Antimalware tools may seem mundane compared to new security technologies such as shielded VMs and Just Enough Administration, but they should be part of Windows Server hardening efforts.
Windows Server 2016 installs a version of Microsoft Windows Defender by default as another layer of protection alongside existing antimalware tools and other security tools, such as log analytics and intrusion detection and prevention.
For additional security, IT can install Windows Defender without a GUI to reduce the attack surface in the Windows environment. But administrators can install the Windows Defender interface by using the Add Roles and Features Wizard or via the Install-WindowsFeature cmdlet in PowerShell.
In addition to the GUI, administrators can manage Windows Defender through PowerShell, Windows Management Instrumentation or group policy. If alternative means of malware protection are sufficient, uninstall Windows Defender with the Remove Roles and Features Wizard or the Uninstall-WindowsFeature cmdlet in PowerShell.
Microsoft regularly updates Windows Defender through Windows Update -- regardless of whether the user interface is installed -- or Windows Server Update Services.
Administrators can also submit malware samples and implement file or folder exclusions to improve scanning performance.