Malicious actors churn out new malware constantly, and administrators can't let the protections on Windows Server systems stagnate.
Antivirus software loses its effectiveness unless the administrator ensures the Windows Defender definitions remain current. Every organization has specific needs that dictate if automatic updates or a delayed option to deploy Windows Defender definitions
Check the status of Windows Defender
IT staff can verify the condition of the Windows Defender Antivirus service on Windows Server with the sc query
If Windows Defender Antivirus is active, the state value will show running. If the state value shows stopped, the administrator should restart the service unless another AV tool is present and running on the system.
Antimalware tools use virus signature or definition files to compare against incoming threats. To account for new viruses and malware, Microsoft frequently updates these Windows Defender definitions. Windows Defender Antivirus relies on these definition files to detect and remove new threats, and the latest definition files must be downloaded to each system.
Why administrators might want to delay definition updates
The simplest way to ensure Windows systems get the latest Windows Defender definitions is through automatic installations via the Windows Update service. Administrators can access Windows Update in the system's Control Panel and select whether to install updates automatically -- including Windows Defender definitions -- or download them, but wait to install selected updates. The latter option enables administrators to deploy just the Windows Defender Antivirus updates.
Businesses might opt to use other update services, such as Windows Server Update Services, that let administrators evaluate updates before pushing them into production systems. This option stops automated rollouts to give IT a chance to test the update candidate and check for problems before releasing the new Windows Defender definitions to the entire organization.