Windows Defender Antivirus in Windows 10 and Windows Server 2016

Applies to:

  • Windows Defender Advanced Threat Protection (Windows Defender ATP)

Windows Defender Antivirus is a built-in antimalware solution that provides next generation protection for desktops, portable computers, and servers.

Windows Defender Antivirus includes:

  • Cloud-delivered protection for near-instant detection and blocking of new and emerging threats. Along with machine learning and the Intelligent Security Graph, cloud-delivered protection is part of the next-gen technologies that power Windows Defender Antivirus.
  • Always-on scanning, using advanced file and process behavior monitoring and other heuristics (also known as "real-time protection")
  • Dedicated protection updates based on machine-learning, human and automated big-data analysis, and in-depth threat resistance research

You can configure and manage Windows Defender Antivirus with:

  • System Center Configuration Manager (as System Center Endpoint Protection, or SCEP)
  • Microsoft Intune
  • PowerShell
  • Windows Management Instrumentation (WMI)
  • Group Policy


You can visit the Windows Defender Testground website at to confirm the following features are working and see how they work:

  • Cloud-delivered protection
  • Fast learning (including Block at first sight)
  • Potentially unwanted application blocking

What's new in Windows 10, version 1803

What's new in Windows 10, version 1703

New features for Windows Defender Antivirus in Windows 10, version 1703 include:

We've expanded this documentation library to cover end-to-end deployment, management, and configuration for Windows Defender Antivirus, and we've added some new guides that can help with evaluating and deploying Windows Defender AV in certain scenarios:

Minimum system requirements

Windows Defender AV has the same hardware requirements as Windows 10. For more information, see:

Functionality, configuration, and management is largely the same when using Windows Defender AV on Windows Server 2016; however, there are some differences.

Windows Defender AV in the Windows Security app Windows Defender AV on Windows Server 2016 Windows Defender AV compatibility Evaluate Windows Defender AV protection Deploy, manage updates, and report on Windows Defender AV Configure Windows Defender AV features Customize, initiate, and review the results of scans and remediation Review event logs and error codes to troubleshoot issues Reference topics for management and configuration tools