsoft antivirus solutions and how their information is displayed in the Windows Security app.
EDR in block mode detects and remediate malicious items that are found on the device post breach. To learn more, see EDR in block mode.
You can use one of several methods to confirm the state of Microsoft Defender Antivirus, as described in the following table:. Exclude the following files.
Note Settings for specific file exclusions is documented here for completeness. By default, these folders allow access only to System and Administrators. Please verify that the correct protections are in place. This attribute contains the path to the actual location that DFS replication uses to stage files. Exclude the following files from this folder and all its subfolders:.
Turn off scanning of files in the DFSR database and working folders. The location is specified by the following registry subkey:. In this example, the path would contain "Domain System Volume. By default, DHCP files that should be excluded are present in the following folder on the server:. The location of DHCP files can be changed. In some scenarios, on a Windows Server based computer that has the Hyper-V role installed or on a Microsoft Hyper-V Server or on a Microsoft Hyper-V Server R2-based computer, it may be necessary to configure the real-time scanning component within the antivirus software to exclude files and entire folders.
Windows More Need more help? Expand your skills. Get new features first. Was this information helpful? Yes No. Thank you! Any more feedback? The more you tell us the more we can help. Can you help us improve? Resolved my issue.
0コメント