Best Windows Server 2025 Defender Antivirus Configuration

This guide provides a comprehensive overview of setting up and configuring Best Windows Server 2025 Defender Antivirus Configuration. Microsoft Defender Antivirus is a native security solution designed to protect Windows Server 2025 from a wide array of threats, including malware, viruses, and other malicious software.

By default, Microsoft Defender Antivirus is installed on Windows Server 2025. However, it might not be enabled or configured optimally. This guide, adapted from Orcacore, walks you through the necessary steps to enable and configure Microsoft Defender Antivirus, ensuring robust protection for your Windows Server 2025 environment.

To begin the Best Windows Server 2025 Defender Antivirus Configuration, log in to your Windows Server and follow the steps outlined below.

You can also check this Video Tutorial:

1. Enable Microsoft Defender Antivirus Interface

To enable Windows Defender on Windows Server 2025, you need to open the Server Manager and follow these steps.

First, navigate to the Add Roles and Features from your Server Manager.

Then, you can proceed through the wizard by default options until you reach the Features step. You need to choose Microsoft Windows Defender and click Next.

Next, click Install to enable Defender Antivirus. Wait until your installation is completed.

Once it is completed, click on Close and Restart your system to apply the changes.

2. Verify Microsoft Defender Antivirus is Running

At this point, you need to ensure that Microsoft Defender Antivirus is active and running on Windows Server 2025. Open PowerShell as an Administrator and run the following command:

Get-Service -Name windefend

In your output, you should see:

Also, you can use Command Prompt by running the command below:

sc query Windefend

In your output, you should see:

3. Security Intelligence Update for Microsoft Defender Antivirus

Keeping Microsoft Defender Antivirus updated is very important because new viruses and threats appear every day. If your antivirus is not updated, it might not recognize new threats, making your server vulnerable to attacks. Here’s how you can make sure your antivirus stays updated:

Enable Windows Update

Windows Update automatically downloads and installs the latest security updates. You need to make sure the Windows Update service is turned on so your antivirus can receive new virus definitions.

To verify your Windows Update, open Services on your server, look for Windows Update, and ensure it is running.

Use Windows Server Update Services (WSUS) (Optional)

If your organization manages updates manually, your IT team might use WSUS (Windows Server Update Services). If WSUS is in use, you need to make sure that Microsoft Defender Antivirus updates are approved and installed regularly. This ensures all servers in your network stay protected with the latest security intelligence.

By following these steps, you ensure that Microsoft Defender Antivirus always has the latest tools to detect and remove threats, keeping your Windows Server 2025 secure.

4. Configure Automatic Sample Submission

Microsoft Defender Antivirus has a feature called Automatic Sample Submission, which helps Microsoft quickly detect and respond to new threats. When your server encounters a suspicious file, it can send a copy of that file to Microsoft for analysis. This helps improve antivirus protection for everyone by identifying new viruses and malware faster.

Enable Automatic Sample Submission

To enable this option, open Windows PowerShell as Administrator and run the following command:

Set-MpPreference -SubmitSamplesConsent <value>

Replace <value> with one of the following numbers based on your needs:

• 0: Always prompt.
• 1: Send safe samples automatically.
• 2: Never send.
• 3: Send all samples automatically.

Note: If you are managing a Windows Server, it is best to choose option 1 or 3.

Disable Automatic Sample Submission

If you do not want your Windows Server to send suspicious files to Microsoft for analysis, you can disable Automatic Sample Submission using PowerShell. For this purpose, run PowerShell as an administrator and use the following command:

Set-MpPreference -SubmitSamplesConsent 2

This sets the submission preference to “Never send”, meaning no files will be shared with Microsoft.

5. Automatic Exclusions in Microsoft Defender Antivirus

Microsoft Defender Antivirus is designed to protect your Windows Server from viruses and other threats. However, scanning every single file can sometimes slow down the server, especially if certain files or folders are safe and necessary for your system to run properly.

To prevent this, Microsoft Defender automatically excludes (ignores) certain files, folders, and processes that are important for Windows Server. This helps improve performance and avoids unnecessary scans on system files.

You need to be careful when adding exclusions! Only exclude files or folders that you are 100% sure are safe. If you exclude the wrong files, your server could be at risk of malware attacks.

For more details, you can check Microsoft’s official documentation on configuring exclusions.

6. Use Another Antivirus with Microsoft Defender Passive Mode

If you are using a different antivirus program instead of Microsoft Defender Antivirus, you don’t need to completely turn off Defender. Instead, you can put it in Passive Mode so it doesn’t interfere with your main antivirus.

To put Microsoft Defender Antivirus in Passive Mode, click on the Start menu, type Registry Editor, and open it as Administrator.

In Registry Editor, navigate to the following path:

HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows Advanced Threat Protection

From there, you need to look for a setting called ForceDefenderPassiveMode. If it already exists, double-click it and change its value to 1.

