BizTalk Assessment: How to check if Windows Defender is running on BizTalk Server with PowerShell

Why checking if Windows Defender is running on BizTalk Server, or another anti-virus, is important? I have been creating several BizTalk Server 2016 Developer environments on Azure using Azure Virtual Machines, normally I tend to be careful in choosing the VM Disk type – SSD can be expensive – and the size of the virtual machine – I would love to use a 4-core machine with 28GB but still using an HHD disk it will cost me near 430€ per month – so, because of the pricing I usually choose a modest machine from 1-core and 3.5 GB RAM or up to 4-core and 8GB RAM.

They tend to be a little slow, so tuning it well is important for archive a better performance and by default Windows Defender is configured on that machines. Not only as a negative impact on the general performance of the machine but also can have a huge impact on BizTalk Server performance.

Windows Defender is running on BizTalk Server

Indeed, anti-virus can have a huge impact on BizTalk Server performance and normally the best approach for BizTalk Server environment and anti-virus software is using a perimeter-based approach, where you normally don’t run the anti-virus software on the machine itself but protect the boundaries.

I like to use this approach but if not possible, at least you should configure the antivirus software to avoid real-time scanning of BizTalk Server executables and file drops. Antivirus software real-time scanning of BizTalk Server executable files and any folders or file shares monitored by BizTalk Server receive locations can negatively impact BizTalk Server performance. If antivirus software is installed on the BizTalk Server computer(s), disable real-time scanning of non-executable file types referenced by any BizTalk Server receive locations (usually .XML, but can also be .csv, .txt, etc.) and configure the antivirus software to exclude scanning of BizTalk Server executable Files.

In this post, I will not address how you can disable Windows Defender, I will live it to another post and I will not address also all the possible existing Anti-virus in the market, instead, here I will focus only in Windows Defender for a simple reason: that this is the anti-virus installed by default in the BizTalk Server 2016 Developer Virtual Machines template on Azure. Neither to configure Anti-virus exclusions that you should do for BizTalk, for that a good blog post from MSFT: BizTalk Server Anti-Virus Exclusions

However, one of the first steps while doing one BizTalk environment performance, or even a basic, assessment is to find out if there is any Anti-virus running on your BizTalk Server.

So, I create this simple PowerShell script to use in all my environments just to check is Windows Defender that is installed and enabled by default in Windows Server 2016 is running on the Server:

Try
{
    $defenderOptions = Get-MpComputerStatus

    if([string]::IsNullOrEmpty($defenderOptions))
    {
        Write-host "Windows Defender was not found running on the Server:" $env:computername -foregroundcolor "Green"
    }
    else
    {
        Write-host "Windows Defender was found on the Server:" $env:computername -foregroundcolor "Cyan"
        Write-host "   Is Windows Defender Enabled?" $defenderOptions.AntivirusEnabled
        Write-host "   Is Windows Defender Service Enabled?" $defenderOptions.AMServiceEnabled
        Write-host "   Is Windows Defender Antispyware Enabled?" $defenderOptions.AntispywareEnabled
        Write-host "   Is Windows Defender OnAccessProtection Enabled?"$defenderOptions.OnAccessProtectionEnabled
        Write-host "   Is Windows Defender RealTimeProtection Enabled?"$defenderOptions.RealTimeProtectionEnabled

        if($defenderOptions.RealTimeProtectionEnabled)
        {
            $windowsShell = new-object -comobject wscript.shell
            $questionResult = $windowsShell.popup("Do you want to disable Real Time Protection?", 0,"Not at this moment.",4)
            If ($questionResult -eq 6) {
             Set-MpPreference -DisableRealtimeMonitoring $true
                Write-host "Windows Defender Real Time Protection was successfully disabled" -foregroundcolor "Green"
                Write-host "Nevertheless Windows Defender is still running"
            }
        }
    }
}
Catch
{
    Write-host "Windows Defender was not found running on the Server:" $env:computername -foregroundcolor "Green"
}

Output type:

Result: Windows Defender is running on BizTalk Server
Result: Windows Defender is running on BizTalk Server (stopped)

The script, not only allows you to check if Windows Defender is running on BizTalk Server but, if the Windows Defender is running and you have Real-Time Protection enabled it will allow you to disable this feature if you want –  nevertheless, by disabling it the Windows Defender will still be running, the only thing is not doing is real-time protection to scan everything you download or run on Server.

Download

THIS POWERSHELL IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND.

You can download PowerShell to Check if Windows Defender is running on the Server from GitHub here:

Author: Sandro Pereira

Sandro Pereira lives in Portugal and works as a consultant at DevScope. In the past years, he has been working on implementing Integration scenarios both on-premises and cloud for various clients, each with different scenarios from a technical point of view, size, and criticality, using Microsoft Azure, Microsoft BizTalk Server and different technologies like AS2, EDI, RosettaNet, SAP, TIBCO etc. He is a regular blogger, international speaker, and technical reviewer of several BizTalk books all focused on Integration. He is also the author of the book “BizTalk Mapping Patterns & Best Practices”. He has been awarded MVP since 2011 for his contributions to the integration community.

1 thought on “BizTalk Assessment: How to check if Windows Defender is running on BizTalk Server with PowerShell”

Leave a Reply

Your email address will not be published. Required fields are marked *

turbo360

Back to Top