Share your love
Best Windows Server 2025 Defender Antivirus Configuration
This guide will show you a full Windows Server 2025 Defender Antivirus Configuration Setup. As you must know, Microsoft Defender Antivirus is a built-in security solution which protects Windows Server 2025 from malware and other threats.
By default, it is installed on Windows Server 2025, but if it is not enabled on your server, you can proceed to the guide steps below on the Orcacore website to enable and configure Microsoft Defender Antivirus on Windows Server 2025.
Table of Contents
Full Steps For Windows Server 2025 Defender Antivirus Configuration
To enable and configure Microsoft Defender Antivirus on Windows Server 2025, log in to your Windows Server and follow the steps below.
You can also check this Video Tutorial:
1. Enable Microsoft Defender Antivirus Interface
To enable Windows Defender on Windows Server 2025, you need to open the Server Manager and follow these steps.
First, navigate to the Add Roles and Features from your Server Manager.
Then, you can proceed through the wizard by default options until you reach the Features step. You need to choose Microsoft Windows Defender and click Next.
Next, click Install to enable Defender Antivirus. Wait until your installation is completed.
Once it is completed, click on Close and Restart your system to apply the changes.
2. Verify Microsoft Defender Antivirus is Running
At this point, you need to ensure that Microsoft Defender Antivirus is active and running on Windows Server 2025. Open PowerShell as an Administrator and run the following command:
Get-Service -Name windefendIn your output, you should see:
Also, you can use Command Prompt by running the command below:
sc query WindefendIn your output, you should see:
3. Security Intelligence Update for Microsoft Defender Antivirus
Keeping Microsoft Defender Antivirus updated is very important because new viruses and threats appear every day. If your antivirus is not updated, it might not recognize new threats, making your server vulnerable to attacks. Here’s how you can make sure your antivirus stays updated:
Enable Windows Update
Windows Update automatically downloads and installs the latest security updates. You need to make sure the Windows Update service is turned on so your antivirus can receive new virus definitions.
To verify your Windows Update, open Services on your server, look for Windows Update, and ensure it is running.
Use Windows Server Update Services (WSUS) (Optional)
If your organization manages updates manually, your IT team might use WSUS (Windows Server Update Services). If WSUS is in use, you need to make sure that Microsoft Defender Antivirus updates are approved and installed regularly. This ensures all servers in your network stay protected with the latest security intelligence.
By following these steps, you ensure that Microsoft Defender Antivirus always has the latest tools to detect and remove threats, keeping your Windows Server 2025 secure.
4. Configure Automatic Sample Submission
Microsoft Defender Antivirus has a feature called Automatic Sample Submission, which helps Microsoft quickly detect and respond to new threats. When your server encounters a suspicious file, it can send a copy of that file to Microsoft for analysis. This helps improve antivirus protection for everyone by identifying new viruses and malware faster.
Enable Automatic Sample Submission
To enable this option, open Windows PowerShell as Administrator and run the following command:
Set-MpPreference -SubmitSamplesConsent <value>Replace <value> with one of the following numbers based on your needs:
- 0 – Always prompt: The server will ask before sending a suspicious file.
- 1 – Send safe samples automatically: Only non-sensitive files will be sent without asking.
- 2 – Never send: No samples will be sent to Microsoft.
- 3 – Send all samples automatically: All suspicious files will be sent without asking.
Note: If you are managing a Windows Server, it is best to choose option 1 or 3.
Disable Automatic Sample Submission
If you do not want your Windows Server to send suspicious files to Microsoft for analysis, you can disable Automatic Sample Submission using PowerShell. For this purpose, run PowerShell as an administrator and use the following command:
Set-MpPreference -SubmitSamplesConsent 2This sets the submission preference to “Never send“, meaning no files will be shared with Microsoft.
5. Automatic Exclusions in Microsoft Defender Antivirus
Microsoft Defender Antivirus is designed to protect your Windows Server from viruses and other threats. However, scanning every single file can sometimes slow down the server, especially if certain files or folders are safe and necessary for your system to run properly.
To prevent this, Microsoft Defender automatically excludes (ignores) certain files, folders, and processes that are important for Windows Server. This helps improve performance and avoids unnecessary scans on system files.
You need to be careful when adding exclusions! Only exclude files or folders that you are 100% sure are safe. If you exclude the wrong files, your server could be at risk of malware attacks.
For more details, you can check Microsoft’s official documentation on configuring exclusions.
6. Use Another Antivirus with Microsoft Defender Passive Mode
If you are using a different antivirus program instead of Microsoft Defender Antivirus, you don’t need to completely turn off Defender. Instead, you can put it in Passive Mode so it doesn’t interfere with your main antivirus.
To put Microsoft Defender Antivirus in Passive Mode, click on the Start menu, type Registry Editor, and open it as Administrator.
In Registry Editor, navigate to the following path:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Advanced Threat ProtectionFrom there, you need to look for a setting called ForceDefenderPassiveMode. If it already exists, double-click it and change its value to 1.
If it does not exist, you need to create it. Right-click on the Windows Advanced Threat Protection folder.
Select the New > DWORD (32-bit) Value, name it ForceDefenderPassiveMode, and set its value to 1.
After making the changes, restart your server for them to take effect.
By following these steps, your third-party antivirus and Microsoft Defender Antivirus can work together without problems.
Conclusion
Turning on and setting up Microsoft Defender Antivirus on Windows Server 2025 is easy and helps keep your server safe from viruses and other threats. By following the steps above, you make sure that your server stays protected from new dangers while still running smoothly and efficiently.
Hope you enjoy it. Please subscribe to us on Facebook, Instagram, and YouTube.
You may also like to read the following articles:
Install Hyper-V on Windows Server 2025
Set up Visual Studio on Windows Server 2025
OpenSSL Setup on Windows Server 2025
Enable and Configure IIS on Windows Server 2025
Windows Server 2025 FTP Setup and Add FTP Site
FAQs
Is Microsoft Defender Antivirus included in Windows Server 2025?
Yes, Microsoft Defender Antivirus comes pre-installed on Windows Server 2025.
Can I use Microsoft Defender with another antivirus program?
Yes, but you should enable Passive Mode so Defender does not interfere with the other antivirus.
How do I perform a manual antivirus scan on Windows Server 2025?
To scan your entire system, run:Start-MpScan -ScanType FullScanFor a quick scan, use:Start-MpScan -ScanType QuickScan