If it does not exist, you need to create it. Right-click on the Windows Advanced Threat Protection folder.
Select the New > DWORD (32-bit) Value, name it ForceDefenderPassiveMode, and set its value to 1.

After making the changes, restart your server for them to take effect.

By following these steps, your third-party antivirus and Microsoft Defender Antivirus can work together without problems. Configuring the Best Windows Server 2025 Defender Antivirus Configuration is essential for optimal server security.

Alternative Solutions for Managing Defender Antivirus

While the previous steps offer a detailed approach to configuring Microsoft Defender Antivirus, there are alternative methods that can be used, particularly for managing Defender across multiple servers or for more advanced configurations. Here are two different ways to solve the problem of configuring and managing Defender Antivirus in Windows Server 2025.

1. Group Policy Management:

Group Policy provides a centralized way to manage and configure settings for computers and users in an Active Directory environment. Instead of configuring each server individually, you can create a Group Policy Object (GPO) and apply it to the Organizational Unit (OU) containing your Windows Server 2025 servers.

• Explanation: Group Policy allows you to define security settings, including Defender Antivirus configurations, and automatically apply them to all servers within the designated OU. This simplifies management and ensures consistent security policies across your server infrastructure.

• Steps:

  1. Open Group Policy Management Console (GPMC) on a domain controller.
  2. Create a new GPO or edit an existing one that applies to your Windows Server 2025 OU.
  3. Navigate to Computer Configuration > Policies > Administrative Templates > Windows Components > Microsoft Defender Antivirus.
  4. Configure the desired settings, such as real-time protection, scan settings, exclusions, and update settings. For example, to configure real-time protection, double-click "Turn on real-time protection" and select "Enabled."
  5. Link the GPO to the OU containing your Windows Server 2025 servers.
  6. Force a Group Policy update on the servers using the gpupdate /force command in Command Prompt.

• Benefits: Centralized management, consistent policies, automated deployment of settings.

2. PowerShell Desired State Configuration (DSC):

PowerShell DSC is a management platform that allows you to define the desired state of your servers and automatically enforce that state. You can use DSC to configure Defender Antivirus settings, ensuring that all servers maintain the required security configuration.

• Explanation: DSC uses configuration files to define the desired state of your system. You can specify the required settings for Defender Antivirus, and DSC will automatically configure the servers to match that state. If any settings drift from the desired state, DSC will automatically correct them.

• Code Example:

  Configuration DefenderAntivirusSettings
  {
      Node localhost
      {
          # Ensure Defender Antivirus is enabled
          Service Windefend
          {
              Name = 'Windefend'
              State = 'Running'
              StartupType = 'Automatic'
          }
  
          # Configure real-time protection
          Registry RealTimeProtection
          {
              Key = 'HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderReal-Time Protection'
              ValueName = 'DisableRealtimeMonitoring'
              ValueData = 0
              ValueType = 'DWord'
              Ensure = 'Present'
          }
  
          # Configure exclusion path (example)
          Registry ExclusionPath
          {
              Key = 'HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderExclusionsPaths'
              ValueName = 'C:ExampleFolder'
              ValueData = 0
              ValueType = 'DWord'
              Ensure = 'Present'
          }
      }
  }
  
  # Generate the configuration MOF file
  DefenderAntivirusSettings
  
  # Apply the configuration
  Start-DscConfiguration -Path .DefenderAntivirusSettings -Wait -Verbose

• Explanation of Code:

  • The Configuration block defines the DSC configuration.
  • The Node block specifies the target node (in this case, localhost, but this can be expanded to multiple nodes).
  • The Service resource ensures the Defender Antivirus service (Windefend) is running and set to automatic startup.
  • The Registry resources configure registry settings to enable real-time protection and set exclusion paths. The Ensure = 'Present' ensures that the specified registry key exists with the provided data.

• Benefits: Automated configuration, desired state enforcement, simplified management of complex settings.

Both Group Policy and PowerShell DSC offer powerful alternatives to manual configuration, allowing for centralized management and consistent security policies across your Windows Server 2025 environment.

Conclusion

Turning on and setting up Best Windows Server 2025 Defender Antivirus Configuration is easy and helps keep your server safe from viruses and other threats. By following the steps above, you make sure that your server stays protected from new dangers while still running smoothly and efficiently. Configuring the Best Windows Server 2025 Defender Antivirus Configuration is paramount.

Hope you enjoy it. Please subscribe to us on Facebook, Instagram, and YouTube.

You may also like to read the following articles:

Install Hyper-V on Windows Server 2025

Set up Visual Studio on Windows Server 2025

OpenSSL Setup on Windows Server 2025

Enable and Configure IIS on Windows Server 2025

Windows Server 2025 FTP Setup and Add FTP Site

OpenSSH 10 with quantum-safe key encryption

FAQs