Windows Defender has been built into Windows 8, 8.1 and 10 by default to provide protection against malware, however there is no such default program installed in the Windows server operating system.
To provide a basic level of security in a small server environment, we can install Microsoft Security Essentials with some simple modifications which contains most of the functionality of Windows Defender for free.
By default if you try to install Microsoft Security Essentials in Windows Server you will receive various errors which we will cover how to fix here.
While it is not possible to directly download Windows Defender to install, we can instead make use of Microsoft Security Essentials which is available as a slightly cut down version for older versions of Windows, such as Windows 7, in order to help protect against viruses, spyware and other malicious software. Microsoft Security Essentials provides most of the protection methods that Windows Defender does with the exception of rootkit and bootkit protections.
It is important to note that Microsoft Security Essentials is designed to provide a basic level of free protection for home or small business PCs rather than important server infrastructure. Despite this, users with a very small amount of Windows server installations have been looking for ways to install Windows Defender in order to provide at least a basic level of security.
While this is not officially supported, it does provide an increased level of security that is better than nothing, however it’s recommended that you look into using a proper product that is fit for purpose such as Microsoft’s System Center Endpoint Protection (SCEP) which is an enterprise antimalware solution. SCEP does require paid licensing to work, so for a very small environment Microsoft Security Essentials can at least provide a basic level of security protection.
Although installing Microsoft Security Essentials in a server operating system is not officially supported, it does work and correctly detects threats, as we’ll see here in our example.
Microsoft Security Essentials Installation Guide For Windows Server
- Firstly you’ll want to download Microsoft Security Essentials onto your Windows server. Select the language of your choice and either 32-bit or 64-bit depending on the architecture your server operating system is using.
Save the mseinstall.exe file somewhere locally on the server, do not simply run it as by default the installation will fail with the following error:
Microsoft Security Essentials cannot be installed on your operating system. Your version of the Windows operating system is not supported by this program. Error code:0x8004FF04
- To get around this error message, right click the mseinstall.exe file and select properties.
From the properties window, select the compatibility tab. Within the compatibility tab tick “Run this program in compatibility mode for:” under Compatibility Mode and select Windows 7 from the drop down box, as shown.
Click OK to continue.
If you were to run the mseinstall.exe file at this point, you would receive a different error as shown below:
Microsoft Security Essentials cannot be installed on your operating system. Windows Program Compatibility mode is not supported by this program. Error code:0x8004FF71
In order to resolve this, run command prompt as administrator and enter the folder where the mseinstall.exe file is located. Run the mseinstall.exe file with the /disableoslimit flag on the end as shown below.
- The installation wizard should now correctly open and Microsoft Security Essentials can now be installed and will proceed without the previous error messages, click Next to continue and work through the installation wizard.
Once the installation has completed you can optionally update and perform a scan, this is recommended as the definitions database needs to be kept up to date to find newer threats. An Internet connection will be required to download any available definition updates through the application, however these can also come through from Windows updates so if you have a WSUS server you can update from here as well. After updating a quick scan will take place.
You can select the Settings tab to modify when the weekly automatic scheduled scan takes place, by default a quick scan is set to run every Sunday at 2am and will not use more than 50% of the available CPU resources.
Now that Microsoft Security Essentials has been successfully installed, we will test the actual functionality of the program to ensure that it will correctly identify a threat. To do this we will create a test EICARs file and see if the real-time protection automatically detects and quarantines it.
Essentially we are just going to open Notepad and create a .txt file containing the test string defined on that page and then save it to the desktop.
Shortly after saving the file we have been visually alerted that malware has been detected and that Microsoft Security Client is taking action to clean the detected malware.
If we check the History tab of Microsoft Security Essentials we can then see the test file listed as a quarantined item, confirming that it is working correctly as intended in Windows Server 2012 R2.
Download and Install
Although not officially supported, we have successfully installed Microsoft Security Essentials (a cut down Windows Defender) in Windows Server 2012 R2 and confirmed that it is working correctly and detecting security threats.
This is better than the default level of security, which is none as Windows Defender is only built into Windows 8, 8.1 and 10 client operating systems, however it is recommended that server operating systems make use of enterprise solutions such as System Center Endpoint Protection (SCEP) or some other option available from some security vendor.