Menu
In order to allow BitDefender Security for Windows Servers to update from a local update server you need to configure it to allow insecure updates: Open BitDefender; Go to Update. Read more Manually Updating Bitdefender Security for Windows Servers using cumulative.zip. Bitdefender Central is a brand new security hub, which allows you to manage your Bitdefender products and protected devices from a single, unified interface. Congratulations, you’ve just created the Bitdefender Relay package. In order to install it, check it, and click the Download button. We’re going to use the Windows Downloader for this example. (SBS) 2011, Windows Server 2008 R2, Windows Server 2016 Core LICENSING OPTIONS GravityZone Endpoint Security HD is included in the Bitdefender GravityZone Elite suite (Cloud-managed). GravityZone Elite suite also includes Security for Endpoint running on Windows, Mac and Linux.
- Bitdefender Security For Windows Servers Download
- Bitdefender For Windows 7 Free
- Windows Server Versions
- Bitdefender For Windows Server 2008 R2
Applies to:
Windows Defender Antivirus on Windows Server 2016 computers automatically enrolls you in certain exclusions, as defined by your specified server role. See the end of this topic for a list of these exclusions.
These exclusions will not appear in the standard exclusion lists shown in the Windows Security app.
You can still add or remove custom exclusions (in addition to the server role-defined automatic exclusions) as described in these exclusion-related topics:
Custom exclusions take precedence over automatic exclusions.
Tip
![Windows server 2019 Windows server 2019](/uploads/1/2/6/0/126062433/894135271.jpg)
Custom and duplicate exclusions do not conflict with automatic exclusions.
Windows Defender Antivirus uses the Deployment Image Servicing and Management (DISM) tools to determine which roles are installed on your computer.
Opt out of automatic exclusions
In Windows Server 2016, the predefined exclusions delivered by Security intelligence updates only exclude the default paths for a role or feature. If you installed a role or feature in a custom path, or you want to manually control the set of exclusions, you need to opt out of the automatic exclusions delivered in Security intelligence updates.
Warning
Opting out of automatic exclusions may adversely impact performance, or result in data corruption. The exclusions that are delivered automatically are optimized for Windows Server 2016 roles.
Note
This setting is only supported on Windows Server 2016. While this setting exists in Windows 10, it doesn't have an effect on exclusions.
Tip
Since the predefined exclusions only exclude default paths, if you move NTDS and SYSVOL to another drive or path different than the original one, you would have to manually add the exclusions using the information here .
You can disable the automatic exclusion lists with Group Policy, PowerShell cmdlets, and WMI.
Use Group Policy to disable the auto-exclusions list on Windows Server 2016:
- On your Group Policy management computer, open the Group Policy Management Console, right-click the Group Policy Object you want to configure and click Edit.
- In the Group Policy Management Editor go to Computer configuration and click Administrative templates.
- Expand the tree to Windows components > Windows Defender Antivirus > Exclusions.
- Double-click Turn off Auto Exclusions and set the option to Enabled. Click OK.
Use PowerShell cmdlets to disable the auto-exclusions list on Windows Server 2016:
Use the following cmdlets:
See Use PowerShell cmdlets to configure and run Windows Defender Antivirus and Defender cmdlets for more information on how to use PowerShell with Windows Defender Antivirus.
Use Windows Management Instruction (WMI) to disable the auto-exclusions list on Windows Server 2016:
Use the Set method of the MSFT_MpPreference class for the following properties:
See the following for more information and allowed parameters:
List of automatic exclusions
The following sections contain the exclusions that are delivered with automatic exclusions file paths and file types.
Default exclusions for all roles
This section lists the default exclusions for all Windows Server 2016 roles.
