Windows Defender Antivirus in Windows 10 and Windows Server 2016

Applies to:

Windows Defender Antivirus is a built-in antimalware solution that provides next generation protection for desktops, portable computers, and servers.

Windows Defender Antivirus includes:

  • Cloud-delivered protection for near-instant detection and blocking of new and emerging threats. Along with machine learning and the Intelligent Security Graph, cloud-delivered protection is part of the next-gen technologies that power Windows Defender Antivirus.
  • Always-on scanning, using advanced file and process behavior monitoring and other heuristics (also known as "real-time protection")
  • Dedicated protection updates based on machine-learning, human and automated big-data analysis, and in-depth threat resistance research

You can configure and manage Windows Defender Antivirus with:

  • System Center Configuration Manager (as System Center Endpoint Protection, or SCEP)
  • Microsoft Intune
  • PowerShell
  • Windows Management Instrumentation (WMI)
  • Group Policy


You can visit the Windows Defender Testground website at to confirm the following features are working and see how they work:

  • Cloud-delivered protection
  • Fast learning (including Block at first sight)
  • Potentially unwanted application blocking

What's new in Windows 10, version 1803

What's new in Windows 10, version 1703

New features for Windows Defender Antivirus in Windows 10, version 1703 include:

We've expanded this documentation library to cover end-to-end deployment, management, and configuration for Windows Defender Antivirus, and we've added some new guides that can help with evaluating and deploying Windows Defender AV in certain scenarios:

Minimum system requirements

Windows Defender AV has the same hardware requirements as Windows 10. For more information, see:

Functionality, configuration, and management is largely the same when using Windows Defender AV on Windows Server 2016; however, there are some differences.