Tutorial Know if we can use 2 antiviruses in SAME time and set them

Hi guys,

After following the very exciting and passionate discussion in this thread , i decided to give my point of view and advices on it based upon my intensive experiences in "Combo-Cooking"

Quick recapitulation

Should 2 AVs (Norton and MBAM in this case) can run in real-time simultaneously?
I will extend the topic to any AVs.

The parties in presence:

2 respectable and very knowledgeable members of our forum having opposite opinion, i will resume in one sentence their respective opinion (more details about it on the original tread)

Illumination: said a Main AV + a Companion AV, of course can be ran simultaneously without issues.
N.nvt: said 2 real-time AVs running in same time is not recommended and is begging for troubles.
Me (Umbra): i say both are right !

correct me if i am wrong , the thread was huge ^^

Also both knows that exceptions can occurs.

What we know/heard about it:

- Running 2 Avs in real-time is not recommended and may lead to conflict and systemic instability.True
- A companion AV is designed to be run alongside any AVs without creating conflicts or instability. True
- As Dubseven said (Tiranium AV developer) in the thread linked above, 2 real-time engines may "fight" again each other upon the malware and finally let it pass through both AVs. True
- I experienced it myself, some AVs detect and try to remove a malware even if it is already quarantined by the other.
- 2 main AVs seems working together but in fact issues will occurs sooner or later , especially because drivers, hooks and handles on the kernel of the OS.

Main AVs (aka the cop)

- Norton, Avira, ESET, Avast, Bit Defender, etc...
- the first line of defense of the system ,will have to protect it efficiently against malwares.
- must be run alone without interference from other security programs to insure optimal protection; it is why some of them will check if other security softs are present in the system and will ask to remove them (often true but sometimes it is just for marketing purpose or to avoid the support team to fix potential issues)

Companion AVs (aka the reinforcement)

-Emsisoft, Webroot, MBAM, Immunet, Kingsoft, Tiranium, etc..
- Designed (most often) to be run alongside full-fledge AVs to support them if they miss some malwares (no AVs are 100% efficient against all threats , even if Panda's CEO said its product does ;) )
- Some of them (Emsisoft, Webroot, Tiranium) are specifically designed and coded in their core to give the priority to the Main AV and will kick-in only if a malware is missed by it.
- the others are companion because the way they are implemented and their engine designed is made to not interfere with the Main AV.

The Hardware/system

better have a correct or strong system if you plan to run multiple real-time solutions, lack of resources will generate slowdowns then some of them will not behave properly.

The "Chaos Factor"

i call it like that (i like the name, i roxx ^^) because every system in the world is unique and react differently even if you have the exact same OS with the exact same softwares. What is true for you may be not for the others.
Keep this in your mind because it will avoid you to be a Troll ^^


the "User Factor"

aka YOU , don't be a dumb by installing multiple AVs together without deep analysis test and knowledge of their behaviors.


NOW that we have those infos , we can go deeper and then is where i involve ! :D


For years , i tried almost every reasonable combos possible without any conflicts. i say reasonable with a purpose , by this i mean that i never run together 2 main AVs !
i even managed to run Emsisoft IS Pack (Emsisoft AM + Online Armor Premium) alogside Avast IS (check my signature, it lead to the guide i made for it) !

Why i am among the best "Combo Masterchef" in the world :p

now there is my guideline to set a main AV alongside a Companion AV
1- installing and tweaking the Main AV

- your first move is to choose a decent and LIGHT (if possible) main AV; less resources it uses better it is for the system and the companion AV.
- check all settings and if you can, set the engine/guard to scan/detect on access/read ; it is crucial because it means that the Main AV will detect and quarantine the malicious file/process right away when it appears on the system (via memory, the hard drive, USB, etc...)
-

2- installing and tweaking the Companion AV

- same as the main AV , choose a decent and light one.
- If possible , make the companion's Guard service to start after the Main one. you can do this via tweaking the services to delay it start (in services.msc)
- check if it is compatible with your main AV (important point) since some of them have are "allergic" to some Main AVs (i remember Kingsoft having issues with some)
- VERY IMPORTANT: set the Companion to scan/detect on EXECUTION only (if possible ), so the Companion will not interfere with the Main AV when it will detect and quarantine/delete a malware
- check that the companion features (Behavior Blocker, webfilter, etc...) don't overlap with the Main AV's ones. If they both have the same features, disable the less effective one or the companion one (some AVs like Avast has inter-dependant modules so disable one makes the whole AV ineffective)

3- Set the exclusions

Extremely Important !

