Windows Server 上的 Microsoft Defender 防病毒软件Microsoft Defender Antivirus on Windows Server

适用于:Applies to:

Windows Server 的以下版本/版本上提供了 Microsoft Defender 防病毒:Microsoft Defender Antivirus is available on the following editions/versions of Windows Server:

  • Windows Server 2019Windows Server 2019
  • Windows Server 版本 1803 或更高版本Windows Server, version 1803 or later
  • Windows Server 2016。Windows Server 2016.

在某些情况下,Microsoft Defender 防病毒称为 Endpoint Protection;但是,保护引擎是相同的。In some instances, Microsoft Defender Antivirus is referred to as Endpoint Protection; however, the protection engine is the same. 尽管 Windows 10上的 Microsoft Defender 防病毒的功能、配置和管理基本相同,但 Windows Server 上有几个主要区别:Although the functionality, configuration, and management are largely the same for Microsoft Defender Antivirus on Windows 10, there are a few key differences on Windows Server:

  • 在 Windows Server 中,根据 定义的服务器角色应用自动排除项。In Windows Server, automatic exclusions are applied based on your defined Server Role.
  • 在 Windows Server 中,如果运行的是其他防病毒产品,Microsoft Defender 防病毒不会自动禁用自身。In Windows Server, Microsoft Defender Antivirus does not automatically disable itself if you are running another antivirus product.

过程概览The process at a glance

在服务器平台上设置和运行 Microsoft Defender 防病毒的过程包括几个步骤:The process of setting up and running Microsoft Defender Antivirus on a server platform includes several steps:

  1. 启用接口Enable the interface.
  2. 安装 Microsoft Defender 防病毒Install Microsoft Defender Antivirus.
  3. 验证 Microsoft Defender 防病毒是否正在运行Verify Microsoft Defender Antivirus is running.
  4. 更新反恶意软件安全智能Update your antimalware Security intelligence.
  5. (根据需要) 提交示例。(As needed) Submit samples.
  6. (根据需要) 配置自动排除项(As needed) Configure automatic exclusions.
  7. (仅在必要) 将 Microsoft Defender 防病毒设置为被动模式(Only if necessary) Set Microsoft Defender Antivirus to passive mode.

在 Windows Server 上启用用户界面Enable the user interface on Windows Server

默认情况下,Microsoft Defender 防病毒已安装且在 Windows Server 上正常运行。By default, Microsoft Defender Antivirus is installed and functional on Windows Server. 默认情况下, (GUI) 用户界面安装在一些 SGUI 上,但不是必需的,因为您可以使用 PowerShell 或其他方法来管理 Microsoft Defender 防病毒。The user interface (GUI) is installed by default on some SKUs, but is not required because you can use PowerShell or other methods to manage Microsoft Defender Antivirus. 如果服务器上未安装 GUI,可以使用"添加角色和功能"向导或 PowerShell cmdlet 进行添加。 If the GUI is not installed on your server, you can add it by using the Add Roles and Features wizard, or by using PowerShell cmdlets.

使用添加角色和功能向导打开 GUITurn on the GUI using the Add Roles and Features Wizard

  1. 请参阅 使用添加角色和功能向导安装角色、角色服务和功能,并使用 添加角色和功能向导See Install roles, role services, and features by using the add Roles and Features Wizard, and use the Add Roles and Features Wizard.

  2. 当您进入向导的 "功能 "步骤时,在"Windows Defender 功能" 下,选择 "Windows Defender GUI"选项。When you get to the Features step of the wizard, under Windows Defender Features, select the GUI for Windows Defender option.

    在 Windows Server 2016 中,添加 角色和功能向导 如下所示:In Windows Server 2016, the Add Roles and Features Wizard looks like this:

    添加显示选项 GUI 的角色Windows Defender向导

    在 Windows Server 2019 中,添加 角色和功能向导 类似。In Windows Server 2019, the Add Roles and Feature Wizard is similar.

使用 PowerShell 打开 GUITurn on the GUI using PowerShell

以下 PowerShell cmdlet 将启用该接口:The following PowerShell cmdlet will enable the interface:

Install-WindowsFeature -Name Windows-Defender-GUI

在 Windows Server 上安装 Microsoft Defender 防病毒Install Microsoft Defender Antivirus on Windows Server

可以使用添加角色和功能 向导 或 PowerShell 安装 Microsoft Defender 防病毒。You can use either the Add Roles and Features Wizard or PowerShell to install Microsoft Defender Antivirus.

