Discussion in 'other anti-trojan software' started by Post New Thread, Jul 24, 2005.
can i use ewido , boclean and KAV in the same time ?
Yes, I can have them running all at the same time on my 512MB, 2.5Ghz machine.
is there any conflict?
what will happen if there is trojan try to run ?
which one will catch it first ?
what if they all know the same trojan ?
If I could just jog your memory for a second. Did you not say that there were times when BOClean made your system stutter and that is why you run Ewido in realtime and only use BOClean occasionally?
KAV will likely catch it first. Most people seem to run one AT realtime and use the second one if they have it as on demand. If they all know the same trojan then KAV will nail it and the AT's should yeild to the AV.
Yes, most of the time I am running Ewido alongside KAV. Together with ProcessGuard, RegDefend, and WormGuard, this is more than enough.
However, in answer to the question, it is possible to run them together. There have been times I run all three (just for the fun of it) to check out the running system processes. However, nothing has ever gotten past KAV. And yes, there are system spikes. But they are of no matter, and when they do cause the system to stutter, I just shut down BOClean, if it is running. No problem.
Hope this clarifies.
I guess the question I have is : Would the stuttering not be a sign of a conflict?
You are right. In this case there are resource conflicts. One application is using upon CPU resources which is affecting other applications. However, it is still possible to run them all together. And as you point out, it will impact the performance of applications. Thanks for pointing this out.
If you're running an AV and AT there is no conflict because they are looking at different areas; the AV looking at all files written to or read from HD, while the AT is looking at memory and processes.
But what happens if you have two ATs? Could it be they are happy together until a trojan sneaks past the AV - then what? Are both ATs going to go after it together and could there be conflict at that time?
I don't know the answer, I'm just asking!
The stuttering that Rich is seeing, is probably from the BOClean/Process Guard compatibility issue with the cpu spikes.
As for the OP question, BOClean is actually on the Ewido compatibility list so it should not pose a problem, whether you need it is another matter.
Thanks Don, that certainly settles the argument!
Now why didn't I think of checking the ewido compatability list?
I really don't know what would happen if both BOClean and Ewido detect the process at the exact same moment, since neither has ever detected anything in real-time. My guess is that there is a chance for conflict, since both will be trying to kill the process simultaneously. However, if one of the ATs grabs it first, it should be OK. The only ones who can answer this question are the developers themselves since only they know the sequence of operations that must occur.
The possibility of a "deadly embrace" - a situation where neither AT can proceed without the other ending its operations, yet neither AT can end its operations until the other AT releases - probably exists. But I cannot say for sure.
Even if this should occur, the worst thing that could happen is an error message popping up
Thanks for entering into the conversation. I guess the primary question is, whether the trojan will be dealt with appropriately, should a conflict (and error message) arise - i.e.:
1) Does Ewido need exclusive control?
2) If it needs exclusive control and doesn't have it, how does it quiesce the situation so that the trojan is eliminated in an appropriate manner? Does it keep retrying?
Doesn't both BOClean and Ewido detect TrojanSimulator? If so why not temporarily disable your AV and with both Ewido and BOClean running activate TrojanSimulator.
Then you can tell us what happens.
I'd do it myself except i'm on winME and can't use Ewido.
edit: I just tried it with TrojanhunterGuard and BOClean after disabling NOD32. BOClean popped up first and stopped it. I disabled BOClean and obviously TrojanhunterGuard stopped it. Then i enabled all three - NOD32, BOClean and TrojanhunterGuard. NOD32 got it first - as expected.
Thanks for your help Muf. Your reply was in depth enough for me to know what direction I need to take.
I ran the test on my machine:
1) Ewido caught it first
2) ProcessGuard caught it next
3) BOClean caught it last
This what i see too.
There is some comfort in knowing I am well protected against the TrojanHunter Trojan Simulator.
Hey, it could be worse. It could be running rampant on your system undetected doing all kinds of no harm.
WOW! I never thought of that! Thanks.
I think Kevin said somewhere(perhaps in the TDS-3 forum but not sure) that the issue was never between PG and BOClean but rather AV's not playing nice in the sandbox. See post #157 http://www.wilderssecurity.com/showthread.php?p=515936&highlight=sandbox#post515936
Well, Rich and i use the same setup, i have seen cpu-spikes with PG and without, the spikes are always there (in varying degrees) and like BlueZanneti has also noted, neither has ever giving me any trouble, there might be spikes, but in my setup has never been felt in the daily computing, another thing to be aware of is these spikes only became a problem for some in build 4.12, to my knowledge 4.11 never had this problem and it is only very few that has this problem, for which Kevin actually has some special builds.
Separate names with a comma.