Simon Lehmann

Web/mobile app developer from Perth, Western Australia

Disable or Configure Windows Defender Using Powershell on Windows Server 2016

02 Jul 2017

Windows Server 2016 comes standard with Windows Defender just like Windows 10. And per default, Windows Defender is active and has also turned on Real-Time Protection by default. In Windows Server 2016 Desktop Experience you can disable and configure Windows Defender using the UI or PowerShell, in the Windows Server 2016 Core version or on Nano Server you only have PowerShell available. This article will cover some handy PowerShell commands to disable or configure Windows Defender in Windows Server 2016.


Disable real-time protection:

Set-MpPreference -DisableRealtimeMonitoring $true

Enable real-time protection:

Set-MpPreference -DisableRealtimeMonitoring $false

Setting Exclusions

Add a path-based exclusion:

Set-MpPreference -ExclusionPath "C:\temp", "C:\VMs", "C:\NanoServer"

Add a process-based exclusion:

Set-MpPreference -ExclusionProcess "vmms.exe", "Vmwp.exe"


Check current state of all options:


These will also work for configuring Windows Defender using Powershell on Windows 10.