How-to Guide Know if we can use 2 antiviruses in SAME time and set them

Discussion in 'Tutorials & Guides' started by Umbra, Mar 13, 2014.

  1. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,656
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    #1 Umbra, Mar 13, 2014
    Last edited: Mar 13, 2014
    Hi guys,

    After following the very exciting and passionate discussion in this thread , i decided to give my point of view and advices on it based upon my intensive experiences in "Combo-Cooking"

    Quick recapitulation

    Should 2 AVs (Norton and Malwarebytes Anti-Malware in this case) can run in real-time simultaneously?
    I will extend the topic to any AVs.

    The parties in presence:

    2 respectable and very knowledgeable members of our forum having opposite opinion, i will resume in one sentence their respective opinion (more details about it on the original tread)

    Illumination: said a Main AV + a Companion AV, of course can be ran simultaneously without issues.
    N.nvt: said 2 real-time AVs running in same time is not recommended and is begging for troubles.
    Me (Umbra): i say both are right !

    correct me if i am wrong , the thread was huge ^^

    Also both knows that exceptions can occurs.

    What we know/heard about it:

    - Running 2 Avs in real-time is not recommended and may lead to conflict and systemic instability.True
    - A companion AV is designed to be run alongside any AVs without creating conflicts or instability. True
    - As Dubseven said (Tiranium AV developer) in the thread linked above, 2 real-time engines may "fight" again each other upon the malware and finally let it pass through both AVs. True
    - I experienced it myself, some AVs detect and try to remove a malware even if it is already quarantined by the other.
    - 2 main AVs seems working together but in fact issues will occurs sooner or later , especially because drivers, hooks and handles on the kernel of the OS.

    Main AVs (aka the cop)

    - Norton, Avira, ESET, Avast, Bit Defender, etc...
    - the first line of defense of the system ,will have to protect it efficiently against malwares.
    - must be run alone without interference from other security programs to insure optimal protection; it is why some of them will check if other security softs are present in the system and will ask to remove them (often true but sometimes it is just for marketing purpose or to avoid the support team to fix potential issues)

    Companion AVs (aka the reinforcement)

    -Emsisoft, Webroot, Malwarebytes Anti-Malware, Immunet, Kingsoft, Tiranium, etc..
    - Designed (most often) to be run alongside full-fledge AVs to support them if they miss some malwares (no AVs are 100% efficient against all threats , even if Panda's CEO said its product does ;) )
    - Some of them (Emsisoft, Webroot, Tiranium) are specifically designed and coded in their core to give the priority to the Main AV and will kick-in only if a malware is missed by it.
    - the others are companion because the way they are implemented and their engine designed is made to not interfere with the Main AV.

    The Hardware/system

    better have a correct or strong system if you plan to run multiple real-time solutions, lack of resources will generate slowdowns then some of them will not behave properly.

    The "Chaos Factor"

    i call it like that (i like the name, i roxx ^^) because every system in the world is unique and react differently even if you have the exact same OS with the exact same softwares. What is true for you may be not for the others.
    Keep this in your mind because it will avoid you to be a Troll ^^


    the "User Factor"

    aka YOU , don't be a dumb by installing multiple AVs together without deep analysis test and knowledge of their behaviors.


    NOW that we have those infos , we can go deeper and then is where i involve ! :D


    For years , i tried almost every reasonable combos possible without any conflicts. i say reasonable with a purpose , by this i mean that i never run together 2 main AVs !
    i even managed to run Emsisoft IS Pack (Emsisoft AM + Online Armor Premium) alogside Avast IS (check my signature, it lead to the guide i made for it) !