- exclude in each : ALL the other soft's folders/files (in program files, program data, etc...), processes, quarantine folder, etc...
- do this in each component of each soft (AV module, Behavior Blocker, HIPS, Sandbox, etc...)



i remember when i start using Comodo Is with Emsisoft AM as companion, Comodo AV was faster and quarantined the malware but i didn't set EAM to scan on execution so EAM showed an error saying it cant remove the malware because it was missing...

that shows that setting up each AV is fundamental !

After doing those 3 steps , your companion AV should not create any conflicts/interference with the main one.


Back to the debate
so now you have a good idea if Illumination or N.nvt are right or wrong !

the truth is:

if you follow all the steps above , you can run almost any companion alongside any Main AV, so Illumination is right.

if you recklessly install any AVs alongside any others without following the steps above, N.nvt is also right.

long time ago i tried Norton IS and MBAM , i tweaked both products properly so it works fine.


Conclusions

Never install 2 Avs without testing a solution alone first, so you can observe its true behavior.

Follow the steps above.

Also in a corporate point of view , you should never run any Combos , you have to avoid any kind of conflicts in any system belonging to the company you work in; failures means money loss in a corporate environment.
Not saying that the financial departrment wuill surely not acknowledge the purchase of multiple security products.

I will update this thread if some details/points comes in mind.

Things you have to know about AVs :

Myths & Facts about AVs by N.nvt
 
Last edited by a moderator:

nissimezra

New Member
Apr 3, 2014
1,460
I've been thinking about testing out Panda cloud anti-virus alongside Avast to see how it does, some AT&T support tech told me that's his configuration, and that it works good together
yep
I already used them along with mse, mse seems to have more contro since he can access avast sand box when threat found and delete it.

no problem were found but system slowdown a little bit
regards
 
  • Like
Reactions: Cats-4_Owners-2

Nico@FMA

Level 27
May 11, 2013
1,689
Members, I have a question. Can you run 2+ companion AV at the same time? Like, ESET Smart Security 7 as main + Malwarebytes Premium and Emsisoft as companion?

If you read back the topic then you will see that Running ESET + Mbam can be done but its not advised unless you know how to.
In regards to Emisoft you could but then you have to make sure that it does not stay in active mode so turn of realtime scanning and just use it as a back up on demand scanner.
Again read back the topic.

Cheers
 

Malware1

New Member
Sep 28, 2011
6,551
Members, I have a question. Can you run 2+ companion AV at the same time? Like, ESET Smart Security 7 as main + Malwarebytes Premium and Emsisoft as companion?


Companion AVs (aka the reinforcement)

-Emsisoft, Webroot, MBAM, Immunet, Kingsoft, Tiranium, etc..
- Designed (most often) to be run alongside full-fledge AVs to support them if they miss some malwares (no AVs are 100% efficient against all threats , even if Panda's CEO said its product does ;) )
- Some of them (Emsisoft, Webroot, Tiranium) are specifically designed and coded in their core to give the priority to the Main AV and will kick-in only if a malware is missed by it.
- the others are companion because the way they are implemented and their engine designed is made to not interfere with the Main AV.
MBAM is not an antivirus.
 

Nico@FMA

Level 27
May 11, 2013
1,689
MBAM is not an antivirus.

Well there is a thin line between Antivirus and Anti malware.
Fact is as long MBAM removes Rootkits, Trojans and other related types of Viruses and malware i personally regard Mbam as a antivirus.
And in that retrospective every antivirus out there is in fact a anti malware.
Because they BOTH do not target a specific danger but a wide range of dangers that inter cross each description.
And as such both are exactly the same.

So antivirus or antimalware is exactly the same.

Depending on how technically correct you want to be, viruses are a subset of malware, or the two words mean the same thing.

The word malware (malicious software) describes any piece of code designed to infect your computer (or mobile device) and make it do things that you don't want it to do, such as mass-mail spam or steal your banking passwords. Trojans, worms, and rootkits are all types of malware.

