Tutorial Know if we can use 2 antiviruses in SAME time and set them

Hi guys,

After following the very exciting and passionate discussion in this thread , i decided to give my point of view and advices on it based upon my intensive experiences in "Combo-Cooking"

Quick recapitulation

Should 2 AVs (Norton and MBAM in this case) can run in real-time simultaneously?
I will extend the topic to any AVs.

The parties in presence:

2 respectable and very knowledgeable members of our forum having opposite opinion, i will resume in one sentence their respective opinion (more details about it on the original tread)

Illumination: said a Main AV + a Companion AV, of course can be ran simultaneously without issues.
N.nvt: said 2 real-time AVs running in same time is not recommended and is begging for troubles.
Me (Umbra): i say both are right !

correct me if i am wrong , the thread was huge ^^

Also both knows that exceptions can occurs.

What we know/heard about it:

- Running 2 Avs in real-time is not recommended and may lead to conflict and systemic instability.True
- A companion AV is designed to be run alongside any AVs without creating conflicts or instability. True
- As Dubseven said (Tiranium AV developer) in the thread linked above, 2 real-time engines may "fight" again each other upon the malware and finally let it pass through both AVs. True
- I experienced it myself, some AVs detect and try to remove a malware even if it is already quarantined by the other.
- 2 main AVs seems working together but in fact issues will occurs sooner or later , especially because drivers, hooks and handles on the kernel of the OS.

Main AVs (aka the cop)

- Norton, Avira, ESET, Avast, Bit Defender, etc...
- the first line of defense of the system ,will have to protect it efficiently against malwares.
- must be run alone without interference from other security programs to insure optimal protection; it is why some of them will check if other security softs are present in the system and will ask to remove them (often true but sometimes it is just for marketing purpose or to avoid the support team to fix potential issues)

Companion AVs (aka the reinforcement)

-Emsisoft, Webroot, MBAM, Immunet, Kingsoft, Tiranium, etc..
- Designed (most often) to be run alongside full-fledge AVs to support them if they miss some malwares (no AVs are 100% efficient against all threats , even if Panda's CEO said its product does ;) )
- Some of them (Emsisoft, Webroot, Tiranium) are specifically designed and coded in their core to give the priority to the Main AV and will kick-in only if a malware is missed by it.
- the others are companion because the way they are implemented and their engine designed is made to not interfere with the Main AV.

The Hardware/system

better have a correct or strong system if you plan to run multiple real-time solutions, lack of resources will generate slowdowns then some of them will not behave properly.

The "Chaos Factor"

i call it like that (i like the name, i roxx ^^) because every system in the world is unique and react differently even if you have the exact same OS with the exact same softwares. What is true for you may be not for the others.
Keep this in your mind because it will avoid you to be a Troll ^^


the "User Factor"

aka YOU , don't be a dumb by installing multiple AVs together without deep analysis test and knowledge of their behaviors.


NOW that we have those infos , we can go deeper and then is where i involve ! :D


For years , i tried almost every reasonable combos possible without any conflicts. i say reasonable with a purpose , by this i mean that i never run together 2 main AVs !
i even managed to run Emsisoft IS Pack (Emsisoft AM + Online Armor Premium) alogside Avast IS (check my signature, it lead to the guide i made for it) !

Why i am among the best "Combo Masterchef" in the world :p

now there is my guideline to set a main AV alongside a Companion AV
1- installing and tweaking the Main AV

- your first move is to choose a decent and LIGHT (if possible) main AV; less resources it uses better it is for the system and the companion AV.
- check all settings and if you can, set the engine/guard to scan/detect on access/read ; it is crucial because it means that the Main AV will detect and quarantine the malicious file/process right away when it appears on the system (via memory, the hard drive, USB, etc...)
-

2- installing and tweaking the Companion AV

- same as the main AV , choose a decent and light one.
- If possible , make the companion's Guard service to start after the Main one. you can do this via tweaking the services to delay it start (in services.msc)
- check if it is compatible with your main AV (important point) since some of them have are "allergic" to some Main AVs (i remember Kingsoft having issues with some)
- VERY IMPORTANT: set the Companion to scan/detect on EXECUTION only (if possible ), so the Companion will not interfere with the Main AV when it will detect and quarantine/delete a malware
- check that the companion features (Behavior Blocker, webfilter, etc...) don't overlap with the Main AV's ones. If they both have the same features, disable the less effective one or the companion one (some AVs like Avast has inter-dependant modules so disable one makes the whole AV ineffective)

3- Set the exclusions

Extremely Important !

- exclude in each : ALL the other soft's folders/files (in program files, program data, etc...), processes, quarantine folder, etc...
- do this in each component of each soft (AV module, Behavior Blocker, HIPS, Sandbox, etc...)



i remember when i start using Comodo Is with Emsisoft AM as companion, Comodo AV was faster and quarantined the malware but i didn't set EAM to scan on execution so EAM showed an error saying it cant remove the malware because it was missing...

that shows that setting up each AV is fundamental !

After doing those 3 steps , your companion AV should not create any conflicts/interference with the main one.


Back to the debate
so now you have a good idea if Illumination or N.nvt are right or wrong !

the truth is:

if you follow all the steps above , you can run almost any companion alongside any Main AV, so Illumination is right.

if you recklessly install any AVs alongside any others without following the steps above, N.nvt is also right.

long time ago i tried Norton IS and MBAM , i tweaked both products properly so it works fine.


Conclusions

Never install 2 Avs without testing a solution alone first, so you can observe its true behavior.

Follow the steps above.