    Why i am among the best "Combo Masterchef" in the world :p

    now there is my guideline to set a main AV alongside a Companion AV
    1- installing and tweaking the Main AV

    - your first move is to choose a decent and LIGHT (if possible) main AV; less resources it uses better it is for the system and the companion AV.
    - check all settings and if you can, set the engine/guard to scan/detect on access/read ; it is crucial because it means that the Main AV will detect and quarantine the malicious file/process right away when it appears on the system (via memory, the hard drive, USB, etc...)
    -

    2- installing and tweaking the Companion AV

    - same as the main AV , choose a decent and light one.
    - If possible , make the companion's Guard service to start after the Main one. you can do this via tweaking the services to delay it start (in services.msc)
    - check if it is compatible with your main AV (important point) since some of them have are "allergic" to some Main AVs (i remember Kingsoft having issues with some)
    - VERY IMPORTANT: set the Companion to scan/detect on EXECUTION only (if possible ), so the Companion will not interfere with the Main AV when it will detect and quarantine/delete a malware
    - check that the companion features (Behavior Blocker, webfilter, etc...) don't overlap with the Main AV's ones. If they both have the same features, disable the less effective one or the companion one (some AVs like Avast has inter-dependant modules so disable one makes the whole AV ineffective)

    3- Set the exclusions

    Extremely Important !

    - exclude in each : ALL the other soft's folders/files (in program files, program data, etc...), processes, quarantine folder, etc...
    - do this in each component of each soft (AV module, Behavior Blocker, HIPS, Sandbox, etc...)



    i remember when i start using Comodo Is with Emsisoft AM as companion, Comodo AV was faster and quarantined the malware but i didn't set EAM to scan on execution so EAM showed an error saying it cant remove the malware because it was missing...

    that shows that setting up each AV is fundamental !

    After doing those 3 steps , your companion AV should not create any conflicts/interference with the main one.


    Back to the debate
    so now you have a good idea if Illumination or N.nvt are right or wrong !

    the truth is:

    if you follow all the steps above , you can run almost any companion alongside any Main AV, so Illumination is right.

    if you recklessly install any AVs alongside any others without following the steps above, N.nvt is also right.

    long time ago i tried Norton IS and Malwarebytes Anti-Malware , i tweaked both products properly so it works fine.


    Conclusions

    Never install 2 Avs without testing a solution alone first, so you can observe its true behavior.

    Follow the steps above.

    Also in a corporate point of view , you should never run any Combos , you have to avoid any kind of conflicts in any system belonging to the company you work in; failures means money loss in a corporate environment.
    Not saying that the financial departrment wuill surely not acknowledge the purchase of multiple security products.

    I will update this thread if some details/points comes in mind.

    Things you have to know about AVs :

    Myths & Facts about AVs by N.nvt
     
  2. Jcwisgod

    Jcwisgod New Member

    Dec 4, 2013
    167
    78
    I've been thinking about testing out Panda cloud anti-virus alongside Avast to see how it does, some AT&T support tech told me that's his configuration, and that it works good together
     
    peymi likes this.
  3. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,656
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    no you can't , both are Main Avs and none are coded to be companion; it seems to work but sooner or later you will have issues
     
    Cats-4_Owners-2 and Nico@FMA like this.
  4. Nico@FMA

    Nico@FMA Level 27

    May 11, 2013
    1,677
    3,704
    Security Consultant, ICT Advisor and Developer
    Friesland (Harlingen)
    Windows 7
    Norton
    Umbra if you would have been a girl... hubba hubba hubba.
    What a kickass GREAT superah dupah topic.
    Omg Nobel prize in the making.

    Still I would like to hijack your topic with my own: http://malwaretips.com/threads/anti-virus-malware-myths-and-facts.23944/
    Because it adds to what I said and it does enhance your own topic.

    That said, if I could give you a 1000 likes I would.
    So instead ill give you + 1000 rep.
     
  5. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,656
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    thanks nvt, i added you link for reference purpose on my post
     
    Kent likes this.
  6. venustus

    venustus Level 43
    Content Creator Trusted

    Dec 30, 2012
    3,226
    16,098
    Sydney
    Windows 10
    Kaspersky
    Thanks for the advice and opinions!

