Windows Server 2016 comes standard with Windows Defender, just like Windows 10. And per default, Windows Defender is active and has also turned on Real-Time Protection by default. In Windows Server 2016 Desktop Experience you can disable and configure Windows Defender using the UI or PowerShell, in the Windows Server 2016 Core version or on Nano Server you only have PowerShell available. This article will cover some handy PowerShell commands to disable or configure Windows Defender in Windows Server 2016.

Enabling/Disabling

Disable real-time protection:

Set-MpPreference -DisableRealtimeMonitoring $true

Enable real-time protection:

Set-MpPreference -DisableRealtimeMonitoring $false

Setting Exclusions

Add a path-based exclusion:

Set-MpPreference -ExclusionPath "C:\temp", "C:\VMs", "C:\NanoServer"

Add a process-based exclusion:

Set-MpPreference -ExclusionProcess "vmms.exe", "Vmwp.exe"

Verifying

Check current state of all options:

Get-MpPreference

These will also work for configuring Windows Defender using PowerShell on Windows 10.