- Windows 'temp.edb' files:
- %windir%SoftwareDistributionDatastore*tmp.edb
- %ProgramData%MicrosoftSearchDataApplicationsWindows**.log
- Windows Update files or Automatic Update files:
- %windir%SoftwareDistributionDatastore*Datastore.edb
- %windir%SoftwareDistributionDatastore*edb.chk
- %windir%SoftwareDistributionDatastore*edb*.log
- %windir%SoftwareDistributionDatastore*Edb*.jrs
- %windir%SoftwareDistributionDatastore*Res*.log
- Windows Security files:
- %windir%Securitydatabase*.chk
- %windir%Securitydatabase*.edb
- %windir%Securitydatabase*.jrs
- %windir%Securitydatabase*.log
- %windir%Securitydatabase*.sdb
- Group Policy files:
- %allusersprofile%NTUser.pol
- %SystemRoot%System32GroupPolicyMachineregistry.pol
- %SystemRoot%System32GroupPolicyUserregistry.pol
- WINS files:
- %systemroot%System32Wins**.chk
- %systemroot%System32Wins**.log
- %systemroot%System32Wins**.mdb
- %systemroot%System32LogFiles
- %systemroot%SysWow64LogFiles
- File Replication Service (FRS) exclusions:
- Files in the File Replication Service (FRS) working folder. The FRS working folder is specified in the registry key
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesNtFrsParametersWorking Directory
- %windir%Ntfrsjetsys*edb.chk
- %windir%Ntfrsjet*Ntfrs.jdb
- %windir%Ntfrsjetlog**.log
- FRS Database log files. The FRS Database log file folder is specified in the registry key
HKEY_LOCAL_MACHINESystemCurrentcontrolsetServicesNtfrsParametersDB Log File Directory
-%windir%Ntfrs*Edb*.log- The FRS staging folder. The staging folder is specified in the registry key
HKEY_LOCAL_MACHINESystemCurrentcontrolsetServicesNtFrsParametersReplica SetsGUIDReplica Set Stage
- %systemroot%Sysvol*Nntfrs_cmp*
- The FRS preinstall folder. This folder is specified by the folder
Replica_rootDO_NOT_REMOVE_NtFrs_PreInstall_Directory
- %systemroot%SYSVOLdomainDO_NOT_REMOVE_NtFrs_PreInstall_Directory*Ntfrs*
- The Distributed File System Replication (DFSR) database and working folders. These folders are specified by the registry key
HKEY_LOCAL_MACHINESystemCurrentcontrolsetServicesDFSRParametersReplication GroupsGUIDReplica Set Configuration File
NoteFor custom locations, see Opt out of automatic exclusions.- %systemdrive%System Volume InformationDFSR$db_normal$
- %systemdrive%System Volume InformationDFSRFileIDTable_*
- %systemdrive%System Volume InformationDFSRSimilarityTable_*
- %systemdrive%System Volume InformationDFSR*.XML
- %systemdrive%System Volume InformationDFSR$db_dirty$
- %systemdrive%System Volume InformationDFSR$db_clean$
- %systemdrive%System Volume InformationDFSR$db_lostl$
- %systemdrive%System Volume InformationDFSRDfsr.db
- %systemdrive%System Volume InformationDFSR*.frx
- %systemdrive%System Volume InformationDFSR*.log
- %systemdrive%System Volume InformationDFSRFsr*.jrs
- %systemdrive%System Volume InformationDFSRTmp.edb
- Process exclusions
- %systemroot%System32dfsr.exe
- %systemroot%System32dfsrs.exe
- Hyper-V exclusions:
- This section lists the file type exclusions, folder exclusions, and process exclusions that are delivered automatically when you install the Hyper-V role
- File type exclusions:
- *.vhd
- *.vhdx
- *.avhd
- *.avhdx
- *.vsv
- *.iso
- *.rct
- *.vmcx
- *.vmrs
- Folder exclusions:
- %ProgramData%MicrosoftWindowsHyper-V
- %ProgramFiles%Hyper-V
- %SystemDrive%ProgramDataMicrosoftWindowsHyper-VSnapshots
- %Public%DocumentsHyper-VVirtual Hard Disks
- Process exclusions:
- %systemroot%System32Vmms.exe
- %systemroot%System32Vmwp.exe
- SYSVOL files:
- %systemroot%SysvolDomain*.adm
- %systemroot%SysvolDomain*.admx
- %systemroot%SysvolDomain*.adml
- %systemroot%SysvolDomainRegistry.pol
- %systemroot%SysvolDomain*.aas
- %systemroot%SysvolDomain*.inf
- %systemroot%SysvolDomain*.Scripts.ini
- %systemroot%SysvolDomain*.ins
- %systemroot%SysvolDomainOscfilter.ini
Active Directory exclusions
This section lists the exclusions that are delivered automatically when you install Active Directory Domain Services.
- NTDS database files. The database files are specified in the registry key
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesNTDSParametersDSA Database File
- %windir%Ntdsntds.dit
- %windir%Ntdsntds.pat
- The AD DS transaction log files. The transaction log files are specified in the registry key
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesNTDSParametersDatabase Log Files
- %windir%NtdsEDB*.log
- %windir%NtdsRes*.log
- %windir%NtdsEdb*.jrs
- %windir%NtdsNtds*.pat
- %windir%NtdsEDB*.log
- %windir%NtdsTEMP.edb
- The NTDS working folder. This folder is specified in the registry key
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesNTDSParametersDSA Working Directory
- %windir%NtdsTemp.edb
- %windir%NtdsEdb.chk
- Process exclusions for AD DS and AD DS-related support files:
- %systemroot%System32ntfrs.exe
- %systemroot%System32lsass.exe
DHCP Server exclusions
This section lists the exclusions that are delivered automatically when you install the DHCP Server role. The DHCP Server file locations are specified by the DatabasePath, DhcpLogFilePath, and BackupDatabasePath parameters in the registry key
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesDHCPServerParameters
- %systemroot%System32DHCP**.mdb
- %systemroot%System32DHCP**.pat
- %systemroot%System32DHCP**.log
- %systemroot%System32DHCP**.chk
- %systemroot%System32DHCP**.edb
DNS Server exclusions
This section lists the file and folder exclusions and the process exclusions that are delivered automatically when you install the DNS Server role.
