Anti-Malware software that are meant to be used live(eg MBAM)? Strategies?

I always assumed that AM software would be most effective if run "non-live" eg from a boot CD, then I found this for MBAM:

From http://ubcd4win.com/forum/index.php?showtopic=12105&view=findpost&p=67296

Are there other AM that are meant to be used live?
Are there AM that are more effective if used non-live?
Are there AM that are equally effective in both usages?

For live scenario, is there anything that can increase or decrease effectiveness (other then renaming the exe to make it execute)?
Eg, say I am in a LUA, and I run MBAM with root privileges from the LUA account. How does that compare to running MBAM directly from admin account?

 

Actually, MBAM currently do not support packed files (.rar, .zip, .7zip, etc.). Extract all the malwares and put them in a folder. Then run a scan and it will detect them. In future version, they are planning to include common packers support. Others questions can be better answered by some other expert.

 

Anti-malware products that rely on detecting suspicious behavior for their effectiveness are probably best run on a live system in normal mode, where the suspicious behavior may be exhibited. Hitman Pro would likely also fall in this category.

Anti-malware products that don't rely on detecting suspicious behavior for their effectiveness are probably best run from an alternate operating system, or at least safe mode, where rootkits are less likely to hinder detection.

If in doubt, check the vendor's guidelines for usage.

 

Both Hitman Pro and Prevx are a lot better on a live system because of their behaviour techniques. I think for more traditional AV products it depends on the malware. Their new versions with new behaviour detection can maybe detect some malware only on a live system, but on the other hand, their older techniques might only detect some other malware when scanning offline. Maybe it's better to use scan with them both on- and offline, though that would be quite time-consuming when professionally/regularly cleaning computers

 

eh yo man - me again

same cite, another text - but the topic is same:
- you cite an answer to the topic how usefull MBAM works from a PE-build drive
- MBAM author and admin wrote that answer - MBAM is more effectiv on the
real system than on any PE-build due its strategy.

next - i dont get your real question - first you asked for alternatives to MBAM,
now you ask how to compare apples and peaches.
► https://www.wilderssecurity.com/showthread.php?t=279793

each am/av has its own strategy, some more, some less effective.
if you need a rescue disk get one from eset, avira, kaspersky - seem more effective
than using mbam that way - read your cite again!

concerning mbam - why dont you ask in the mbam forum if mbam elevates to
admin rights when used under lua? (sorry, i cant answer you that)
at first i would say that mbam dont elevate... which is according to the user
rights within windows - you have to scan with admin power in other profiles.

my advice for a second opinion is still mbam, in most cases its ok.
if someone cant install mbam for any reason he should think in general about a
fresh install of windows - there is something more damaged than only security.

if not mbam - then

TheCleaner Portable (Demo is sufficient)
► http://www.moosoft.com/portable

SuperAntiSpyware Portable
► http://www.superantispyware.com/portablescanner.html

HTH