Tutorial Know if we can use 2 antiviruses in SAME time and set them

Hi guys,

After following the very exciting and passionate discussion in this thread , i decided to give my point of view and advices on it based upon my intensive experiences in "Combo-Cooking"

Quick recapitulation

Should 2 AVs (Norton and MBAM in this case) can run in real-time simultaneously?
I will extend the topic to any AVs.

The parties in presence:

2 respectable and very knowledgeable members of our forum having opposite opinion, i will resume in one sentence their respective opinion (more details about it on the original tread)

Illumination: said a Main AV + a Companion AV, of course can be ran simultaneously without issues.
N.nvt: said 2 real-time AVs running in same time is not recommended and is begging for troubles.
Me (Umbra): i say both are right !

correct me if i am wrong , the thread was huge ^^

Also both knows that exceptions can occurs.

What we know/heard about it:

- Running 2 Avs in real-time is not recommended and may lead to conflict and systemic instability.True
- A companion AV is designed to be run alongside any AVs without creating conflicts or instability. True
- As Dubseven said (Tiranium AV developer) in the thread linked above, 2 real-time engines may "fight" again each other upon the malware and finally let it pass through both AVs. True
- I experienced it myself, some AVs detect and try to remove a malware even if it is already quarantined by the other.
- 2 main AVs seems working together but in fact issues will occurs sooner or later , especially because drivers, hooks and handles on the kernel of the OS.

Main AVs (aka the cop)

- Norton, Avira, ESET, Avast, Bit Defender, etc...
- the first line of defense of the system ,will have to protect it efficiently against malwares.
- must be run alone without interference from other security programs to insure optimal protection; it is why some of them will check if other security softs are present in the system and will ask to remove them (often true but sometimes it is just for marketing purpose or to avoid the support team to fix potential issues)

Companion AVs (aka the reinforcement)

-Emsisoft, Webroot, MBAM, Immunet, Kingsoft, Tiranium, etc..
- Designed (most often) to be run alongside full-fledge AVs to support them if they miss some malwares (no AVs are 100% efficient against all threats , even if Panda's CEO said its product does ;) )
- Some of them (Emsisoft, Webroot, Tiranium) are specifically designed and coded in their core to give the priority to the Main AV and will kick-in only if a malware is missed by it.
- the others are companion because the way they are implemented and their engine designed is made to not interfere with the Main AV.

The Hardware/system

better have a correct or strong system if you plan to run multiple real-time solutions, lack of resources will generate slowdowns then some of them will not behave properly.

The "Chaos Factor"

i call it like that (i like the name, i roxx ^^) because every system in the world is unique and react differently even if you have the exact same OS with the exact same softwares. What is true for you may be not for the others.
Keep this in your mind because it will avoid you to be a Troll ^^


the "User Factor"

aka YOU , don't be a dumb by installing multiple AVs together without deep analysis test and knowledge of their behaviors.


NOW that we have those infos , we can go deeper and then is where i involve ! :D


For years , i tried almost every reasonable combos possible without any conflicts. i say reasonable with a purpose , by this i mean that i never run together 2 main AVs !
i even managed to run Emsisoft IS Pack (Emsisoft AM + Online Armor Premium) alogside Avast IS (check my signature, it lead to the guide i made for it) !

Why i am among the best "Combo Masterchef" in the world :p

now there is my guideline to set a main AV alongside a Companion AV
1- installing and tweaking the Main AV

- your first move is to choose a decent and LIGHT (if possible) main AV; less resources it uses better it is for the system and the companion AV.
- check all settings and if you can, set the engine/guard to scan/detect on access/read ; it is crucial because it means that the Main AV will detect and quarantine the malicious file/process right away when it appears on the system (via memory, the hard drive, USB, etc...)
-

2- installing and tweaking the Companion AV

- same as the main AV , choose a decent and light one.
- If possible , make the companion's Guard service to start after the Main one. you can do this via tweaking the services to delay it start (in services.msc)
- check if it is compatible with your main AV (important point) since some of them have are "allergic" to some Main AVs (i remember Kingsoft having issues with some)
- VERY IMPORTANT: set the Companion to scan/detect on EXECUTION only (if possible ), so the Companion will not interfere with the Main AV when it will detect and quarantine/delete a malware
- check that the companion features (Behavior Blocker, webfilter, etc...) don't overlap with the Main AV's ones. If they both have the same features, disable the less effective one or the companion one (some AVs like Avast has inter-dependant modules so disable one makes the whole AV ineffective)

3- Set the exclusions

Extremely Important !

