Essential Guide

Browse Sections

How do I keep Windows Defender definitions current?

Administrators in charge of keeping antivirus software up to date have a few options to protect their servers. Learn about the methods and services to use with Windows Defender Antivirus.

Malicious actors churn out new malware constantly, and administrators can't let the protections on Windows Server systems stagnate.

Antivirus software loses its effectiveness unless the administrator ensures the Windows Defender definitions remain current. Every organization has specific needs that dictate if automatic updates or a delayed option to deploy Windows Defender definitions makes more sense.

Check the status of Windows Defender

IT staff can verify the condition of the Windows Defender Antivirus service on Windows Server with the sc query windefend command. The sc query command displays information for the named service.

If Windows Defender Antivirus is active, the state value will show running. If the state value shows stopped, the administrator should restart the service unless another AV tool is present and running on the system.

Antimalware tools use virus signature or definition files to compare against incoming threats. To account for new viruses and malware, Microsoft frequently updates these Windows Defender definitions. Windows Defender Antivirus relies on these definition files to detect and remove new threats, and the latest definition files must be downloaded to each system.

Why administrators might want to delay definition updates

The simplest way to ensure Windows systems get the latest Windows Defender definitions is through automatic installations via the Windows Update service.

The simplest way to ensure Windows systems get the latest Windows Defender definitions is through automatic installations via the Windows Update service. Administrators can access Windows Update in the system's Control Panel and select whether to install updates automatically -- including Windows Defender definitions -- or download them, but wait to install selected updates. The latter option enables administrators to deploy just the Windows Defender Antivirus updates.

Businesses might opt to use other update services, such as Windows Server Update Services, that let administrators evaluate updates before pushing them into production systems. This option stops automated rollouts to give IT a chance to test the update candidate and check for problems before releasing the new Windows Defender definitions to the entire organization.

Dig Deeper on Microsoft messaging and collaboration