And so is a virus, in its most technically-correct meaning. A virus is malicious code that spreads by infecting existing files, similar to the way a biological virus spreads by infecting living cells.
Once common, true computer viruses have become quite rare as a pure standalone virus file. Criminals have found better ways to spread malicious code by adding a true virus within a seemingly legit program making it malware however in technical terms its still a virus the moments its executed.
So if true viruses are rare, why do people still talk about them? And why do we still run antivirus programs?
Viruses were the dominant form of malware in the 1980s and 90s, when personal computers were first becoming common. At that time, there was no commonly-used umbrella term such as malware, so people called any malicious program a virus.
And the word has stuck. Although that program you keep running in the background protects you (hopefully) from all forms of malware, it's called antivirus because that type of program has always been called antivirus.

Hence why Antivirus = Amal and Amal is Antivirus.
 

Nico@FMA

Level 27
May 11, 2013
1,689
MBAM doesn't target viruses, unless they are from live URL. MBAM doesn't have the ability to clean files.

You are correct, its either process kill + remove + reboot or process kill + quarantine + reboot.
Fact is tho that Mbam does have signatures against some viruses commonly missed by other true AV vendors, but skipped the major bulk of viruses as they are directly targeted by AV programs, Mbam just fills in the gabs, hence why their database remains so small.
So yes MalwareBytes' Anti-Malware remove viruses, worms, Trojans, rootkits, dialers, spyware, rogue applications and malware.
As has been written on their own Webpage and forums.
So you are incorrect Mbam does remove certain viruses from your HDD, files and memory and is not limited to a live URL.

Granted it use to be correct in the past years but recent changes gave Mbam a bit more standoff against already infected systems prior to install. Which are usually Trojans aka Virus that being missed by traditional AV.
 
  • Like
Reactions: Cats-4_Owners-2

Nico@FMA

Level 27
May 11, 2013
1,689
I assume you mean registry changes made by viruses, but MBAM still can't clean files infected by viruses.

Actually a true virus infected file is being handled by mbam as i said: its either process kill + remove + reboot or process kill + quarantine + reboot.
So technically it does not do anything just contain it, as mentioned before and on their webpage.
 

Malware1

New Member
Sep 28, 2011
6,551
Actually a true virus infected file is being handled by mbam as i said: its either process kill + remove + reboot or process kill + quarantine + reboot.
So technically it does not do anything just contain it, as mentioned before and on their webpage.
That's probably just a mistake of a researcher. MBAM shouldn't detect such a file. Can you send me it via PM? I'll forward it to Malwarebytes.
I saw Neshta-infected files were detected in the past. That shouldn't happen.
 
  • Like
Reactions: Koroke San

Jaspion

Level 17
Verified
Jun 5, 2013
814
While Malwarebytes could be considered an antivirus because of the types of malware detected by it, the scope of threats detected is limited. And, especially because it complements the detections of full-blown antiviruses anyway, so it makes sense to use a different term like anti-malware. But Emsisoft uses a different logic to arrive at the same term, i.e. the fact that actual viruses are less than 1% of malware today.

So, names can clear up confusion, or create more of it. By any other name, a rose would smell as sweet, right? It's best to analyze functionalities and compatibilities on a case-by-case manner.

As a rule of thumb, you don't want two programs performing the same task. Whatever benefit in terms of protection can end up becoming a problem in terms of performance, stability and even protection itself because, if the two programs are fighting each other, they may not be able to fight potential malware. That's why companion anti-malware must be coded to allow the main AV to take precedence. But of course, if one single program can have bugs, two "companion" programs that have actually been developed by separate teams can have a lot more in combination. So pay attention to the real-time protection you're installing, make sure it doesn't match what another program is already doing.

Bottom line, you are wise to ask here for advice. Inquire about any specific combinations you want to make, and there will probably be at least a few guys here who have tried it or can at least give you some to-the-point information.
 

Lailson

Level 13
Verified
Jan 3, 2014
615
Use Malwarebytes Premium + Eset SS 7 and never had any problems, really Malwarebytes is not an antivirus and never interfered with any antivirus or suite.
Now run Emsisoft Anti Malware + Eset SS7 I would say it's not a good idea, since I use it once, and my laptop was too slow. Emsisoft Emergency kit is the best choice ...
 

software182

Level 12
Mar 4, 2014
597
Interesting conversation to watch :)

photo-58989.gif
 
  • Like
Reactions: Terry Ganzi
Top