    Much appreciated!:)
     
  7. Jcwisgod

    Jcwisgod New Member

    Dec 4, 2013
    167
    78
    Ah not gonna mess with them two then, if I try anything I'll use an VM first
     
    Umbra likes this.
  8. Nico@FMA

    Nico@FMA Level 27

    May 11, 2013
    1,677
    3,704
    Security Consultant, ICT Advisor and Developer
    Friesland (Harlingen)
    Windows 7
    Norton
    Guys in addition to what Umbra said I would like to point out that my topic: Myths & Facts about AVs
    Has been updated and finished.
     
    Umbra and Spawn like this.
  9. BoraMurdar

    BoraMurdar Super Moderator
    Staff Member

    Aug 30, 2012
    5,784
    22,502
    Doctor of medicine
    Serbia
    Windows 10
    Emsisoft
    [​IMG]
    Photoshop Level over 9000
     
  10. Dubseven

    Dubseven New Member

    Aug 12, 2013
    659
    2
    For this nice topic coming with the end of the war of debats :

    [​IMG]
    @on the post
     
    Cats-4_Owners-2, Umbra and BoraMurdar like this.
  11. Purshu_Pro

    Purshu_Pro Level 29
    Trusted

    Aug 3, 2013
    1,822
    3,083
    EMSISOFT Re-Seller
    India
    Windows 10
    Emsisoft
    I have Started using ESET Smart security with Malwarebytes antimalware Pro. So is that ok, should i change any thing here?
    I have tweaked ESET as u had posted in a thread here in MT. i have Made default for Malwarebytes Anti-Malware Pro.
     
    Kent likes this.
  12. koushik

    koushik Level 2

    Nov 15, 2013
    93
    74
    I am using Kaspersky Internet Security 2014 along with Malwarebytes Anti-Malware 2.0 Pro ... :)
     
  13. Oxygen

    Oxygen Level 42

    Feb 23, 2014
    3,135
    6,059
    United States
    Windows 10
    Emsisoft
    ESET Smart Security + Malwarebytes PRO.
     
  14. Spawn

    Spawn Administrator
    Staff Member Content Creator

    Jan 8, 2011
    16,261
    24,194
    In my opinion, there is NO need to be running 2 or more antivirus / anti-spyware software in real-time.
     
  15. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,656
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    You are right Huracan; but human nature is such that : "why have one when you can get two , and why two when you can gain three" :D
     
  16. illumination

    illumination Guest

    I will give you one good reason. The test Dubseven did with KIS and Malwarebytes Anti-Malware pro in his VM.. The sample slid right by KIS, but was caught upon execution by Malwarebytes Anti-Malware.. The whole point of the companion program is to cover what is missed by the AV to begin with..

    Of course we all have our opinions.. :)
     
  17. Theguywholikesbetas

    Theguywholikesbetas New Member

    Feb 23, 2014
    63
    144
    #17 Theguywholikesbetas, Mar 13, 2014
    Last edited: Mar 13, 2014
    Hitman PRO if you all don't know is a triple backup which is damn nice because it doesn't interrupt anything


    (EDIT) MicroSoft Security Essentials + Immunet+ Malwarebytes Anti-Malware 2.0 + Hitman PRO
    or ClamAV
     
  18. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,656
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    that is true also but i prefer use one AV and another security soft that is not specifically an AV (for resources/responsiveness sake) to support it; i like high responsiveness of my OS :D
     
    illumination likes this.
  19. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,656
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    ClamAV really? :D
     
    Malware1 and Cats-4_Owners-2 like this.
  20. Theguywholikesbetas

    Theguywholikesbetas New Member

    Feb 23, 2014
    63
    144
    ClamAV is really light on my system and it has a pretty good detection ratio for me
     
    Cats-4_Owners-2 likes this.
Loading...
Similar Threads Forum Date
NextGen antiviruses where do you get them? General Security Discussions Jul 17, 2017
Q&A IObit Malware Fighter with other antiviruses IObit Dec 21, 2016
Odd thing about Free Antiviruses General Security Discussions Nov 15, 2016