使用添加角色和功能向导Use the Add Roles and Features Wizard

  1. 请参阅 本文 ,并使用添加 角色和功能向导Refer to this article, and use the Add Roles and Features Wizard.

  2. 当你进入向导的 "功能" 步骤时,选择"Microsoft Defender 防病毒"选项。When you get to the Features step of the wizard, select the Microsoft Defender Antivirus option. 另外,选择 "用于Windows Defender GUI"选项。Also select the GUI for Windows Defender option.

使用 PowerShellUse PowerShell

若要使用 PowerShell 安装 Microsoft Defender 防病毒,请运行以下 cmdlet:To use PowerShell to install Microsoft Defender Antivirus, run the following cmdlet:

Install-WindowsFeature -Name Windows-Defender

Microsoft Defender 防病毒中包含的反恶意软件引擎的事件消息可以在 Microsoft Defender AV 事件找到Event messages for the antimalware engine included with Microsoft Defender Antivirus can be found in Microsoft Defender AV Events.

验证 Microsoft Defender 防病毒是否正在运行Verify Microsoft Defender Antivirus is running

若要验证 Microsoft Defender 防病毒是否正在你的服务器上运行,请运行以下 PowerShell cmdlet:To verify that Microsoft Defender Antivirus is running on your server, run the following PowerShell cmdlet:

Get-Service -Name windefend

若要验证防火墙保护是否打开,请运行以下 PowerShell cmdlet:To verify that firewall protection is turned on, run the following PowerShell cmdlet:

Get-Service -Name mpssvc

作为 PowerShell 的替代方法,可以使用命令提示符验证 Microsoft Defender 防病毒是否正在运行。As an alternative to PowerShell, you can use Command Prompt to verify that Microsoft Defender Antivirus is running. 为此,请从命令提示符运行以下命令:To do that, run the following command from a command prompt:

sc query Windefend

该命令 sc query 返回有关 Microsoft Defender 防病毒服务的信息。The sc query command returns information about the Microsoft Defender Antivirus service. 当 Microsoft Defender 防病毒正在运行时, STATE 值将显示 RUNNINGWhen Microsoft Defender Antivirus is running, the STATE value displays RUNNING.

更新反恶意软件安全智能Update antimalware Security intelligence

若要获取更新的反恶意软件安全智能,必须运行 Windows 更新服务。To get updated antimalware security intelligence, you must have the Windows Update service running. 如果使用更新管理服务,如 Windows Server Update Services (WSUS) ,请确保已针对你管理的计算机批准 Microsoft Defender 防病毒安全智能的更新。If you use an update management service, like Windows Server Update Services (WSUS), make sure that updates for Microsoft Defender Antivirus Security intelligence are approved for the computers you manage.

默认情况下,Windows 更新不会在 Windows Server 2019 或 Windows Server 2016 上自动下载和安装更新。By default, Windows Update does not download and install updates automatically on Windows Server 2019 or Windows Server 2016. 可以使用以下方法之一更改此配置:You can change this configuration by using one of the following methods:

方法Method 说明Description
控制面板中的 Windows 更新Windows Update in Control Panel - 自动安装更新 会导致自动安装所有更新,Windows Defender安全智能更新。- Install updates automatically results in all updates being automatically installed, including Windows Defender Security intelligence updates.
- 下载更新,但允许我 选择是否安装它们Windows Defender自动下载和安装安全智能更新,但不会自动安装其他更新。- Download updates but let me choose whether to install them allows Windows Defender to download and install Security intelligence updates automatically, but other updates are not automatically installed.
组策略Group Policy 可以通过以下路径中的组策略中提供的设置来设置和管理 Windows 更新:管理模板\Windows 组件\Windows 更新\配置自动更新You can set up and manage Windows Update by using the settings available in Group Policy, in the following path: Administrative Templates\Windows Components\Windows Update\Configure Automatic Updates
AUOptions 注册表项The AUOptions registry key 以下两个值允许 Windows 更新自动下载和安装安全智能更新:The following two values allow Windows Update to automatically download and install Security intelligence updates:
- 4 - 自动安装更新- 4 - Install updates automatically. 此值会导致自动安装所有更新,包括Windows Defender更新。This value results in all updates being automatically installed, including Windows Defender Security intelligence updates.
- 3 - 下载更新,但允许我选择是否安装它们- 3 - Download updates but let me choose whether to install them. 此值允许Windows Defender下载和安装安全智能更新,但不会自动安装其他更新。This value allows Windows Defender to download and install Security intelligence updates automatically, but other updates are not automatically installed.