Also in a corporate point of view , you should never run any Combos , you have to avoid any kind of conflicts in any system belonging to the company you work in; failures means money loss in a corporate environment.
Not saying that the financial departrment wuill surely not acknowledge the purchase of multiple security products.

I will update this thread if some details/points comes in mind.

Things you have to know about AVs :

Myths & Facts about AVs by N.nvt
 
Last edited by a moderator:
D

Deleted member 178

This is a great topic. Would you be able to use Webroot with KAV or with EAM for example? :)
Yes you can, Webroot was designed To be a true companion , if it detect another AV, it will give priority to the other one.

@Malware1: as said Nvt the distinction between malware and virus was true 20 years ago , defined by their behavior. Viruses (worms, etc...) are those who infect a file then spread to others Or not. Malwares were mostly trojan horse, keyloggers, remotecontrollers and other backdoors.

At that time antiviruses and antimalwares were specialized in their own field but now the term antimalware is obsolete since AVs detect malwares and is used just for a marketting point. Now all Avs are de facto antimalwares.
 
  • Like
Reactions: WinXPert and yigido

Malware1

New Member
Sep 28, 2011
6,551
@Malware1: as said Nvt the distinction between malware and virus was true 20 years ago , defined by their behavior. Viruses (worms, etc...) are those who infect a file then spread to others. Malwares were mostly trojan horse and other backdoors.

At that time antiviruses and antimalwares were specialized in their own field but now the term antimalware is obsolete since AVs detect malwares and is used just for a marketting point. Now all Avs are de facto antimalwares.
I'm not saying that Antiviruses aren't Antimalwares.

Antiviruses are Antimalwares, but Antimalwares aren't Antiviruses :)
 
D

Deleted member 178

Indeed but now they all do the same , maybe MBAM is the last real antimalware but even it, does more than that.
 
  • Like
Reactions: Koroke San
D

Deleted member 178

20 year ago you had:

Antiviruses
Antimalwares
Antispywares

Each detecting its "favored target"

Today:

Antiviruses do all but you still have specialized tools like antirootkits, antiloggers, etc...


The term Malwares switched to its specialized definition to integrate all kind of files that is harmful to a system.

So because that erroneous renomination , we have :

Malwares + viruses are killed by AVs but viruses are not killed by true antimalwares but since viruses are malwares , antimalwares cant kill malwares so MBAM is useless :p


Thanks :D
 

FlimFlam

New Member
Jul 18, 2014
49
I've heard that one can use Emsisoft Anti-Malware with 360 Internet Security or 360 Total. The new version of Emsisoft Anti-Malware 9 seems to do very well on it's own.Both 360's are very good also. I run Emsisoft Anti-Malware 9 with Malwarebytes Premium.Works well for me.
 

Game Of Thrones

Level 5
Verified
Jun 5, 2014
201
using kaspersky , emsisoft , webroot along side each other for a long time and no problem at all. you should make exception in all the antiviruses and you are good.
i'm using multi av's for a long time and there is not any problem, it's better to install security software's that are compatible with another av's(like webroot, emsisoft,...)
1 main security: kaspersky,bitdefender,eset,norton, ... and you can have 2 companion av with the main one like(webroot, emsisoft,...)
 

Nico@FMA

Level 27
May 11, 2013
1,689
On way or another the general consensus is that you just do not mix anti-mal/vir/spy type of programs, and obviously Mbam is the odds variable here as has been pointed out. But generally running multiple scanners in resident mode will cause problems.
 

Aura

Level 20
Verified
Jul 29, 2014
965
is it bad for the disk if 2 or more engines always scanning files instead of only 1 antivirus?

What I can tell you is this :

What makes a HDD "work" is that read/write operations on it. The more there is, the more it's being used and little by little, you're reducing it's lifespan (not by a lot, as HDDs are supposed to run for years, but still). When you do a "full scan" or even a scan with an Antivirus, you basically ask that Antivirus to read every files on your HDD (or in the defined locations of that scan) in order to analyze them. Now, imagine if you have two Antiviruses doing that on your HDD constantly. Not only it's A LOT of read operations, but also, what will happen if both Antiviruses read a single file at the same time, and have a different analysis or output (IE : Antivirus1 says it's infected while Antivirus2 says it,s clean) on that file ? Conflict. This is why using two Antiviruses at the same time isn't recommended and can create system instability. Keep in mind that a real Antivirus isn't only just a program that you "install" and run. It basically "integrate" itself in core locations of your system in order to protect it, shield it. Now imagine that scenario but with two Antiviruses that want to do that, but both goes by their own way. They'll end up conflicting and creating system instability.

That's how I see it.
 
D

Deleted member 178

May I ask why do you refer to Malwarebytes as an Antivirus when its an Antimalware ... ?

Antivirus = generic popular term for everything that remove malwares (virus/worms/trojans, etc...), not like 20 years ago when they focused only on viruses and worms

Those days antiviruses are antimalwares and vice versa

The distinction is obsolete and more a marketting argument.
 
  • Like
Reactions: FleischmannTV

Aura

Level 20
Verified
Jul 29, 2014
965
Antivirus = generic popular term for everything that remove malwares (virus/worms/trojans, etc...), not like 20 years ago when they focused only on viruses and worms

Those days antiviruses are antimalwares and vice versa

The distinction is obsolete and more a marketting argument.

I wrote a full tutorial on Antimalware VS Antivirus that explains the differences.
If we were to go with what you say, AdwCleaner, JRT, RKill, RogueKiller, ESET Online Scanner, etc. would all be Antiviruses, while they are simply Antimalware tools, right ?
 
  • Like
Reactions: Oxygen
Top