- exclude in each : ALL the other soft's folders/files (in program files, program data, etc...), processes, quarantine folder, etc...
- do this in each component of each soft (AV module, Behavior Blocker, HIPS, Sandbox, etc...)



i remember when i start using Comodo Is with Emsisoft AM as companion, Comodo AV was faster and quarantined the malware but i didn't set EAM to scan on execution so EAM showed an error saying it cant remove the malware because it was missing...

that shows that setting up each AV is fundamental !

After doing those 3 steps , your companion AV should not create any conflicts/interference with the main one.


Back to the debate
so now you have a good idea if Illumination or N.nvt are right or wrong !

the truth is:

if you follow all the steps above , you can run almost any companion alongside any Main AV, so Illumination is right.

if you recklessly install any AVs alongside any others without following the steps above, N.nvt is also right.

long time ago i tried Norton IS and MBAM , i tweaked both products properly so it works fine.


Conclusions

Never install 2 Avs without testing a solution alone first, so you can observe its true behavior.

Follow the steps above.

Also in a corporate point of view , you should never run any Combos , you have to avoid any kind of conflicts in any system belonging to the company you work in; failures means money loss in a corporate environment.
Not saying that the financial departrment wuill surely not acknowledge the purchase of multiple security products.

I will update this thread if some details/points comes in mind.

Things you have to know about AVs :

Myths & Facts about AVs by N.nvt
 
Last edited by a moderator:
D

Deleted member 178

I think you miss the purpose of the topic, i made it mainly for AVERAGE JOE , the kind of people that do not care of semantics. So they can grasp the concept easily.

Advanced users normally dont need to read it unless by curiosity.

Also i just mentioned MBAM, because it is closer to an AV (realtime engine, url filter and co) , i never mentioned about Combofix, Gmer, OTL, Rkill, roguekiller, and other SPECIALIZED tools , because they are just TOOLS not generalized products like MBAM or EAM (even Emsisoft admit their product is no more a pure ild school antimalware but now an AV)

If you go purely by semantics , there is no more antiviruses now, they are all antimalwares with dozen features that qualify them outside the "antivirus" label ; but i can tell with 100% chances that people will still use the word "Antivirus" whatever you say.

What you trying to say is like :

I say : " hey guys, cops arrested that drug dealer baron !"
Then you replied: "no no they are not cops they are DEA infiltrated agents who did it"

Indeed if we go by technical details you are right but does it make a difference in the understanding of my article? I dont think so.

Btw, the differences are explained in page 2 and 3 of this thread, check N.nvt explanation post.

Thanks.
 
Last edited by a moderator:

Aura

Level 20
Verified
Jul 29, 2014
966
I think you miss the purpose of the topic, i made it mainly for AVERAGE JOE , the kind of people that do not care of semantics. So they can grasp the concept easily.

Advanced users normally dont need to read it unless by curiosity.

Also i just mentioned MBAM, because it is closer to an AV (realtime engine, url filter and co) , i never mentioned about Combofix, Gmer, OTL, Rkill, roguekiller, and other SPECIALIZED tools , because they are just TOOLS not generalized products like MBAM or EAM (even Emsisoft admit their product is no more a pure ild school antimalware but now an AV)

If you go purely by semantics , there is no more antiviruses now, they are all antimalwares with dozen features that qualify them outside the "antivirus" label ; but i can tell with 100% chances that people will still use the word "Antivirus" whatever you say.

What you trying to say is like :

I say : " hey guys, cops arrested that drug dealer baron !"
Then you replied: "no no they are not cops they are DEA infiltrated agents who did it"

Indeed if we go by technical details you are right but does it make a difference in the understanding of my article? I dont think so.

Btw, the differences are explained in page 2 and 3 of this thread, check N.nvt explanation post.

Thanks.

It's still "wrong" for me to assume that Malwarebytes is an Antivirus when it's an Antimalware. And what we are talking about right now is precision, using the right word, the right label for a product and I think that it's important to be precise in the domain of Computing Security because I guess that both you and I know that one single misunderstanding, one single wrong assumption can lead to a disaster in this domain. Your tutorial is good, I won't deny that nor say otherwise, I just think that saying that Malwarebytes is an Antivirus, when even the company itself says that it's an Antimalware meant to run alongside an Antivirus is just "wrong" and not exact.
But I'll cut it there to stop it as I just joined, the last thing I want to do is to create drama or get in an argument with the Staff here that does a good job too.
 
  • Like
Reactions: Oxygen
D

Deleted member 178

Dont worry about debating against staff members, if you think you are right you have to express your opinion and no one here will deny you this right and especially not me unless facts prove you were wrong, and in our case you are right, i dont deny it; i just want to pinpoint that in our context, the difference of term has minor influence on the subject.

and for me MBAM lean more toward being a full fledge AV than just a simple Antimalware. But that is just my opinion :D
 

Aura

Level 20
Verified
Jul 29, 2014
966
Dont worry about debating against staff members, if you think you are right you have to express your opinion and no one here will deny you this right and especially not me unless facts prove you were wrong, and in our case you are right, i dont deny it; i just want to pinpoint that in our context, the difference of term has minor influence on the subject.

and for me MBAM lean more toward being a full fledge AV than just a simple Antimalware. But that is just my opinion :D

I'm just someone that is very axed on details and as you know, when it comes to malware removal and using tools like OTL, DDS, HJT, etc. precision is the key, haha !

