With the constant and evolving threat of malware, Windows Defender Antivirus employs a series of technologies to...
keep Windows Server protected.
While malware incidents can disrupt the workplace when they infect laptops, that impact is relatively minimal compared to the problems that occur when viruses infect servers. If a server succumbs to ransomware, it could severely damage the company.
To protect these critical server systems, Microsoft offers a native antimalware tool called Windows Defender Antivirus that also works on the Windows client operating system.
How Windows Defender Antivirus works
Windows Defender Antivirus prevents malware from entering systems to disrupt, control, steal or damage data. It uses heuristic scanning, protection updates and cloud-based services to block infected downloads. It works continuously in the background to check downloads, watch for suspicious behavior and identify potential malware based on heuristic principles.
Heuristics establish a baseline to compare activities. If a file attempts to perform an action outside of the baseline, the activity is flagged as suspicious, potentially signaling an infection or attack. Windows Defender Antivirus uses heuristics to issue alerts for suspicious activities, such as an attempt to make unusual changes to files, registry keys or startup locations.
Windows Defender Antivirus requires regular updates to maintain protection against emerging threats. Microsoft generally delivers engine updates every month to optimize features and performance.
The key to adequate protection is frequent signature updates, which scan and compare files against known threats. Microsoft issues new malware definitions as threats arise.
Microsoft employs the cloud to add further protection
Windows Defender Antivirus enlists additional help to protect enterprises with the Windows Defender Antivirus cloud protection service, formerly called Microsoft Active Protection Service. Microsoft says the cloud protection service employs analytics and machine learning to detect threats to protect endpoints faster than definition updates.
Windows Defender uses this cloud protection service to block suspicious files before they reach the system to help prevent infections from zero-day threats.
The Windows 10 and Windows Server 2016 difference
Windows Defender Antivirus is available for Windows 10 and Windows Server 2016. The features, functionality and management of Windows Defender Antivirus are largely the same for both.
When the antimalware product runs on Windows Server 2016, however, it will apply automatic exclusions based on specific Windows Server 2016 server roles, and Windows Defender Antivirus continues to run even if the OS uses another antimalware product.
Dig Deeper on Windows Server and Network Security
Related Q&A from Stephen J. Bigelow
Microsoft offers a free antimalware tool for client and server systems, but administrators need to tune the layers of protection to avoid problems. Continue Reading
Testing Exchange information rights management functionality can be tedious, but Microsoft offers a dedicated cmdlet for Exchange 2016 administrators... Continue Reading
Not every tool is right for the job of backing up data. Find out what limits System Center DPM 2016 protection and which alternatives cover what it ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.