alphaspirit - Fotolia
With the constant and evolving threat of malware, Windows Defender Antivirus employs a series of technologies to keep Windows Server protected.
While malware incidents can disrupt the workplace when they infect laptops, that impact is relatively minimal compared to the problems that occur when viruses infect servers. If a server succumbs to ransomware, it could severely damage the company.
To protect these critical server systems, Microsoft offers a native antimalware tool called Windows Defender Antivirus that also works on the Windows client operating system.
How Windows Defender Antivirus works
Windows Defender Antivirus prevents malware from entering systems to disrupt, control, steal or damage data. It uses heuristic scanning, protection updates and cloud-based services to block infected downloads. It works continuously in the background to check downloads, watch for suspicious behavior and identify potential malware based on heuristic principles.
Heuristics establish a baseline to compare activities. If a file attempts to perform an action outside of the baseline, the activity is flagged as suspicious, potentially signaling an infection or attack. Windows Defender Antivirus uses heuristics to issue alerts for suspicious activities, such as an attempt to make unusual changes to files, registry keys or startup locations.
Windows Defender Antivirus requires regular updates to maintain protection against emerging threats. Microsoft generally delivers engine updates every month to optimize features and performance.
The key to adequate protection is frequent signature updates, which scan and compare files against known threats. Microsoft issues new malware definitions as threats arise.
Microsoft employs the cloud to add further protection
Windows Defender Antivirus enlists additional help to protect enterprises with the Windows Defender Antivirus cloud protection service, formerly called Microsoft Active Protection Service. Microsoft says the cloud protection service employs analytics and machine learning to detect threats to protect endpoints faster than definition updates.
Windows Defender uses this cloud protection service to block suspicious files before they reach the system to help prevent infections from zero-day threats.
The Windows 10 and Windows Server 2016 difference
Windows Defender Antivirus is available for Windows 10 and Windows Server 2016. The features, functionality and management of Windows Defender Antivirus are largely the same for both.
When the antimalware product runs on Windows Server 2016, however, it will apply automatic exclusions based on specific Windows Server 2016 server roles, and Windows Defender Antivirus continues to run even if the OS uses another antimalware product.
Dig Deeper on Windows Server and Network Security
Related Q&A from Stephen J. Bigelow
Microsoft Hyper-V on Windows comes with advanced protection schemes, including several virtualization-based security features the company introduced ... Continue Reading
The BitLocker encryption technology continues to evolve from its roots as a Windows Vista feature to protect resources both in the local data center ... Continue Reading
Some enterprises avoid the public cloud due to its multi-tenant nature and data security concerns. Learn what data separation is and how it can keep ... Continue Reading