Jump to content

Windows Server agent does not disable Windows Defender?

Recommended Posts

We are deploying the Windows Server agent v1.2 on Server 2016 using the default Policy, i.e., the option re Windows Security Center is set to 'Automatically Decide'.

On all of our 2016's the result is that both MB and Defender are running. Is this alright? Windows Server doesn't actually have Security Center so I wonder if it's an oversight, i.e., that the MB agent should be disabling Defender but doesn't know how to do it without the presence of Security Center.

Link to post
Share on other sites

Do we still need to worry about excluding each from the other, e.g. tell Defender not to monitor 'mbam' service etc?

I've been reading the following post circa 2016 where MB and MS Essentials stopped working together. Towards the end someone says they're having the same issue with Windows Defender?


What prompted my question is actually an issue we've seen a couple of times where the processes for "Antimalware Service Executable" (Defender) and "Malwarebytes Service" go back-and-forth using 50% CPU, this on a 2x CPU VM so I'm guessing that they're using 100% on 1x cpu-core. We also see the MB service leak memory (?), i.e., it grows from the usual 230 MB to 26,000 MB. Only way to fix that without rebooting is to uninstall MB?

Link to post
Share on other sites

2 minutes ago, TonyInZ said:

Do we still need to worry about excluding each from the other, e.g. tell Defender not to monitor 'mbam' service etc?

Can not speak about the server client as I have no server users. But I would leave them both on and test.

It should not be needed but I add mutual exclusions just in case on all of my desktop clients.

The following is a speech I use when dealing with the issue on desktop clients.


The reason many of us members are pushing Keeping Defender on is the following.

Malwarebytes does not target script files during a scan... That means MB will not target; JS, HTML, VBS, .CLASS, SWF, BAT, CMD, PDF, PHP, etc.

It also does not target documents such as; PDF, DOC, DOCx, XLS, XLSx, PPT, PPS, ODF, etc.

It also does not target media files;  MP3, WMV, JPG, GIF, etc.

Malwarebytes will detect files like these on execution-only.


Malwarebytes is not designed to function like normal AV scanners and uses a new kind of scan engine that relies mostly on heuristics detection techniques rather than traditional threat signatures.  Malwarebytes is also designed to look in all the locations where malware is known to install itself/hide, so a full or custom scan shouldn't be necessary, especially on any sort of frequent basis (like daily), especially since the default Threat Scan/Quick Scan checks all loading points/startup locations, the registry, all running processes and threads in memory, along with all system folders, program folders, and data folders as well as any installed browsers, caches, and temp locations.  This also means that if a threat were active from a non-standard location because Malwarebytes checks all threads and processes in memory, it should still be detected.  The only threat it *might* miss would be a dormant/inactive threat that is not actively running/installed on a secondary drive, however, if the threat were executed then Malwarebytes should detect it.  Additionally, whenever a new location is discovered to be used by malware the Malwarebytes Research team adds that location dynamically to the outgoing database updates so the locations that are checked by the default Threat/Quick Scan in Malwarebytes can be changed on the fly by Research without requiring any engine or program version updates/upgrades.

An AV will catch the file just by downloading it or just opening a folder with a detected file in it.

For example, you get an email with an infected attachment, Malwarebytes will not even blink until you run it yet Defender will detect it if it is in their database without even actually clicking on it. Remember the list of files Malwarebytes does not target.

Then I will leave you with this.

As good as Malwarebytes is, it is just a layer of protection.

Using a browser that has Ublock Origin and the Malwarebytes Browser guard enabled is also a layer of protection.

Not opening attachments from an email unless you were expecting it from a specific user during a specific time period.

Do not use Torrents. Do not install every free software you find. Do not click links in an unknown email. Go directly to the site listed in the email.

Having a monthly image of your computer on an external drive that is only connected during the backup is actually better than any protective software ever made. Macrium Reflect free is the program I use and place on every computer I service.





Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.