alphaspirit - Fotolia
With the constant and evolving threat of malware, Windows Defender Antivirus employs a series of technologies to keep Windows Server protected.
While malware incidents can disrupt the workplace when they infect laptops, that impact is relatively minimal compared to the problems that occur when viruses infect servers. If a server succumbs to ransomware, it could severely damage the company.
To protect these critical server systems, Microsoft offers a native antimalware tool called Windows Defender Antivirus that also works on the Windows client operating system.
How Windows Defender Antivirus works
Windows Defender Antivirus prevents malware from entering systems to disrupt, control, steal or damage data. It uses heuristic scanning, protection updates and cloud-based services to block infected downloads. It works continuously in the background to check downloads, watch for suspicious behavior and identify potential malware based on heuristic principles.
Heuristics establish a baseline to compare activities. If a file attempts to perform an action outside of the baseline, the activity is flagged as suspicious, potentially signaling an infection or attack. Windows Defender Antivirus uses heuristics to issue alerts for suspicious activities, such as an attempt to make unusual changes to files, registry keys or startup locations.
Windows Defender Antivirus requires regular updates to maintain protection against emerging threats. Microsoft generally delivers engine updates every month to optimize features and performance.
The key to adequate protection is frequent signature updates, which scan and compare files against known threats. Microsoft issues new malware definitions as threats arise.
Microsoft employs the cloud to add further protection
Windows Defender Antivirus enlists additional help to protect enterprises with the Windows Defender Antivirus cloud protection service, formerly called Microsoft Active Protection Service. Microsoft says the cloud protection service employs analytics and machine learning to detect threats to protect endpoints faster than definition updates.
Windows Defender uses this cloud protection service to block suspicious files before they reach the system to help prevent infections from zero-day threats.
The Windows 10 and Windows Server 2016 difference
Windows Defender Antivirus is available for Windows 10 and Windows Server 2016. The features, functionality and management of Windows Defender Antivirus are largely the same for both.
When the antimalware product runs on Windows Server 2016, however, it will apply automatic exclusions based on specific Windows Server 2016 server roles, and Windows Defender Antivirus continues to run even if the OS uses another antimalware product.
Dig Deeper on Windows Server and Network Security
Related Q&A from Stephen J. Bigelow
The threat protection platform, which underwent a recent name change, comes with some tailored features for Windows Server 2019 to stop attacks and ... Continue Reading
VMware vCC requires a handful of prerequisites before you can deploy it. Install vCC once you have the correct processors, memory, network ... Continue Reading
The three crucial components of vCC are the interface, the server and the nodes. The interface enables admins to modify the environment, while the ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.