Uninstall Windows Defender on Windows Server
In this post, you’ll learn how to uninstall Windows Defender on Windows Server. You can uninstall Windows Defender feature on all versions of Windows Server with a simple PowerShell command.
The question is: Why uninstall Windows Defender from Windows Server? If you have a third party antivirus solution on Windows Server, you may not require Windows Defender.
Installing two antivirus softwares on a Windows Server may cause conflicts and most of all, it will slow down the performance of your Windows Server. As a best practice ensure you don’t have multiple security products running on a system.
When you install an additional security software, Microsoft Defender Antivirus does not automatically disable itself. Hence, you have to manually uninstall Windows Defender on your Windows Server.
When you install Windows Server operating system, the Windows Defender is preinstalled. The Windows Defender is also referred as Endpoint protection or Microsoft Defender Antivirus Service.
Ways to Uninstall Windows Defender Antivirus on Windows Server
There are two ways to uninstall Windows Defender from your Windows Server:
- You can remove Windows Defender AV completely via Remove Roles and Features Wizard.
- Windows Defender can be easily installed/uninstalled using a PowerShell command.
You can also create a batch file to disable windows defender permanently. However, that is more preferred method for IT professionals. The best way to remove the Windows Defender AV on Server would be using the Remove Roles and Features wizard. In the wizard you can deselect the Windows Defender Features option at the Features step.
On your Windows Server, the option to deselect Windows Defender feature could be greyed out. This could be due to Microsoft doesn’t want you to remove Windows Defender so easily. In this situation, you can easily uninstall the Microsoft Defender Antivirus Service using PowerShell command.
Windows Defender Antivirus on Windows Server
Microsoft Defender Antivirus is available in the following editions of Windows Server:
- Windows Server 2022
- Windows Server 2019
- Windows Server, version 1803 or later
- Windows Server 2016
Check if Windows Defender Service is running on Windows Server
On your Windows Server, you can check whether the Windows Defender Service is running or not with following steps. Click Start > Run and type Services.msc. In the Services console, look for Microsoft Defender Antivirus Service and check the Status of this service. If it shows as Running, it means the Windows Defender Service is running on Windows Server.
The second method to check the defender AV services status is using command prompt. When you run the command “sc query Windefend“, it displays the status of Microsoft Defender Antivirus Service. If the status is RUNNING, that means Windows Defender is present and service is active on the machine.
You can also determine the Windows Defender antivirus status using PowerShell. Launch the PowerShell as administrator and run the command Get-Service -Name WinDefend to know the status of Windows Defender AV. Learn more about the Get-Service command along with its parameters.
Uninstall Windows Defender on Windows Server
Here are the steps to uninstall Windows Defender on Windows Server:
- Login to the Windows Server.
- Ensure Windows Defender Antivirus service is running. You can run sc query Windefend in command prompt.
- Run the PowerShell command to uninstall Windows Defender on Windows Server.
To uninstall Windows Defender antivirus, launch PowerShell and run the below command. Note that a server reboot is required once you uninstall the Windows Defender.
Uninstall-WindowsFeature -Name Windows-Defender
Re-install Windows Defender on Windows Server
If you have uninstalled Windows Defender, later you changed your mind and decide to install it back, you can re-install it. Using the below PowerShell command, you can install Windows Defender feature on Windows Server. This command should work on all the latest Windows Server operating systems. Run the PowerShell as administrator and run the below command.
Install-WindowsFeature -Name Windows-Defender
After you install Windows Defender on Server, you must reboot the server.
Conclusion
On the latest Windows Server operating systems, Microsoft Defender antivirus works really well. However, most organizations prefer to use a third-party solutions that offer more features than Microsoft Defender. In such cases, running two security softwares on a server isn’t the best practice. You can remove Windows Defender software and replace it with a different AV software.
Many thanks Prajwal! Many hours of searching on Google and it was a simple as the Powershell script you shared. Worked perfectly.
Microsoft in there infinite wisdom decided to have defender running when you install a 3rd party Anti Virus. Where as prior to Windows Server 2016, this wasnt the case and defender was disabled when a 3rd party AV was installed.
Does not work. It shows as stopped when I run the query, but when I attempt to uninstall via Administrator Powershell I get an error (“The referenced assembly could not be found. Error: x80073701”)
Hi Prajwal,
Thanks for the video, it is helpful. I wanted to created a collection based on if Windows Defender feature is enabled or not. What is the best query to check this. I wanted to create a task sequence to disable it.
Thanks
Sachin.
Great write up. Can this be done on Windows Server 2008 R2 as well?