Gandalf_The_Grey

Level 36
Verified
Trusted
Content Creator
In this blog post I like to take up a tiresome topic. It is about the performance and stability problems caused by virus scanners on Windows 10 clients as well as on server environments. What is the cause and what can I do?

The background to all of this: I have now been contacted twice by blog readers in March 2020 about the issues of Windows Defender as a performance brake on Windows Server 2016/2019. The blog readers have disabled Windows Defender on Windows Server 2016/2019 in order to work with reasonable performance. The whole issue has been addressed in the two articles linked at the end of this article.

Microsoft knows about the issues
When I researched the internet for alternative antivirus solutions for Windows Server (see my article Solution for slow start of Windows Server 2016?), I came across the Microsoft article Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows. The article was last updated in early March 2020.

The problem is that Windows Defender probably does not define exclude lists of files to be excluded from a scan. Then, for example, during update installation, the effect is that files in use would have to be scanned, but Defender cannot. This results in stability and performance problems. Windows Server 2016 may take an incredibly long time to restart during the installation of updates.

Instead of disabling Defender, Microsoft recommends in the linked support article what to do if you have stability and performance problems in Windows. The advice in this article applies to:

  • Windows Server 2012, all editions
  • Windows Server 2012 R2, all editions
  • Windows Server 2016, all editions
  • Windows Server 2019, all editions
  • Windows 7, all editions
  • Windows 8.1, all editions
  • Windows 10, alle Editionen
 

Gandalf_The_Grey

Level 36
Verified
Trusted
Content Creator
So this issue is only related to (old) Windows Server edition?
No, from the article:
Instead of disabling Defender, Microsoft recommends in the linked support article what to do if you have stability and performance problems in Windows. The advice in this article applies to:
  • Windows Server 2012, all editions
  • Windows Server 2012 R2, all editions
  • Windows Server 2016, all editions
  • Windows Server 2019, all editions
  • Windows 7, all editions
  • Windows 8.1, all editions
  • Windows 10, alle Editionen
and should apply to all virus scanners, not just Windows Defender.
 

Andy Ful

Level 64
Verified
Trusted
Content Creator
So this issue is only related to (old) Windows Server edition?
No, from the article:
Instead of disabling Defender, Microsoft recommends in the linked support article what to do if you have stability and performance problems in Windows. The advice in this article applies to:
  • Windows Server 2012, all editions
  • Windows Server 2012 R2, all editions
  • Windows Server 2016, all editions
  • Windows Server 2019, all editions
  • Windows 7, all editions
  • Windows 8.1, all editions
  • Windows 10, alle Editionen
and should apply to all virus scanners, not just Windows Defender.
Also, the advice is for computers in Enterprises:
"This article contains recommendations that may help an administrator determine the cause of potential instability on a computer that is running a supported version of Microsoft Windows when it is used together with antivirus software in an Active Directory domain environment or in a managed business environment."

The advice is to lower temporarily the AV protection while updating, by excluding some folders, instead of disabling the AV due to performance issues.

Microsoft advice can be found there:
 
Top