Defending Windows Defender in Windows Server 2016


Windows Server Anti-Malware is installed and enabled by default in Windows Server 2016 Technical Preview, but the user interface for Windows Server Anti-Malware is not installed. However, Windows Server Anti-Malware will update anti-malware definitions and protect the computer without the user interface. If you need the user interface for Windows Server Anti-Malware, you can install it after the operating system installation by using the Add Roles and Features Wizard, or from the power shell command:

Install-WindowsFeature-Name Windows-Defender-GUI

Should your organization already have a 3rd party malware solution and want to avoid any potential conflicts, you can uninstall through the power shell with the following command:

Uninstall-WindowsFeature-Name Windows-Server-AntiMalware

When using this feature, it’s helpful to submit samples to Microsoft to help their researchers analyze suspicious activities so the definitions remain up to date.

Enable automatic sample submission

  • To enable automatic sample submission, start a Windows PowerShell console as an administrator, and set the SubmitSamplesConsent value data according to one of the following settings:
    • 0  Always prompt. The Windows Defender service prompts you to confirm submission of all required files. This is the default setting for Windows Defender, but is not recommended for Windows Server 2016 Technical Preview installations without a GUI.
    • 1  Send safe samples automatically. The Windows Defender service sends all files marked as “safe” and prompts for the remainder of the files.
    • 2  Never send. The Windows Defender service does not prompt and does not send any files.
    • 3  Send all samples automatically. The Windows Defender service sends all files without a prompt for confirmation

Learn More in this Technet Article

Windows Server 2016 Blog Series

Innovative Integration created a whole series about Windows Server 2016 leading up to the September launch. To read other articles from this series, click here.

About Michael Thuma

One Comment

  • Jim says:

    As usual, pasted the powershell command in a brand new 2016 server and powershell has no idea what I’m asking for.
    Uninstall-WindowsFeature-Name : The term ‘Uninstall-WindowsFeature-Name’ is not recognized as the name of a cmdlet,
    function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the
    path is correct and try again.
    At line:1 char:1
    + Uninstall-WindowsFeature-Name Windows-Server-AntiMalware

Leave a Reply

Innovative Integration can help you optimize your IT infrastructure. Request a Consultation