Windows Defender helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software. For those disconnected deployments that are not yet on 1910 or later, or that don't have the ability to download Defender definitions and engine updates on a daily basis, the monthly Azure Stack Hub update includes Windows Defender Antivirus definitions, engine, and platform updates for the month. Set up Windows Defender for manual updates.
- Windows Defender Virus Definition Manual Download
- Windows Defender Definitions Manual Download Pdf
- Windows Defender Definitions Manual Download Windows 10
- Windows Defender Definitions Manual Download Windows 7
Windows Defender Antivirus is an antimalware solution that provides security and virus protection. Every Azure Stack infrastructure component (Hyper-V hosts and virtual machines) is protected with Windows Defender Antivirus. For up-to-date protection, you need periodic updates to Windows Defender Antivirus definitions, engine, and platform. How updates are applied depends on your configuration.
Connected scenario
The Azure Stack Hub update resource provider downloads antimalware definitions and engine updates multiple times per day. Each Azure Stack infrastructure component gets the update from the update resource provider and applies the update automatically.
For those Azure Stack Hub deployments that are connected to the public Internet, apply the monthly Azure Stack update. The monthly Azure Stack Hub update includes Windows Defender Antivirus platform updates for the month.
Disconnected scenario
For those Azure Stack Hub deployments that are not connected to the public Internet (e.g. air-gapped data centers), starting with the 1910 release, customers have the ability to apply the antimalware definitions and engine updates as they are published.
Windows Defender Virus Definition Manual Download
To apply the updates to your Azure Stack Hub solution, you first have to download them from the Microsoft site (links below) and subsequently, import them into a storage blob container under your updateadminaccount. A scheduled task scans the blob container every 30 minutes and, if new Defender definitions and engine updates are found, it applies them to the Azure Stack Hub infrastructure.
For those disconnected deployments that are not yet on 1910 or later, or that don't have the ability to download Defender definitions and engine updates on a daily basis, the monthly Azure Stack Hub update includes Windows Defender Antivirus definitions, engine, and platform updates for the month.
Set up Windows Defender for manual updates
With the 1910 release, two new cmdlets were added to the privileged endpoint to configure Windows Defender manual update in Azure Stack Hub.
The following procedure shows how to setup Windows Defender manual update.
Connect to the privileged endpoint and run the following cmdlet to specify the name of the storage blob container where the Defender updates will be uploaded.
Note
The manual update process described below only works in disconnected environments where access to 'go.microsoft.com' is not allowed. Trying to run the cmdlet Set-AzsDefenderManualUpdate in connected environments will result in an error.
Download the two Windows Defender update packages and save them on a location that is reachable from your Azure Stack Hub administration portal.
- mpam-fe.exe from https://go.microsoft.com/fwlink/?LinkId=121721&arch=x64
- nis_full.exe from https://go.microsoft.com/fwlink/?LinkId=197094
Note
You'll have to download these two files every time you want to update the Defender signatures.
In the administration portal, select All services. Then, under the DATA + STORAGE category, select Storage accounts. (Or, in the filter box, start typing storage accounts, and select it.)
In the filter box, type update, and select the updateadminaccount storage account.
In the storage account details, under Services, select Blobs.
Under Blob service, select + Container to create a container. Enter the name that was specified with the Set-AzsDefenderManualUpdate (in this example defenderupdates) and then select OK.
After the container is created, click the container name, and then click Upload to upload the package files to the container.
Under Upload blob, click the folder icon, browse to the Windows Defender update mpam-fe.exe files and then click Open in the file explorer window.
Under Upload blob, click Upload.
Repeat steps 8 and 9 for the nis_full.exe file.
A scheduled task scans the blob container every 30 minutes and applies any new Windows Defender package.
Next steps
-->Applies to:
Windows Defender Antivirus is available on Windows Server 2016. In some instances it is referred to as Endpoint Protection - however, the protection engine is the same.
While the functionality, configuration, and management is largely the same for Windows Defender AV either on Windows 10 or Windows Server 2016, there are a few key differences:
- In Windows Server 2016, automatic exclusions are applied based on your defined Server Role.
- In Windows Server 2016, Windows Defender AV will not disable itself if you are running another antivirus product.
This topic includes the following instructions for setting up and running Windows Defender AV on a server platform:
Enable or disable the interface on Windows Server 2016
By default, Windows Defender AV is installed and functional on Windows Server 2016. The user interface is installed by default on some SKUs, but is not required.
Note
You can't uninstall the Windows Security app, but you can disable the interface with these instructions.
If the interface is not installed, you can add it in the Add Roles and Features Wizard at the Features step, under Windows Defender Features by selecting the GUI for Windows Defender option.
See the Install or uninstall roles, role services, or features topic for information on using the wizard.
The following PowerShell cmdlet will also enable the interface:
To hide the interface, use the Remove Roles and Features Wizard and deselect the GUI for Windows Defender option at the Features step, or use the following PowerShell cmdlet:
Important
Windows Defender AV will still run normally without the user interface, but the user interface cannot be enabled if you disable the core Windows Defender feature.
