When you install anti-virus software on Windows 10 it registers itself with the Security Center and automatically turns off Windows Defender. This happens because Microsoft knows that running two AV packages at the same time causes problems like poor performance, application crashes, and even system failures.
Until recently, I assumed that installing anti-virus on Windows Servers worked the same way. The other day while investigating an application that was performing poorly I noticed events from Windows Defender scans. The sever in question was running Trend’s Worry Free Business suite.
It turns out that the server versions of the Windows operating systems do not have the Security Center feature. There’s no method for third-party security software to disable Windows Defender. Furthermore, it is enabled by default in all Windows Server 2016 and newer editions.
Microsoft’s documentation that explains Windows Defender compatibility in located here. The matrix at the bottom of the page shows how Defender is configured in each version. Microsoft and the vendors I checked with suggest running a single solution. Here are the official posts for Symantec and Trend.
Leaving Defender running on one or two physical machines is probably not the end of the world, but virtualized environments are another story. In high-density virtualized datacenters, the wasted resources could really add up, even if running both scanners isn’t causing more visible issues.