Applies to:
Clean Server was the first antivirus for Plesk Panel in the world. Since its release in 2003, it has scanned billions of emails and dropped millions of infected emails. Service providers and businesses rely on Clean Server to protect their Parallels Plesk servers and safeguard their customers.
- Microsoft Defender Antivirus
Microsoft Defender Antivirus is automatically installed on endpoints running the following versions of Windows:
- Windows 10 or later
- Windows Server 2016
- Windows Server, version 1803 or later
- Windows Server 2019
- Premium Antivirus by Dr.Web is an award winning virus scanning and filtering software. It provides reliable, effective, and lightweight protection for your mailboxes from viruses, trojans, worms, and other malware. Premium Antivirus offers the following benefits: Scans all incoming and outgoing mail traffic on the server.
- Bitdefender is the first and only anti-virus software that will protect dual operating systems on one computer. It’s the perfect solution for individuals who use Parallels or CrossOver to run Windows and Mac OS X on one machine because Bitdefender keeps you protectedno matter what.
- I am going to ask @AdvancedSetup to look into why you cant get Malwarebytes to install on your windows 10 using parallels I used brave on windows, it downloaded to file explorer and I still got the same message.
What happens when another non-Microsoft antivirus/antimalware solution is used? Can you run Microsoft Defender Antivirus alongside another antivirus product? The answers depend on several factors, such as your operating system and whether you're using Microsoft Defender for Endpoint (Defender for Endpoint) together with your antivirus protection.
This article describes what happens with Microsoft Defender Antivirus and a non-Microsoft antivirus/antimalware solution, with or without Defender for Endpoint.
Antivirus protection without Defender for Endpoint
This section describes what happens with Microsoft Defender Antivirus and non-Microsoft antivirus/antimalware products on endpoints that are not onboarded to Defender for Endpoint. The following table summarizes what to expect:
Windows version | Primary antivirus/antimalware solution | Microsoft Defender Antivirus state |
---|---|---|
Windows 10 | Microsoft Defender Antivirus | Active mode |
Windows 10 | A non-Microsoft antivirus/antimalware solution | Disabled mode (happens automatically) |
Windows Server 2016 Windows Server, version 1803 or newer Windows Server 2019 | Microsoft Defender Antivirus | Active mode |
Windows Server 2016 Windows Server, version 1803 or newer Windows Server 2019 | A non-Microsoft antivirus/antimalware solution | Disabled (set manually) [1] |
(1) On Windows Server, if you are running a non-Microsoft antivirus product, you can disable Microsoft Defender Antivirus by using Group Policy to turn off Microsoft Defender Antivirus, or by using the DisableAntiSpyware registry key. To use the registry key, navigate to HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows Defender
, and set or create a DWORD entry called DisableAntiSpyware
. Set its value to 1
(which sets the registry key's value to true), and select Hexadecimal for its base.
Tip
See Microsoft Defender Antivirus on Windows Server for key differences and management options for Windows Server installations. On Windows Server 2016, you might see Windows Defender Antivirus instead of Microsoft Defender Antivirus.
Antivirus protection with Defender for Endpoint
If your organization is using a non-Microsoft antivirus/antimalware solution together with Defender for Endpoint, Microsoft Defender Antivirus can, depending on your operating system, run in passive mode.
Windows version | Primary antivirus/antimalware solution | Microsoft Defender Antivirus state |
---|---|---|
Windows 10 or later | Microsoft Defender Antivirus | Active mode |
Windows 10 or later | A non-Microsoft antivirus/antimalware solution | Passive mode (happens automatically) |
Windows Server 2016 Windows Server, version 1803 or newer Windows Server 2019 | Microsoft Defender Antivirus | Active mode |
Windows Server, version 1803 or newer Windows Server 2019 | A non-Microsoft antivirus/antimalware solution | Passive mode (set manually) [2] |
Windows Server 2016 | A non-Microsoft antivirus/antimalware solution | Disabled (set manually) [3] |
(2) On Windows Server, version 1803 or newer, or Windows Server 2019, when you install a non-Microsoft antivirus product, set Microsoft Defender Antivirus to passive mode manually. You can use the ForceDefenderPassiveMode registry key to perform this task. To use the registry key, navigate to HKLMSOFTWAREPoliciesMicrosoftWindows Advanced Threat Protection
, and set or create a DWORD entry called ForceDefenderPassiveMode
. Set its value to 1
(which sets the registry key's value to true), and select Hexadecimal for its base. For more information, see Passive mode and Windows Server.
