Hi tsakumar81,
You can not stop the scans. However, that does not make you vulnerable.
Change the HTTP Server headers
This doesnt make you more secure, but you can remove identifying information that makes scanners less effective.
Set up a firewall and block non-essential services
Windows comes with a firewall. Use it to block all inbound traffic that is not port 80 and 443. This will make scans get less results and reduce your attack surface.
If you need to RDP in, open up port 3389 to your own subnet, or a few select IP addresses, but certainly not to the whole internet.
Install something that will protect your server from common exploitable attacks, such as XSS, and SQL Injection.
You can't block all attacks 100%, but you can install something like ModSecurity that will inspect the data submitted and block/log known attacks.
Start logging to a remote server
Your server might get compromised. Thats just reality. Have a plan for how you find out what happened, and a plan to restore the server if you need to.
Reference
Prevent vulnerability scanning
