Which AVs are you running together?

This is the reason I've made my post. MBAM isn't an AV, and EAM is made to be compatible. Totally not 2 AVs running together.

Link to your setup, and let's see how confident you are. I'd rather be cautious than cocky.

 

regardless if the user excluded the AVs from scanning each other.
if you have 2 antivirus realtime, here are some known cause of conflicts:


both of them will register itself in Windows Action Center

both might be working on same ring for their self-protection against termination

both of them might identify and a single file as malware and will try to prompt/notify you about the detection at the same time.

*******************

harddisk is burning bacons!

 

My sig.


all user directories are forced sandbox.
all threatgates (mediaplayers/internet facing apps) are sandboxed.
default-deny everywhere except on sandbox folder.

 

ok, ok, maybe this is my fault and I didnt express myself to well. And well, that and Mr Bull is about to blow a gasket, so let me ask it this way.

What is the difference in 2 AVs scanning a file and say a AV and another product. I am just asking to learn, obviously. As I said earlier, to me a AV product is only different from another because of the name we give it. We call all of these by different names but they are still just computer coding are they not.

I say this because I still dont understand. What makes a AV peoduct different then all the others so that 2 are wrong, but not one and another type.

Geez, is a AV and MBAM totally different then 2 AVs.

And if a vendor say there product is safe to use alongside a AV, why? What did they do differently over a vendor who says theirs isnt.

 

This ^

Beening running the setup for almost 2 years without one.

Paranoid city = Wilders!

 

Taking ESET and Outpost as an example of how vendors work things differently. Oupost automatically disables antispyware protection if ESET AV is detected to avoid a conflict (although OP still detects/removes during scheduled scans).

 

Apart from obvious drain on system resources, why is it bad to have two av identifying same file as malware simultaneously? Is there anything to indicate having two avs running realtime would reduce the chance of malware of being identified / removed?

 

Cozumel, I think I answered that on the last page.

 

I completely understand and that is why I 100% accept the theory. It's just the evidence thing that bugs me...

I also accept that if software (and end-user) are correctly configured there is no need for av at all. After all, malware only target weaknesses in system configuration, software and end-user procedures.

Edit: @ Hungry Man - Just checking previous page as it appears I missed something....

Edit2 : @ Hungry Man - okay re-read last page and my question was answered, just that I'm searching for some test results. I'm going do some searching during the week (googling) on what tests have shown. This thread is interesting. Making me think about theories that I have taken for granted for several years. I feel like a lemming right now

 

I mean to say that I answered this part here.

Or simply that they both try to scan it, conflict, and both are unable to scan it.

 

^^^^got it lol ^^^^

I'm still going to research this, if I can find the time this week. I'll post back with test results if research is successful...

 

Well said, pabrate.
Most intelligent people, even if still running an AV, can easily see that there are alternative, equally (or more) secure ways to protect a computer.

 

self-protection is IMO the most primary cause of conflicts between security softwares.

antimalware advertising itself to complement with other AVs usually has different approach for their software's self-protection or has no or very minimal self-protection.

imagine what will happen in a process termination attack (either by malware/legitimate app) if you have 2 AVs working in the same ring for their self-protection.

 

See attachments for Windows Action Center responses to using OA++, Avast!, WSA as being fine together. There are certainly ways poor designers and developers can screw things up, but no inherent reason that these AV/AS programs can't work together in real time, and there are lots of users proving it here. And on demand scanners can't really have exclusive access to your files or your system would stop working every time one of them did a scan. The only "conflicts" I have seen in the modern programs I am using is that occasionally the shield of one is "more powerful" than the shield of another, and blocks/allows activities before the other can get to it for some related feature. Sometimes it takes a couple of bug reports from us beta testers to get them all working as desired. I look at this as kind of like the complaints about amount of RAM-I have 4GB, the trade between space and time has not gone away, so developers, go find the "knee in the curve" in terms of performance and use that much RAM to make things run faster.
As far as why I run them together:
For OA++ I am a beta tester, and my tester license won't let me downgrade to premium. Since the ++ feature causes no problems, and is not costly or redundant with the other AV/AS, I don't consider it a problem.
Avast! is a program I have used for several years, performs very well, is very unintrusive as far as maintenance, and has added lots of new useful capabilities (like the sandbox and safezone) as well as adding features to its shields that are in addition to just scanning the files. It also runs offline, which is important to me because I am often disconnected from the internet and get things like flash drives I need to deal with. (I sail places on my boat).
As far as Prevx/WSA, I am a fan of their approach to the whole problem. Treating the users as nodes in a collection system with no opt-out, providing real time ("cloud" aka "service center") information when something new appears in your system, keeping track of your system configuration, intensive use of heuristics, lots of good ideas for new malware. But still a work in progress, and I am still evaluating the new "Webroot" features. So far it seems like a very smooth transition, though-lots of favorable responses. I find them interesting enough that this is the one license I actually pay for, but Avast! 7 may be a challenge to them based on what little Vlk has said.
So my thoughts; not an expert (I am not a Windows programmer), but do have degrees in Mathematics and studied EE in graduate school a million years ago.

 

I tried running Avast and Avira before(of course excludes each others prog folder etc)
when one detects a malware, the other doesn't bother it(so yeah didn't see conflicts at least)

Avira was always the first to detect the malwares XD

well I only tried it for a few hours since I don't really think its necessary to use more than 1 AV(in realtime)

 

They work in different layers. For example, network, on-access, on-execution, scheduled, manual, etc.

Different technology. Same ones usually conflict. Suites exist, because of that compatibility.

Obviously, MBAM scans on-execution (not on-access), delays startup, no self-protection, etc. All just to make it compatible with an AV.

They've all done different things, but usually similar ones to MBAM.

 

Oh why does windows center need to put red x in the flag and say I have multiple antivirus running?

 

Probably took them until Windows 7 to become enlightened. See attachments above.

 

and Prevx stated that they let the other AV to scan first.

 

nope, because windows know it might cause conflict or slowdowns.
and you don't get to see all conflicts and causes of slowdowns with bare eyes

there is also the additional attack surface.


EDIT: and too much disk IO... most important for me is hdd life and performance

 

Breaking: I can no longer claim to be in the "2 anti-viruses running at the same time" club. It seemed like over-kill to have both MBAM and Windows Defender running, and felt really really really heavy. So I turned off Windows Defender. This is much better, if still barely tolerable.

 

MBAM is designed to work with another AV just fyi, you won't see conflicts though performance could still be an issue.

 

Right on Hungry Man I'll back you all the way on this one

I would recommend only one single real time av for those who have no interest or inclination in exploring non-conventional forms of pc security.

 

me too,you are a brave soul

 

I have periodically experienced performance lags when running MBAM with an AV, and I would ultimately get discouraged with the sluggishness and relegate MBAM to on-demand duty.
Then I decided to turn off the HIPS features in the firewalls I run... Online Armor and Privatefirewall.
(No, I don't run 2 FWs on one machine... they are on separate boxes.)
I turned off the HIPS because I determined that I had enough layers of protection already.
What a performance boost!
I am able to easily run MBAM alongside VIPRE AV and there is not even the slightest hint of the old heaviness.
So for me, the slowdown was all in the HIPS.
And truthfully, with SBIE, I probably don't need the extra layers I currently keep in place.