(3) On Windows Server 2016, you can disable Microsoft Defender Antivirus by using Group Policy to turn off Windows Defender Antivirus, or by using the DisableAntiSpyware registry key. To use the registry key, navigate to HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows Defender
, and set or create a DWORD entry called DisableAntiSpyware
. Set its value to 1
(which sets the registry key's value to true), and select Hexadecimal for its base.
Tip
See Microsoft Defender Antivirus on Windows Server for key differences and management options for Windows Server installations. On Windows Server 2016, you might see Windows Defender Antivirus instead of Microsoft Defender Antivirus.
Why run Microsoft Defender Antivirus in passive mode?
Defender for Endpoint includes capabilities that further extend the antivirus protection that is installed on your endpoint. You can benefit from running Microsoft Defender Antivirus alongside another antivirus solution.
For example, Endpoint detection and response (EDR) in block mode provides added protection from malicious artifacts even if Microsoft Defender Antivirus is not the primary antivirus product. Such capabilities require Microsoft Defender Antivirus to be installed and running in passive mode or active mode.
Requirements for Microsoft Defender Antivirus to run in passive mode
Is Parallels Good For Mac
In order for Microsoft Defender Antivirus to run in passive mode, endpoints must meet the following requirements:
- Operating system: Windows 10 or later; Windows Server, version 1803 or newer; or Windows Server 2019
- Microsoft Defender Antivirus must be installed
- Another non-Microsoft antivirus/antimalware product must be installed and used as the primary antivirus solution
- Endpoints must be onboarded to Defender for Endpoint
How Microsoft Defender Antivirus affects Defender for Endpoint functionality
Defender for Endpoint affects whether Microsoft Defender Antivirus can run in passive mode. Microsoft Defender Antivirus can affect certain capabilities in Defender for Endpoint, too. For example, real-time protection works when Microsoft Defender Antivirus is in active or passive mode, but not when Microsoft Defender Antivirus is disabled or uninstalled.
The table in this section summarizes the features and capabilities that are actively working or not, according to whether Microsoft Defender Antivirus is in active mode, passive mode, or disabled/uninstalled.
Important
The following table is designed to be informational only. Do not turn off capabilities, such as real-time protection, cloud-delivered protection, or limited periodic scanning if you are using Microsoft Defender Antivirus in passive mode, or if you are using EDR in block mode, which works behind the scenes to detect and remediate malicious artifacts that were detected post-breach.
Protection | Microsoft Defender Antivirus Active mode | Microsoft Defender Antivirus Passive mode | Microsoft Defender Antivirus Disabled or uninstalled | EDR in block mode |
---|---|---|---|---|
Real-time protection and cloud-delivered protection | Yes | No [5] | No | No |
Limited periodic scanning availability | No | No | Yes | No |
File scanning and detection information | Yes | Yes | No | Yes |
Threat remediation | Yes | See note [6] | No | Yes |
Security intelligence updates | Yes | Yes | No | Yes |
Antivirus For Parallels One
(5) In general, when Microsoft Defender Antivirus is in passive mode, real-time protection does not provide any blocking or enforcement, even though it is enabled and in passive mode.
(6) When Microsoft Defender Antivirus is in passive mode, threat remediation features are active only during scheduled or on-demand scans.
Note
Microsoft 365 Endpoint data loss prevention protection continues to operate normally when Microsoft Defender Antivirus is in either active or passive mode.