- File and folder exclusions for the DNS Server role:
- %systemroot%System32Dns**.log
- %systemroot%System32Dns**.dns
- %systemroot%System32Dns**.scc
- %systemroot%System32Dns*BOOT
- Process exclusions for the DNS Server role:
- %systemroot%System32dns.exe
File and Storage Services exclusions
This section lists the file and folder exclusions that are delivered automatically when you install the File and Storage Services role. The exclusions listed below do not include exclusions for the Clustering role.
- %SystemDrive%ClusterStorage
- %clusterserviceaccount%Local SettingsTemp
- %SystemDrive%mscs
Print Server exclusions
This section lists the file type exclusions, folder exclusions, and the process exclusions that are delivered automatically when you install the Print Server role.
- File type exclusions:
- *.shd
- *.spl
- Folder exclusions. This folder is specified in the registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlPrintPrintersDefaultSpoolDirectory
- %system32%spoolprinters*
- Process exclusions:
- spoolsv.exe
Web Server exclusions
This section lists the folder exclusions and the process exclusions that are delivered automatically when you install the Web Server role.
- Folder exclusions:
- %SystemRoot%IIS Temporary Compressed Files
- %SystemDrive%inetpubtempIIS Temporary Compressed Files
- %SystemDrive%inetpubtempASP Compiled Templates
- %systemDrive%inetpublogs
- %systemDrive%inetpubwwwroot
- Process exclusions:
- %SystemRoot%system32inetsrvw3wp.exe
- %SystemRoot%SysWOW64inetsrvw3wp.exe
- %SystemDrive%PHP5433php-cgi.exe
Windows Server Update Services exclusions
This section lists the folder exclusions that are delivered automatically when you install the Windows Server Update Services (WSUS) role. The WSUS folder is specified in the registry key
HKEY_LOCAL_MACHINESoftwareMicrosoftUpdate ServicesServerSetup
- %systemroot%WSUSWSUSContent
- %systemroot%WSUSUpdateServicesDBFiles
- %systemroot%SoftwareDistributionDatastore
- %systemroot%SoftwareDistributionDownload
Related topics
Sign up for any of Bitdefender's excellent security packages - Antivirus Plus, Internet Security, Total Security or its mobile apps - and you'll now also get a bundled VPN. Sounds great, until you realize there's no option to choose a location (the app automatically picks the nearest server), and you spot the tiny data transfer limit of 200MB a day.r), and you spot the tiny data transfer limit of 200MB a day.
Bitdefender Security For Windows Servers Download
Buying an additional Bitdefender Premium VPN license gets you unlimited traffic and full access to all 27 countries. (Bitdefender VPN is powered by Hotspot Shield, a strong indicator that you're going to get a decent service.)
- Want to try Bitdefender Premium VPN? Check out the website here
Prices are low at $6.99 billed monthly, or an equivalent $3.33 a month for year one on the annual plan, $4.17 on renewal.
One potential issue to consider is that you'll only be able to use the VPN on the number of devices covered by your Bitdefender security software license.
If you've bought Bitdefender Antivirus Plus for a single device, for instance, then you'll only be able to use the VPN on that device, perhaps a problem.
But if you've purchased a Total Security License covering ten devices, then you'll be able to use the VPN on all of these for the same price, a much better deal.
There's no trial of the full service, unfortunately, and the 200MB-a-day free product won't give you much of an idea of how it really works (that's not even enough bandwidth to run a single web-based speed test.)
Bitdefender does provide a 30-day money-back guarantee, though, so you should be able to get a refund if the service doesn't work out for you.
Privacy and logging
Bitdefender Premium VPN appears to be a solely Bitdefender product - you pay them to use the service, it's powered by their software - but it works by connecting to Hotspot Shield servers and using the Hotspot Shield network. That doesn't matter at all when you're using the service, but it's relevant when you're trying to figure out the service logging policy, because that isn't under Bitdefender's control.
You can see this in Bitdefender's very basic Privacy Policy, describing the data it uses:
'We collect for this service only randomly generated or hashed user and device IDs, IP addresses and randomly generated tokens to establish VPN connection for the sole purpose of providing the VPN service. For this service, we use AnchorFree as data processor who processes data on behalf of Bitdefender in accordance with Bitdefender's instructions and for the sole purpose of providing VPN services to users.'
