Tutorial Know if we can use 2 antiviruses in SAME time and set them

Umbra

Level 85
Content Creator
Trusted
Joined
May 16, 2011
Messages
17,962
OS
Windows 10
Antivirus
Default-Deny
#1
Hi guys,

After following the very exciting and passionate discussion in this thread , i decided to give my point of view and advices on it based upon my intensive experiences in "Combo-Cooking"

Quick recapitulation

Should 2 AVs (Norton and MBAM in this case) can run in real-time simultaneously?
I will extend the topic to any AVs.

The parties in presence:

2 respectable and very knowledgeable members of our forum having opposite opinion, i will resume in one sentence their respective opinion (more details about it on the original tread)

Illumination: said a Main AV + a Companion AV, of course can be ran simultaneously without issues.
N.nvt: said 2 real-time AVs running in same time is not recommended and is begging for troubles.
Me (Umbra): i say both are right !

correct me if i am wrong , the thread was huge ^^

Also both knows that exceptions can occurs.

What we know/heard about it:

- Running 2 Avs in real-time is not recommended and may lead to conflict and systemic instability.True
- A companion AV is designed to be run alongside any AVs without creating conflicts or instability. True
- As Dubseven said (Tiranium AV developer) in the thread linked above, 2 real-time engines may "fight" again each other upon the malware and finally let it pass through both AVs. True
- I experienced it myself, some AVs detect and try to remove a malware even if it is already quarantined by the other.
- 2 main AVs seems working together but in fact issues will occurs sooner or later , especially because drivers, hooks and handles on the kernel of the OS.

Main AVs (aka the cop)

- Norton, Avira, ESET, Avast, Bit Defender, etc...
- the first line of defense of the system ,will have to protect it efficiently against malwares.
- must be run alone without interference from other security programs to insure optimal protection; it is why some of them will check if other security softs are present in the system and will ask to remove them (often true but sometimes it is just for marketing purpose or to avoid the support team to fix potential issues)

Companion AVs (aka the reinforcement)

-Emsisoft, Webroot, MBAM, Immunet, Kingsoft, Tiranium, etc..
- Designed (most often) to be run alongside full-fledge AVs to support them if they miss some malwares (no AVs are 100% efficient against all threats , even if Panda's CEO said its product does ;) )
- Some of them (Emsisoft, Webroot, Tiranium) are specifically designed and coded in their core to give the priority to the Main AV and will kick-in only if a malware is missed by it.
- the others are companion because the way they are implemented and their engine designed is made to not interfere with the Main AV.

The Hardware/system

better have a correct or strong system if you plan to run multiple real-time solutions, lack of resources will generate slowdowns then some of them will not behave properly.

The "Chaos Factor"

i call it like that (i like the name, i roxx ^^) because every system in the world is unique and react differently even if you have the exact same OS with the exact same softwares. What is true for you may be not for the others.
Keep this in your mind because it will avoid you to be a Troll ^^


the "User Factor"

aka YOU , don't be a dumb by installing multiple AVs together without deep analysis test and knowledge of their behaviors.


NOW that we have those infos , we can go deeper and then is where i involve ! :D


For years , i tried almost every reasonable combos possible without any conflicts. i say reasonable with a purpose , by this i mean that i never run together 2 main AVs !
i even managed to run Emsisoft IS Pack (Emsisoft AM + Online Armor Premium) alogside Avast IS (check my signature, it lead to the guide i made for it) !

Why i am among the best "Combo Masterchef" in the world :p

now there is my guideline to set a main AV alongside a Companion AV
1- installing and tweaking the Main AV

- your first move is to choose a decent and LIGHT (if possible) main AV; less resources it uses better it is for the system and the companion AV.
- check all settings and if you can, set the engine/guard to scan/detect on access/read ; it is crucial because it means that the Main AV will detect and quarantine the malicious file/process right away when it appears on the system (via memory, the hard drive, USB, etc...)
-

2- installing and tweaking the Companion AV

- same as the main AV , choose a decent and light one.
- If possible , make the companion's Guard service to start after the Main one. you can do this via tweaking the services to delay it start (in services.msc)
- check if it is compatible with your main AV (important point) since some of them have are "allergic" to some Main AVs (i remember Kingsoft having issues with some)
- VERY IMPORTANT: set the Companion to scan/detect on EXECUTION only (if possible ), so the Companion will not interfere with the Main AV when it will detect and quarantine/delete a malware
- check that the companion features (Behavior Blocker, webfilter, etc...) don't overlap with the Main AV's ones. If they both have the same features, disable the less effective one or the companion one (some AVs like Avast has inter-dependant modules so disable one makes the whole AV ineffective)

3- Set the exclusions

Extremely Important !

