Advertisement
Hi All -<\/p>\n
We transitioned from SEP to Defender AV for our windows 10 workstations and are looking at doing the same for our servers. Our servers consist of Server 2012, 2016, 2019, and 2022. Currently have SEP installed and we have a policy configured for 25 or so servers that dont have Auto-Protect enabled. The servers in this pool have mixed tasks such as db servers, phone client servers, check imaging/scanning servers, etc…<\/p>\n
I’ve done some research/testing with Defender AV and turning off real-time protection - which obviously Microsoft intends on it running. Does anyone have Defender AV with real-time protection off for some servers? If so, do you leave it permanently off? If not, what is the best way to handle the servers (that don’t’ have sep auto-protect) w/ real-time enabled: test and add exclusions as necessary?<\/p>\n
I am sure best practice is to have it enabled, but curious if others are running it off on any servers and how things are going.<\/p>\n
Thanks!<\/p>","upvoteCount":8,"answerCount":5,"datePublished":"2022-06-21T14:42:59.000Z","author":{"@type":"Person","name":"brewcrew","url":"https://community.spiceworks.com/u/brewcrew"},"suggestedAnswer":[{"@type":"Answer","text":"
Hi All -<\/p>\n
We transitioned from SEP to Defender AV for our windows 10 workstations and are looking at doing the same for our servers. Our servers consist of Server 2012, 2016, 2019, and 2022. Currently have SEP installed and we have a policy configured for 25 or so servers that dont have Auto-Protect enabled. The servers in this pool have mixed tasks such as db servers, phone client servers, check imaging/scanning servers, etc…<\/p>\n
I’ve done some research/testing with Defender AV and turning off real-time protection - which obviously Microsoft intends on it running. Does anyone have Defender AV with real-time protection off for some servers? If so, do you leave it permanently off? If not, what is the best way to handle the servers (that don’t’ have sep auto-protect) w/ real-time enabled: test and add exclusions as necessary?<\/p>\n
I am sure best practice is to have it enabled, but curious if others are running it off on any servers and how things are going.<\/p>\n
Thanks!<\/p>","upvoteCount":8,"datePublished":"2022-06-21T14:42:59.000Z","url":"https://community.spiceworks.com/t/windows-defender-av-as-primary-on-servers/835601/1","author":{"@type":"Person","name":"brewcrew","url":"https://community.spiceworks.com/u/brewcrew"}},{"@type":"Answer","text":"
I let it run Along with ESET Endpoint for servers. So far no isues<\/p>","upvoteCount":1,"datePublished":"2022-06-21T15:16:34.000Z","url":"https://community.spiceworks.com/t/windows-defender-av-as-primary-on-servers/835601/2","author":{"@type":"Person","name":"chrisplate","url":"https://community.spiceworks.com/u/chrisplate"}},{"@type":"Answer","text":"
When installing 3rd party AV solutions Defender will disable by default. Unless you explicitly switch it on, would need GPO for that as registry would get overridden. Running multiple AV solution can cause system performance degredation and access violations (random errors)<\/p>\n
Defender is not available for 2012 unless you are using SCCM or Intune
\nDefender does not ship with ATP protection on 2016 unless you have Intune and do an additional install from the Intune portal<\/p>\n
To maximize your protection and ensure the integrity of the Defender AV solution use GPO for management<\/p>\n
PS we run Defender 365 on everything, active full protection everything turned on. No hassles.<\/p>","upvoteCount":0,"datePublished":"2022-06-22T09:48:21.000Z","url":"https://community.spiceworks.com/t/windows-defender-av-as-primary-on-servers/835601/3","author":{"@type":"Person","name":"spiceuser-2x5mo","url":"https://community.spiceworks.com/u/spiceuser-2x5mo"}},{"@type":"Answer","text":"
As Spicehead stated WIndows Defender for Servers is not quite the same as the build in Defender.<\/p>\n
Check this Microsoft article.<\/p>\n
Defender for Servers<\/a><\/p>","upvoteCount":0,"datePublished":"2022-06-26T17:22:22.000Z","url":"https://community.spiceworks.com/t/windows-defender-av-as-primary-on-servers/835601/4","author":{"@type":"Person","name":"dwendel","url":"https://community.spiceworks.com/u/dwendel"}},{"@type":"Answer","text":" I do not use any AV software on servers unless those are RDS or File Servers and are directly accessible to many people. AV constantly causes various sorts of issues with other software, services, and applications running on those servers and may also impact the performance. If the servers are virtualized, there are some solid methods https://www.hyper-v.io/hyper-v-security-mistakes-dont-want-make/<\/a> to increase security without running AV software. And if the only persons having access to those servers are IT guys, servers are pretty secure in such a configuration.<\/p>","upvoteCount":0,"datePublished":"2022-06-29T13:37:27.000Z","url":"https://community.spiceworks.com/t/windows-defender-av-as-primary-on-servers/835601/5","author":{"@type":"Person","name":"supaplex-starwind","url":"https://community.spiceworks.com/u/supaplex-starwind"}}]}}