为了确保对恶意软件的保护得到维护,我们建议您启用以下服务:To ensure that protection from malware is maintained, we recommend that you enable the following services:

  • Windows 错误报告服务Windows Error Reporting service

  • Windows 更新服务Windows Update service

下表列出了 Microsoft Defender 防病毒的服务和从属服务。The following table lists the services for Microsoft Defender Antivirus and the dependent services.

服务名称Service Name 文件位置File Location 说明Description
Windows Defender Service (WinDefend) Windows Defender Service (WinDefend) C:\Program Files\Windows Defender\MsMpEng.exe 这是需要一定时间运行的主要 Microsoft Defender 防病毒服务。This is the main Microsoft Defender Antivirus service that needs to be running at all times.
Windows 错误报告服务 (Wersvc) Windows Error Reporting Service (Wersvc) C:\WINDOWS\System32\svchost.exe -k WerSvcGroup 此服务将错误报告发送回 Microsoft。This service sends error reports back to Microsoft.
Windows Defender MpsSvc (防火墙) Windows Defender Firewall (MpsSvc) C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork 我们建议使防火墙Windows Defender启用。We recommend leaving the Windows Defender Firewall service enabled.
Windows 更新 (Wuauserv) Windows Update (Wuauserv) C:\WINDOWS\system32\svchost.exe -k netsvcs 需要 Windows 更新才能获取安全智能更新和反恶意软件引擎更新Windows Update is needed to get Security intelligence updates and antimalware engine updates

提交示例Submit samples

示例提交允许 Microsoft 收集潜在恶意软件的示例。Sample submission allows Microsoft to collect samples of potentially malicious software. 为了帮助提供持续且最新的保护,Microsoft 研究人员使用这些示例来分析可疑活动并生成更新的反恶意软件安全智能。To help provide continued and up-to-date protection, Microsoft researchers use these samples to analyze suspicious activities and produce updated antimalware Security intelligence. 我们收集程序可执行文件,如 .exe 文件和 .dll 文件。We collect program executable files, such as .exe files and .dll files. 我们不会收集包含个人数据的文件,如 Microsoft Word 文档和 PDF 文件。We do not collect files that contain personal data, like Microsoft Word documents and PDF files.

提交文件Submit a file

  1. 查看 提交指南Review the submission guide.

  2. 访问 示例提交门户 ,并提交你的文件。Visit the sample submission portal, and submit your file.

启用自动提交示例Enable automatic sample submission

若要启用自动示例提交,请以管理员Windows PowerShell启动示例提交控制台,然后根据以下设置之一设置 SubmitSamplesConsent 值数据:To enable automatic sample submission, start a Windows PowerShell console as an administrator, and set the SubmitSamplesConsent value data according to one of the following settings:

SettingSetting 说明Description
0 - 始终提示0 - Always prompt Microsoft Defender 防病毒服务会提示你确认提交所有必需文件。The Microsoft Defender Antivirus service prompts you to confirm submission of all required files. 这是 Microsoft Defender 防病毒的默认设置,但不建议在没有 GUI 的情况下在 Windows Server 2016 或 2019 上安装。This is the default setting for Microsoft Defender Antivirus, but is not recommended for installations on Windows Server 2016 or 2019 without a GUI.
1 - 自动发送安全示例1 - Send safe samples automatically Microsoft Defender 防病毒服务发送标记为"安全"的所有文件,并提示输入其余文件。The Microsoft Defender Antivirus service sends all files marked as "safe" and prompts for the remainder of the files.
2 - 从不发送2 - Never send Microsoft Defender 防病毒服务不提示也不发送任何文件。The Microsoft Defender Antivirus service does not prompt and does not send any files.
3 - 自动发送所有示例3 - Send all samples automatically Microsoft Defender 防病毒服务发送所有文件,而不提示确认。The Microsoft Defender Antivirus service sends all files without a prompt for confirmation.