Install or uninstall Windows Defender AV on Windows Server 2016
You can also uninstall Windows Defender AV completely with the Remove Roles and Features Wizard by deselecting the Windows Defender Features option at the Features step in the wizard.
This is useful if you have a third-party antivirus product installed on the machine already. Multiple AV products can cause problems when installed and actively running on the same machine. See the question 'Should I run Microsoft security software at the same time as other security products?' on the Windows Defender Security Intelligence Antivirus and antimalware software FAQ.
Note
Deselecting Windows Defender on its own under the Windows Defender Features section will automatically prompt you to remove the interface option GUI for Windows Defender.
The following PowerShell cmdlet will also uninstall Windows Defender AV on Windows Server 2016:
To install Windows Defender AV again, use the Add Roles and Features Wizard and ensure the Windows Defender feature is selected. You can also enable the interface by selecting the GUID for Windows Defender option.
You can also use the following PowerShell cmdlet to install Windows Defender AV:
Tip
Event messages for the antimalware engine included with Windows Defender AV can be found in Windows Defender AV Events.
Verify Windows Defender is running
To verify that Windows Defender AV is running on the server, run the following PowerShell cmdlet:
To verify that firewall protection through Windows Defender is turned on, run the following PowerShell cmdlet:
As an alternative to PowerShell, you can use Command Prompt to verify that Windows Defender AV is running. To do that, run the following command from a command prompt:
Windows Defender Definitions Manual Download Pdf
The sc query
command returns information about the Windows Defender service. If Windows Defender is running, the STATE
value displays RUNNING
.
Update antimalware Security intelligence
In order to get updated antimalware Security intelligence , you must have the Windows Update service running. If you use an update management service, like Windows Server Update Services (WSUS), make sure that updates for Windows Defender Antivirus Security intelligence are approved for the computers you manage.
By default, Windows Update does not download and install updates automatically on Windows Server 2016. You can change this configuration by using one of the following methods:
Windows Update in Control Panel.
Install updates automatically results in all updates being automatically installed, including Windows Defender Security intelligence updates.
Download updates but let me choose whether to install them allows Windows Defender to download and install Security intelligence updates automatically, but other updates are not automatically installed.
Group Policy. You can set up and manage Windows Update by using the settings available in Group Policy, in the following path: Administrative TemplatesWindows ComponentsWindows UpdateConfigure Automatic Updates
The AUOptions registry key. The following two values allow Windows Update to automatically download and install Security intelligence updates.
4 Install updates automatically. This value results in all updates being automatically installed, including Windows Defender Security intelligence updates.
3 Download updates but let me choose whether to install them. This value allows Windows Defender to download and install Security intelligence updates automatically, but other updates are not automatically installed.
To ensure that protection from malware is maintained, we recommend that you enable the following services:
Windows Defender Definitions Manual Download Windows 10
Windows Error Reporting service
Windows Update service
The following table lists the services for Windows Defender and the dependent services.
Service Name | File Location | Description |
---|---|---|
Windows Defender Service (Windefend) | C:Program FilesWindows DefenderMsMpEng.exe | This is the main Windows Defender Antivirus service that needs to be running at all times. |
Windows Error Reporting Service (Wersvc) | C:WINDOWSSystem32svchost.exe -k WerSvcGroup | This service sends error reports back to Microsoft. |
Windows Defender Firewall (MpsSvc) | C:WINDOWSsystem32svchost.exe -k LocalServiceNoNetwork | We recommend leaving the Windows Defender Firewall service enabled. |
Windows Update (Wuauserv) | C:WINDOWSsystem32svchost.exe -k netsvcs | Windows Update is needed to get Security intelligence updates and antimalware engine updates |
Submit Samples
Sample submission allows Microsoft to collect samples of potentially malicious software. To help provide continued and up-to-date protection, Microsoft researchers use these samples to analyze suspicious activities and produce updated antimalware Security intelligence.
We collect program executable files, such as .exe files and .dll files. We do not collect files that contain personal data, like Microsoft Word documents and PDF files.
Enable automatic sample submission
To enable automatic sample submission, start a Windows PowerShell console as an administrator, and set the SubmitSamplesConsent value data according to one of the following settings:
0 Always prompt. The Windows Defender service prompts you to confirm submission of all required files. This is the default setting for Windows Defender, but is not recommended for Windows Server 2016 installations without a GUI.
1 Send safe samples automatically. The Windows Defender service sends all files marked as 'safe' and prompts for the remainder of the files.
2 Never send. The Windows Defender service does not prompt and does not send any files.
3 Send all samples automatically. The Windows Defender service sends all files without a prompt for confirmation.
Configure automatic exclusions
To help ensure security and performance, certain exclusions are automatically added based on the roles and features you install when using Windows Defender AV on Server 2016.
See the Configure exclusions in Windows Defender AV on Windows Server topic for more information.