This post will cover the 70-744 exam objective “implement antimalware solution with Windows Defender”, we’ll show you how to work with Windows Defender in Windows Server 2016.
By default Windows Server 2016 comes with Windows Defender installed and running. This is an improvement over Windows Server 2012, which had nothing by default although with some work you could install Windows Defender manually, however this solution was of course not officially supported.
This post is part of our Microsoft 70-744 Securing Windows Server 2016 exam study guide series. For more related posts and information check out our full 70-744 study guide.
Windows Defender
The graphical user interface (GUI) for Windows Defender is the same as the one used in Windows 10, so it can be managed in the same way. You can open it by simply typing “Windows Defender” or part thereof into the start menu, as shown below.
Once selected the Windows Defender GUI will open.
From this interface we can run a scan, update definitions, or view the history of previous scans. We can also click the Settings button toward the top right to open the Windows Defender Settings, which we’ll cover next.
Windows Defender Settings
While the settings can be opened as explained above, we’ll also show you how to access them through the Windows GUI directly rather than through the Windows Defender interface. To view the settings of Windows Defender, select “Settings” from the start menu.
Next select “Update & Security”.
Finally select “Windows Defender” from the menu on the left.
We’ll now explain all of the settings available in the interface pictured above.
- Open Windows Defender: Clicking this will simply open the Windows Defender GUI, this can be used to initiate scans, perform updates, or view scan history.
- Real-time Protection: This option is on by default, and helps prevent malware from running or being installed in real-time as it happens, in comparison to scanning at some arbitrary point in time.
- Cloud-based Protection: This option is on by default, and provides real-time protection when Windows defender sends information to Microsoft about potential security threats, which can be useful in ensuring you are detecting the most up to date threats.
- Automatic Sample Submission: This option is on by default, and allows Windows to send suspicious files to Microsoft for analysis to help improve Windows Defender.
- Exclusions: You can create exclusions for custom file paths, specific files, file extensions, or processes that will not be scanned by Windows Defender. Note that this can make you more vulnerable as there will be locations where malware could hide undetected.
- Enhanced Notifications: This option is on by default, and allows Windows Defender to notify you of various events. Even if you disable this option, you will still be notified of critical events.
- Version Info: Finally at the bottom are some specific version strings for the antimalware client, engine, and definitions.
As we can see all of the options are already configured and enabled by default, Windows Defender will automatically update, perform scans of the system for us, and notify us of any problems. We can perform a much higher level of customization with Windows PowerShell. While Windows Defender is only capable of detecting already known malware based on its definitions, it’s a better protection than having nothing at all, as was the case previously in Windows Server 2012.
Summary
We’ve now seen how we can implement antimalware solution with Windows Defender in Windows Server 2016 for the purposes of the 70-744 exam. By default Windows Defender is already configured to perform scanning, updates, and removal of malware. We can optionally configure the settings as required through the graphical user interface.
This post is part of our Microsoft 70-744 Securing Windows Server 2016 exam study guide series. For more related posts and information check out our full 70-744 study guide.
0 Comments.