Disabling antivirus software

Splunk Enterprise components (especially indexers) require high disk throughput, so you should disable or restrict any anti-virus software installed on the Windows server from scanning Splunk directories and processes.

You can remove the Windows Defender Features (Windows defender and GUI for Windows defender) on Windows Server 2016, for example, by starting Server Manager, selecting Local Server in the left-hand menu, scrolling down to Roles and Features, locating the Windows Defender feature, then clicking the down-arrow on Tasks (on the far right) and selecting Remove Roles and Features. You will then need to work through a series of steps in the wizard; when you get to the Features section, uncheck Windows Defender Features, click Next, then click Remove. The server will remove the software, after which you will need to do a reboot. 

If you have other anti-virus packages installed (McAfee, Symantec, and so on), you will have to consult the administration manuals for those solutions. Note that you should ensure that removing or limiting the anti-virus software on your Windows platforms is acceptable with your organization's security rules before taking any action!