Important notes
Do not disable, stop, or modify any of the associated services that are used by Microsoft Defender Antivirus, Defender for Endpoint, or the Windows Security app. This recommendation includes the wscsvc, SecurityHealthService, MsSense, Sense, WinDefend, or MsMpEng services and processes. Manually modifying these services can cause severe instability on your devices and can make your network vulnerable. Disabling, stopping, or modifying those services can also cause problems when using non-Microsoft antivirus solutions and how their information is displayed in the Windows Security app.
In Defender for Endpoint, turn EDR in block mode on, even if Microsoft Defender Antivirus is not your primary antivirus solution. EDR in block mode detects and remediate malicious items that are found on the device (post breach). To learn more, see EDR in block mode.
How to confirm the state of Microsoft Defender Antivirus
To check the state of Microsoft Defender Antivirus, you can use the Get-MpComputerStatus PowerShell cmdlet.
On a Windows device, open Windows PowerShell.
Run following PowerShell cmdlet:
Get-MpComputerStatus | select AMRunningMode
.Review the results. You should see either Normal or Passive if Microsoft Defender Antivirus is enabled on the endpoint.
More details about Microsoft Defender Antivirus states
The table in this section describes various states you might see with Microsoft Defender Antivirus.
Microsoft Defender Antivirus state | What happens |
---|---|
Active mode | In active mode, Microsoft Defender Antivirus is used as the antivirus app on the machine. Settings that are configured by using Configuration Manager, Group Policy, Microsoft Intune, or other management products will apply. Files are scanned, threats are remediated, and detection information is reported in your configuration tool (such as Configuration Manager or the Microsoft Defender Antivirus app on the endpoint itself). |
Passive mode | In passive mode, Microsoft Defender Antivirus is not used as the antivirus app, and threats are not remediated by Microsoft Defender Antivirus. Threats can be remediated by Endpoint detection and response (EDR) in block mode, however. Files are scanned, and reports are provided for threat detections that are shared with the Defender for Endpoint service. You might see alerts in the security center showing Microsoft Defender Antivirus as a source, even when Microsoft Defender Antivirus is in passive mode. When Microsoft Defender Antivirus is in passive mode, you can still manage updates for Microsoft Defender Antivirus; however, you can't move Microsoft Defender Antivirus into active mode if your devices have a non-Microsoft antivirus product that is providing real-time protection from malware. For optimal security layered defense and detection efficacy, make sure to get your antivirus and antimwalware updates, even if Microsoft Defender Antivirus is running in passive mode. See Manage Microsoft Defender Antivirus updates and apply baselines. NOTE: Passive mode is not supported on Windows Server 2016. |
Disabled or Uninstalled | When disabled or uninstalled, Microsoft Defender Antivirus is not used as the antivirus app. Files are not scanned and threats are not remediated. Disabling or uninstalling Microsoft Defender Antivirus is not recommended in general; if possible, keep Microsoft Defender Antivirus in passive mode if you are using a non-Microsoft antimalware/antivirus solution. In cases where Microsoft Defender Antivirus is disabled automatically, it can be re-enabled automatically if the non-Microsoft antivirus/antimalware product expires or otherwise stops providing real-time protection from viruses, malware, or other threats. The automatic re-enabling of Microsoft Defender Antivirus helps to ensure that antivirus protection is maintained on your endpoints. You might also use limited periodic scanning, which works with the Microsoft Defender Antivirus engine to periodically check for threats if you are using a non-Microsoft antivirus app. |
See also
Do you plan on browsing the net, downloading files and getting emails on the Windows install? If so you might consider it. If you aren't going to do any of those things when you are working in Windows I don't see a need for any AV software.
It is not true that windows can get infected by a virus all by itself. That is a Urban Myth. It always take some User Action for any computer to get infected with a virus or malware. The User Has to DO Something to allow those thing to get on a computer.
Apr 29, 2014 2:00 PM