配置自动排除项Configure automatic exclusions

为了帮助确保安全性和性能,某些排除项根据你在 Windows Server 2016 或 2019 上使用 Microsoft Defender 防病毒时安装的角色和功能自动添加。To help ensure security and performance, certain exclusions are automatically added based on the roles and features you install when using Microsoft Defender Antivirus on Windows Server 2016 or 2019.

请参阅 在 Windows Server 上配置 Microsoft Defender 防病毒中的排除项See Configure exclusions in Microsoft Defender Antivirus on Windows Server.

需要将 Microsoft Defender 防病毒设置为被动模式?Need to set Microsoft Defender Antivirus to passive mode?

如果你使用非 Microsoft 防病毒产品作为主要防病毒解决方案,请设置 Microsoft Defender 防病毒到被动模式。If you are using a non-Microsoft antivirus product as your primary antivirus solution, set Microsoft Defender Antivirus to passive mode.

使用注册表项将 Microsoft Defender 防病毒设置为被动模式Set Microsoft Defender Antivirus to passive mode using a registry key

如果你使用的是 Windows Server 版本 1803 或 Windows Server 2019,可以通过设置以下注册表项将 Microsoft Defender 防病毒设置为被动模式:If you are using Windows Server, version 1803 or Windows Server 2019, you can set Microsoft Defender Antivirus to passive mode by setting the following registry key:

  • 路径: HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat ProtectionPath: HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection
  • 名称:ForceDefenderPassiveModeName: ForceDefenderPassiveMode
  • 类型: REG_DWORDType: REG_DWORD
  • 值:1Value: 1

使用"删除角色和功能"向导禁用 Microsoft Defender 防病毒Disable Microsoft Defender Antivirus using the Remove Roles and Features wizard

  1. 请参阅 安装或卸载角色、角色服务或功能,并使用 删除角色和功能向导See Install or Uninstall Roles, Role Services, or Features, and use the Remove Roles and Features Wizard.

  2. 当您进入向导的 "功能"步骤时,请清除"Windows Defender"选项。 When you get to the Features step of the wizard, clear the Windows Defender Features option.

    如果在 "Windows Defender 功能"部分下自行清除 Windows Defender, 系统将提示您删除"Windows Defender"的界面选项 GUI。If you clear Windows Defender by itself under the Windows Defender Features section, you will be prompted to remove the interface option GUI for Windows Defender.

    Microsoft Defender 防病毒在没有用户界面的情况下仍可以正常运行,但如果禁用核心防病毒功能,将无法 Windows Defender 用户界面。Microsoft Defender Antivirus will still run normally without the user interface, but the user interface cannot be enabled if you disable the core Windows Defender feature.

使用 PowerShell 关闭 Microsoft Defender 防病毒用户界面Turn off the Microsoft Defender Antivirus user interface using PowerShell

若要关闭 Microsoft Defender 防病毒 GUI,请使用以下 PowerShell cmdlet:To turn off the Microsoft Defender Antivirus GUI, use the following PowerShell cmdlet:

Uninstall-WindowsFeature -Name Windows-Defender-GUI

是否正在使用 Windows Server 2016?Are you using Windows Server 2016?

如果你使用的是 Windows Server 2016 以及 Microsoft 未提供或开发的第三方反恶意软件/防病毒产品,则需要禁用/卸载 Microsoft Defender 防病毒。If you are using Windows Server 2016 and a third-party antimalware/antivirus product that is not offered or developed by Microsoft, you'll need to disable/uninstall Microsoft Defender Antivirus.

备注

无法卸载 Windows 安全应用,但可以使用以下说明禁用界面。You can't uninstall the Windows Security app, but you can disable the interface with these instructions.

以下 PowerShell cmdlet 卸载 Windows Server 2016 上的 Microsoft Defender 防病毒:The following PowerShell cmdlet uninstalls Microsoft Defender Antivirus on Windows Server 2016:

Uninstall-WindowsFeature -Name Windows-Defender

另请参阅See also