- exclude in each : ALL the other soft's folders/files (in program files, program data, etc...), processes, quarantine folder, etc...
- do this in each component of each soft (AV module, Behavior Blocker, HIPS, Sandbox, etc...)



i remember when i start using Comodo Is with Emsisoft AM as companion, Comodo AV was faster and quarantined the malware but i didn't set EAM to scan on execution so EAM showed an error saying it cant remove the malware because it was missing...

that shows that setting up each AV is fundamental !

After doing those 3 steps , your companion AV should not create any conflicts/interference with the main one.


Back to the debate
so now you have a good idea if Illumination or N.nvt are right or wrong !

the truth is:

if you follow all the steps above , you can run almost any companion alongside any Main AV, so Illumination is right.

if you recklessly install any AVs alongside any others without following the steps above, N.nvt is also right.

long time ago i tried Norton IS and MBAM , i tweaked both products properly so it works fine.


Conclusions

Never install 2 Avs without testing a solution alone first, so you can observe its true behavior.

Follow the steps above.

Also in a corporate point of view , you should never run any Combos , you have to avoid any kind of conflicts in any system belonging to the company you work in; failures means money loss in a corporate environment.
Not saying that the financial departrment wuill surely not acknowledge the purchase of multiple security products.

I will update this thread if some details/points comes in mind.

Things you have to know about AVs :

Myths & Facts about AVs by N.nvt
 
Last edited:

Jcwisgod

New Member
Joined
Dec 4, 2013
Messages
167
#2
I've been thinking about testing out Panda cloud anti-virus alongside Avast to see how it does, some AT&T support tech told me that's his configuration, and that it works good together
 
Likes: peymi

Umbra

Level 85
Content Creator
Trusted
Joined
May 16, 2011
Messages
17,962
OS
Windows 10
Antivirus
Default-Deny
#3
I've been thinking about testing out Panda cloud anti-virus alongside Avast to see how it does, some AT&T support tech told me that's his configuration, and that it works good together
no you can't , both are Main Avs and none are coded to be companion; it seems to work but sooner or later you will have issues
 
Joined
May 11, 2013
Messages
1,677
OS
Windows 7
Antivirus
Norton
#4
Umbra if you would have been a girl... hubba hubba hubba.
What a kickass GREAT superah dupah topic.
Omg Nobel prize in the making.

Still I would like to hijack your topic with my own: http://malwaretips.com/threads/anti-virus-malware-myths-and-facts.23944/
Because it adds to what I said and it does enhance your own topic.

That said, if I could give you a 1000 likes I would.
So instead ill give you + 1000 rep.
 

Umbra

Level 85
Content Creator
Trusted
Joined
May 16, 2011
Messages
17,962
OS
Windows 10
Antivirus
Default-Deny
#5
thanks nvt, i added you link for reference purpose on my post
 
Likes: Kent

venustus

Level 43
Content Creator
Trusted
Joined
Dec 30, 2012
Messages
3,237
OS
Windows 10
Antivirus
Kaspersky
#6
Thanks for the advice and opinions!

Much appreciated!:)
 

Purshu_Pro

Level 29
Trusted
Joined
Aug 3, 2013
Messages
1,847
OS
Windows 10
Antivirus
Emsisoft
#11
I have Started using ESET Smart security with Malwarebytes antimalware Pro. So is that ok, should i change any thing here?
I have tweaked ESET as u had posted in a thread here in MT. i have Made default for MBAM Pro.
 
Likes: Kent
I

illumination

Guest
#16
In my opinion, there is NO need to be running 2 or more antivirus / anti-spyware software in real-time.
I will give you one good reason. The test Dubseven did with KIS and Mbam pro in his VM.. The sample slid right by KIS, but was caught upon execution by Mbam.. The whole point of the companion program is to cover what is missed by the AV to begin with..

Of course we all have our opinions.. :)
 

Umbra

Level 85
Content Creator
Trusted
Joined
May 16, 2011
Messages
17,962
OS
Windows 10
Antivirus
Default-Deny
#18
I will give you one good reason. The test Dubseven did with KIS and Mbam pro in his VM.. The sample slid right by KIS, but was caught upon execution by Mbam.. The whole point of the companion program is to cover what is missed by the AV to begin with..
that is true also but i prefer use one AV and another security soft that is not specifically an AV (for resources/responsiveness sake) to support it; i like high responsiveness of my OS :D
 
Likes: illumination

Similar Threads

Similar Threads