Not exactly helpful.
What we can say is that Bitdefender knows the devices where you've installed the VPN, as this will have its security software (you can't run the VPN stand-alone.) To manage a 200MB per day limit on the free plan, Bitdefender must be able to maintain at least a running total of the bandwidth used per device. But it can't see the websites you're visiting, or the content of your web traffic, as that's encrypted by the VPN.
Any more detailed service logging would be carried out by Hotspot Shield, but its privacy policy explains, reassuringly, that there's no monitoring of your web traffic or browsing history, or any detailed session logging.
Life isn't quite that simple, and the small print explains that device IDs and IP addresses may be collected in a few situations. These are far less significant than we've seen with many commercial VPNs, and we see no major issues, but check out our full Hotspot Shield review if you're interested.
Apps
To try Bitdefender VPN, you must first install one of Bitdefender's security applications. If you don't have one yet, you can usually install a free trial, so for example there's a 30-day trial version of Bitdefender Total Security available for Windows. But keep in mind that the suite only includes the limited 200MB per day version of the VPN, and you won't get a real idea of the VPN's abilities until you've handed over some cash.
The Windows VPN installer demands you remove other VPN drivers, unusually. There's perhaps a case for that with novice users, but if you're hoping to have another VPN installed alongside Bitdefender, it could be frustrating.
Bitdefender's client is very, very basic, with the bare minimum of features. A large blue Connect button will by default connect you to your nearest server; you're able to choose another location from a simple list; and there are settings to launch Bitdefender VPN along with Windows, and automatically connect whenever you access an insecure wireless network.
There are very few of the other features we would normally hope to see. You can't choose locations at the city level, only countries; the client doesn't display a desktop notification when you connect; you can't change servers until you've manually closed the existing connection; there's no Favorites or Recently Used list to speed up accessing commonly-used servers; there's no kill switch to block internet access if the connection drops; there's no option to change protocol, or tweak your connection in any way.
There are some plus points. The client is so easy to use that even total beginners probably won't need any support, and it handles unexpected situations with ease. When we made the VPN connection drop by forcibly closing the openvpn.exe process - a very aggressive step which is most unlikely to happen in real life - the client warned us immediately with a desktop alert, then automatically reconnected within seconds. (The lack of a kill switch meant our traffic was exposed until the connection was re-established, though.)
If you're looking to buy Bitdefender Premium VPN as a cheaper route to access Hotspot Shield, it's worth noting that Hotspot Shield's own Windows client has a few extra features, including a kill switch, extra leak protection, finer control over when the VPN will automatically connect, and the very speedy Catapult Hydra protocol (the Windows client is OpenVPN-only.)
Bitdefender Premium VPN is also considerably cheaper, so might be worth the tradeoff. But if you'd like to compare the two, Hotspot Shield's free trial gives you 7 days to check out the service.
Netflix
Bitdefender sells Premium VPN mostly for its encryption and anonymity benefits, but the website claims it can also 'unlock media, videos & messaging from all over the world.'
That wasn't true for BBC iPlayer, unfortunately. When we tried to stream content while connected to the UK server, iPlayer told us 'this content is not available in your location.'
Premium VPN did successfully unblock US-only YouTube content, but then so does almost every other VPN we've ever reviewed.
Unblocking US Netflix is the biggest challenge of all, but Premium failed there, too, with the website displaying the 'streaming error' message you'll see whenever it spots a VPN.
Performance
UK speeds were disappointing during our last review, but not this time. Connecting to Bitdefender Premium VPN's nearest UK server gave us decent speeds of around 63-65Mbps on a 75Mbps test connection, much the same as we'd expect from any quality VPN.
Bitdefender For Windows 7 Free
To see just how fast Bitdefender Premium VPN could go, we repeated the tests from a US location with a 475Mbps line.
The results were hugely variable, ranging from 62Mbps to 355Mbps. Some providers were faster and most consistent - Private Internet Access managed 315 to 450Mbps - but, let's be realistic: a minimum speed of 62Mbps really isn't that bad.
Finally, we tried connecting from the UK to more distant locations. European countries managed a reasonable 40-50Mbps, but switching to the farthest locations saw speeds plummet, with Australia and Singapore struggling to reach 2-3Mbps. Maybe we were just unlucky, but if you're hoping to use the VPN over very long-distance connections, we'd recommend you run in-depth speed tests of your own to understand the performance you're likely to get.
Windows Server Versions
Final verdict
Bitdefender Premium VPN works well as a simple way for Bitdefender users to secure their network connections when they're out and about, but the service doesn't have the power, the features or the configurability to attract more demanding types.
Bitdefender For Windows Server 2008 R2
- Also check out our roundup of the best VPN services of 2019