Why checking if Windows Defender is running on BizTalk Server, or another anti-virus, is important? I have been creating several BizTalk Server 2016 Developer environments on Azure using Azure Virtual Machines, normally I tend to be careful in choosing the VM Disk type – SSD can be expensive – and the size of the virtual machine – I would love to use a 4-core machine with 28GB but still using an HHD disk it will cost me near 430€ per month – so, because of the pricing I usually choose a modest machine from 1-core and 3.5 GB RAM or up to 4-core and 8GB RAM.
They tend to be a little slow, so tuning it well is important for archive a better performance and by default Windows Defender is configured on that machines. Not only as a negative impact on the general performance of the machine but also can have a huge impact on BizTalk Server performance.
Indeed, anti-virus can have a huge impact on BizTalk Server performance and normally the best approach for BizTalk Server environment and anti-virus software is using a perimeter-based approach, where you normally don’t run the anti-virus software on the machine itself but protect the boundaries.
I like to use this approach but if not possible, at least you should configure the antivirus software to avoid real-time scanning of BizTalk Server executables and file drops. Antivirus software real-time scanning of BizTalk Server executable files and any folders or file shares monitored by BizTalk Server receive locations can negatively impact BizTalk Server performance. If antivirus software is installed on the BizTalk Server computer(s), disable real-time scanning of non-executable file types referenced by any BizTalk Server receive locations (usually .XML, but can also be .csv, .txt, etc.) and configure the antivirus software to exclude scanning of BizTalk Server executable Files.
In this post, I will not address how you can disable Windows Defender, I will live it to another post and I will not address also all the possible existing Anti-virus in the market, instead, here I will focus only in Windows Defender for a simple reason: that this is the anti-virus installed by default in the BizTalk Server 2016 Developer Virtual Machines template on Azure. Neither to configure Anti-virus exclusions that you should do for BizTalk, for that a good blog post from MSFT: BizTalk Server Anti-Virus Exclusions
However, one of the first steps while doing one BizTalk environment performance, or even a basic, assessment is to find out if there is any Anti-virus running on your BizTalk Server.
So, I create this simple PowerShell script to use in all my environments just to check is Windows Defender that is installed and enabled by default in Windows Server 2016 is running on the Server:
Try { $defenderOptions = Get-MpComputerStatus if([string]::IsNullOrEmpty($defenderOptions)) { Write-host "Windows Defender was not found running on the Server:" $env:computername -foregroundcolor "Green" } else { Write-host "Windows Defender was found on the Server:" $env:computername -foregroundcolor "Cyan" Write-host " Is Windows Defender Enabled?" $defenderOptions.AntivirusEnabled Write-host " Is Windows Defender Service Enabled?" $defenderOptions.AMServiceEnabled Write-host " Is Windows Defender Antispyware Enabled?" $defenderOptions.AntispywareEnabled Write-host " Is Windows Defender OnAccessProtection Enabled?"$defenderOptions.OnAccessProtectionEnabled Write-host " Is Windows Defender RealTimeProtection Enabled?"$defenderOptions.RealTimeProtectionEnabled if($defenderOptions.RealTimeProtectionEnabled) { $windowsShell = new-object -comobject wscript.shell $questionResult = $windowsShell.popup("Do you want to disable Real Time Protection?", 0,"Not at this moment.",4) If ($questionResult -eq 6) { Set-MpPreference -DisableRealtimeMonitoring $true Write-host "Windows Defender Real Time Protection was successfully disabled" -foregroundcolor "Green" Write-host "Nevertheless Windows Defender is still running" } } } } Catch { Write-host "Windows Defender was not found running on the Server:" $env:computername -foregroundcolor "Green" }
Output type:
The script, not only allows you to check if Windows Defender is running on BizTalk Server but, if the Windows Defender is running and you have Real-Time Protection enabled it will allow you to disable this feature if you want – nevertheless, by disabling it the Windows Defender will still be running, the only thing is not doing is real-time protection to scan everything you download or run on Server.
Download
THIS POWERSHELL IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND.
You can download PowerShell to Check if Windows Defender is running on the Server from GitHub here:
1 thought on “BizTalk Assessment: How to check if Windows Defender is running on BizTalk Server with PowerShell”