Malwarebytes Premium is seen as full fledge Antivirus, however, I expect Antiviruses to offer more features than the ones that Malwarebytes currently offer. Maybe in the future who knows. Like, I wouldn't be against the fact that this product CAN be transformed into a real, fully functionnal Antivirus in the future but for now, if someone asks me if he's safe using only Malwarebytes Premium, he's not. Even less with all these false detections with Skype, Google Chrome, svchost, uTorrent, etc. and it deleting the system32 folders randomly of certain users.
 
  • Like
Reactions: Oxygen
D

Deleted member 178

Indeed , for me MBAM is overated ^^

Before i used to clean manually infections via those advanced tools but it took more time than a fresh reinstallation of the OS.

Just backup the sensitive datas on a external drive, scan it , reformat the pc and restore the datas: 100% malware free (unless you are the unlucky one getting a bioskit lol)
 
  • Like
Reactions: Kent

Aura

Level 20
Verified
Jul 29, 2014
966
Indeed , for me MBAM is overated ^^

Before i used to clean manually infections via those advanced tools but it took more time than a fresh reinstallation of the OS.

Just backup the sensitive datas on a external drive, scan it , reformat the pc and restore the datas: 100% malware free (unless you are the unlucky one getting a bioskit lol)

Flash me that BIOS. Hehe.

I hate reinstalling Windows in these situations. Well, I love messing around with fresh new installations of Windows you know. Installing all the important programs, settings, etc. that I want is a good thing and quite enjoyable, but I feel that if I ever make someone reformat his Windows because he's infected, it would be the same as if I ... "lost". That the malware won over that person and me and that we couldn't remove it. Hence why I always suggest attempting to remove the malware before formatting and reinstalling. This is called "troubleshooting" for me, and reinstalling isn't always troubleshooting, and I like troubleshooting (3 times in one sentence, beat that yeah !).
 

Chris D Wells

New Member
Aug 6, 2014
1
I have used multiple anti-virus programs on my computers and they do work fine together when programmed properly. Yes, there may be conflicts if the programming is not established, but it brings back to the original idea that all anti-virus programs cannot catch everything, although technology has advanced greatly and there are great programs out there. I would be the first to say "do not install/run anti-virus programs simultaneously" if you do not know for sure what you are doing. Unfortunately, I have always felt that this idea was mainly a marketing ploy, as every company wants theirs' to be the "only one". I liked the reply of combo masterchef because it did address this issue directly. Many anti-virus programs are top-heavy because the programs are installed directly to your computer, whereas some programs are light because they use the cloud (simply a offline server), to handle the programming. I would suggest the lighter version for an anti-virus version.
 

Moose

Level 22
Jun 14, 2011
2,271
Salutations,;)

What about Emsisoft with Baidu Antivirus 2014. Baidu Antivirus 2014 being the backup? Like
Webroot?

Kind regards,:)
 

mc anzures

New Member
Jun 29, 2014
17
This is a great topic, i understand more. Should i stop Avast real time protection and MBAM "my combo" and do the scanning every time i suspect any malware/virus running in my system, or scan my system everyday?
 

Striker

New Member
Mar 27, 2013
327
This is a great topic, i understand more. Should i stop Avast real time protection and MBAM "my combo" and do the scanning every time i suspect any malware/virus running in my system, or scan my system everyday?
u can still use them. just exclude the folders from each other av and its okay. avast and mbam dont conflict or slow down ur pc&laptop, working well together.
 

donetao

New Member
Sep 7, 2014
968
Hi ! Brand new to your forum, but found this thread. IMHO you need more than just a anti-virus program these days.
I use MSE and MBAM Pro running in real time. I also use safe surfing habits and WOT on all three of my browsers.
I haven't had a problem in years. I do run some on demand programs like SAS, ESET on line scanner,AdwCleaner, JRT, MBAM Rootkit ,Defender on line scanner.
My PC is supper clean at this moment. Pick your choice of Anti-Virus and then a malware program(MBAM,AD-Aware,ect)
 

mc anzures

New Member
Jun 29, 2014
17
I used Avast and MBAM my combo protection and of course safe surfing too ^_^, likewise i used SAS, ESET on line scanner,AdwCleaner, JRT, MBAM Rootkit ,Defender on line scanner.
 
Top