Enable and update Defender Antivirus to the latest version on Windows Server

This article describes how to enable and update Microsoft Defender Antivirus on Windows Server. You'd use the procedures in this article if Microsoft Defender Antivirus was previously disabled or uninstalled.

Enable and update Microsoft Defender Antivirus on Windows Server

1. Install the latest servicing stack updates.

2. Install the latest cumulative update.

3. Reinstall Microsoft Defender Antivirus or re-enable it. See the following sections (in this article):

   • Re-enable Microsoft Defender Antivirus on Windows Server if it was disabled
   • Re-enable Microsoft Defender Antivirus on Windows Server if it was uninstalled

4. Reboot the system.

5. Install the latest version of the platform update.

   Note

   Re-enabling Microsoft Defender Antivirus doesn't automatically install the platform update. You can download and install the latest platform version using Windows update. Alternatively, you can download the update package from the Microsoft Update Catalog or from the Antimalware and cyber security portal.

   If you're preparing to install the modern, unified solution on Windows Server 2016, you can leverage the Installer help script to automate the platform update and the subsequent installation and onboarding. This script can also assist in re-enabling Microsoft Defender Antivirus.

Re-enable Microsoft Defender Antivirus on Windows Server if it was disabled

First, ensure that Microsoft Defender Antivirus is not disabled either through Group Policy or registry. For more information, see Troubleshoot Microsoft Defender Antivirus while migrating from a third-party solution.

If Microsoft Defender Antivirus features and installation files were previously removed from Windows Server 2016, follow the guidance in Configure a Windows Repair Source to restore the feature installation files.

On Windows Server 2016 you might need to use the -WdEnable option on the MpCmdRun command-line tool to re-enable Microsoft Defender Antivirus.

1. Open an elevated Command Prompt (a Command Prompt window you opened by selecting Run as administrator). For example:

   1. Open the Start menu, and then type cmd.
   2. Right-click on the Command Prompt result, and then select Run as administrator.

2. In the elevated Command Prompt, run the following commands:

   Tip

   The first command changes the directory to the latest version of <antimalware platform version> in %ProgramData%\Microsoft\Windows Defender\Platform\<antimalware platform version>. If that path doesn't exist, it goes to %ProgramFiles%\Windows Defender.

   (set "_done=" & if exist "%ProgramData%\Microsoft\Windows Defender\Platform\" (for /f "delims=" %d in ('dir "%ProgramData%\Microsoft\Windows Defender\Platform" /ad /b /o:-n 2^>nul') do if not defined _done (cd /d "%ProgramData%\Microsoft\Windows Defender\Platform\%d" & set _done=1)) else (cd /d "%ProgramFiles%\Windows Defender")) >nul 2>&1
   
   MpCmdRun.exe -WdEnable
   

3. Restart the device.

Re-enable Microsoft Defender Antivirus on Windows Server if it was uninstalled

In case the Defender feature was uninstalled/removed, you can add it back.

1. In an elevated Command Prompt, run the following commands:

   # Windows Server 2016
   Dism /Online /Enable-Feature /FeatureName:Windows-Defender-Features
   
   Dism /Online /Enable-Feature /FeatureName:Windows-Defender
   
   Dism /Online /Enable-Feature /FeatureName:Windows-Defender-Gui
   
   # Windows Server 1803 or Windows Server 2019 or later
   Dism /Online /Enable-Feature /FeatureName:Windows-Defender
   

   Tip

   You can also use Server Manager or PowerShell to install the Microsoft Defender Antivirus feature.

2. Reboot the system.

Related articles

Performance analyzer for Microsoft Defender Antivirus