Should I install an AV at the bottom most rung, ie install it first?

Hi,

Should I install antivirus programs at the bottom most rung, ie, install it first. Then add more protections like Hitmanpro Alert and OSArmor on top? My thinking is let HMPA and OSArmor be the first to inspect things and let things like AV be the last to inspect things.

What I don't get is that will HMPA get to be the first to handle an exploit whereas Defender's exploit protection will be the last.

Or does things not work that way.

 

It makes no difference at all, what order your install them in. Having said that, some antivirus software checks for other installed security software and may not let you install it in that case. In which case, you would need to install the other software, before installing your antivirus.

 

I experienced that in BitDefender GravityZone. It wanted to kick out VoodooShield. That was in the past year.

Why I am asking that question now is that BitDefender Total has exploit protection. (I am trying that now this year) And I already have Hitmanpro Alert installed. Bitdefender Total didn't complain about it. But I wonder which will get to handle an exploit meant for the browser. HMPA's anti-exploit mainly handle browsers. In this case, which will get to handle the exploit - BitDefender or HMPA? Or even Windows Defender's Exploit protection ( I have defined exploit protection for Chrome and Firefox ) . In such a case where overlapping defenses protect against browser exploits, how do I know which will get to handle it? We've all heard that overlapping securiity is good, but now I wonder.

 

I'm not sure about that.

 

any anti-exploit solution is a dll injection into programs. so do windows defender, but you can set exceptions. the problem is the depth of working of such dll. most modules make software fail, in special in combination within sandboxie. and each antivirus software inject its own - BD do, HMPA do same, both used means two injections - that will ofc create failure. thats why expericned users alsway tell only to use ONE antivirus and not a pointless bunch, as some wilders members always show up. less is more in this case.

 

I vote for less security software and more backups but that takes all of the fun out of it.

 

@Brummelchen, How do you set dll-injection exception in Windows Defender Exploit protection?

As for BitDefender Total's anti-exploit capabilities, it doesn't even know if I am using Chrome or Firefox or LibreWolf (Firefox offshoot), how can it do dll injection?

 

That's the ticket!

 

Indeed. People install too much unnecessary crap. But as you said, it's probably for a bit of fun.
Long gone are the days when Windows was easily compromised. It's very secure without installing anything else.

 

100%.

 

it is active by default
https://www.techtarget.com/searchsecurity/definition/Windows-Defender-Exploit-Guard

the injection is also always ON by default, no exception. there is no difference between programs concerning any antivirus - if it is an exe file, its injected.

lots of other programs inject too, i can see here the "actual multi monitors" modul - if it has an gui, then it is injected.

disadvantage of injections:
https://www.mozilla.org/en-US/firefox/97.0.1/releasenotes/

mozilla accomplished a job to minimize the impact, but the cause is webroot and its silly injection, not tested enough. (WRusr.dll)