Enable and update Defender Antivirus to the latest version on Windows Server
Applies to:
If you wish to use Microsoft Defender Antivirus on your Windows Server, and it had been previously disabled or uninstalled, you may need to take further steps to re-enable it and ensure it's fully updated.
To enable and update Microsoft Defender Antivirus on Windows Server, perform the following steps:
Install the latest Servicing Stack Update (SSU).
Install the latest cumulative update (LCU).
Reinstall Microsoft Defender Antivirus or re-enable it. For more information on how to reinstall or re-enable Microsoft Defender Antivirus on Windows Server, see Re-enable Microsoft Defender Antivirus on Windows Server if it was disabled and Re-enable Microsoft Defender Antivirus on Windows Server if it was uninstalled.
Reboot the system.
Install the latest version of the platform update.
Note
Re-enabling Microsoft Defender Antivirus doesn't automatically install the platform update. You can download and install the latest platform version using Windows update. Alternatively, you can download the update package from the Microsoft Update Catalog or from the Antimalware and cyber security portal.
If you're preparing to install the modern, unified solution on Windows Server 2016, you can leverage the Installer help script to automate the platform update and the subsequent installation and onboarding. This script can also assist in re-enabling Microsoft Defender Antivirus.
Re-enable Microsoft Defender Antivirus on Windows Server if it was disabled
First, ensure that Microsoft Defender Antivirus is not disabled either through Group Policy or registry. For more information, see Troubleshoot Microsoft Defender Antivirus while migrating from a third-party solution.
If Microsoft Defender Antivirus features and installation files were previously removed from Windows Server 2016, follow the guidance in Configure a Windows Repair Source to restore the feature installation files.
On Windows Server 2016, in some cases, you may need to use the Malware Protection Command-Line Utility to re-enable Microsoft Defender Antivirus.
As a local administrator on the server, perform the following steps:
- Open Command Prompt.
- Run the following command:
MpCmdRun.exe -wdenable. - Restart the device.
Re-enable Microsoft Defender Antivirus on Windows Server if it was uninstalled
In case the Defender feature was uninstalled/removed, you can add it back.
As a local administrator on the server, perform the following steps:
Open Windows PowerShell.
Run the following commands:
# For Windows Server 2016 Dism /Online /Enable-Feature /FeatureName:Windows-Defender-Features Dism /Online /Enable-Feature /FeatureName:Windows-Defender Dism /Online /Enable-Feature /FeatureName:Windows-Defender-Gui # For Windows Server 1803 and later, including Windows Server 2019 and 2022 Dism /Online /Enable-Feature /FeatureName:Windows-DefenderWhen the DISM command is being used within a task sequence running PowerShell, the following path to cmd.exe is required.
C:\Windows\System32\cmd.exe /c Dism /Online /Enable-Feature /FeatureName:Windows-Defender-Features C:\Windows\System32\cmd.exe /c Dism /Online /Enable-Feature /FeatureName:Windows-DefenderNote
You can also use Server Manager or PowerShell cmdlets to install the Microsoft Defender Antivirus feature.
Reboot the system.
Related articles
Performance analyzer for Microsoft Defender Antivirus
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for