Are 3 installed on-demand scanners too many?

Discussion in 'other anti-malware software' started by justenough, Jul 16, 2013.

Thread Status:
Not open for further replies.
  1. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,509
    Yesterday I installed Emsisoft Anti-Malware for the Behavior Blocker Mamutu and for the scanner that's set to on-demand. That now makes 3 with HitmanPro and Malwarebytes Anti-Malware. And Webroot SecureAnywhere real-time. Are they all hooking into the OS? Can that cause conflicts or open up vulnerabilities? If so, which of those three would you run on-demand?
     
  2. Janus

    Janus Registered Member

    Joined:
    Jan 2, 2012
    Posts:
    588
    Location:
    Europe - Denmark .
    Hey justenough

    If I have to choose one of those mentioned in your post as a on demand scanner, then I would choose without any doubt Emsisoft. They have by far the strongest most complete signature database. Regarding your question if you configuration can cause conflicts, then has my policy always been, one Antivirus solution, one on demand scanner, and a strong image backup. It has always kept me out of incompatibility issues and secured.

    Regards, Janus
     
  3. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,079
    Location:
    Netherlands
    When first running without AV, I scanned before image backup with 4 on demand scanners, each because they were great at something (between brackets) and using different engines (e.g overlap between HMP and Emsisoft made me choose for HMP, simply because it is Dutch :oops: )

    1. HitmanPro (heuristics = loadpoints + memory + reg/file traces)
    2. NortonPowerEraser (windows load points)
    3. F-secure online scan (memory)
    4. MBAM (reg/file traces)
     
  4. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,509
    Thanks Janus, that sounds like a good policy to follow.

    I can see that this question might wander into the A vs B vs C zone, so I'll amend the question to: "If only using one or two of EAM, HMP or MBAM, which would be the best match to go with WSA? Or would you use all 3, the number of hooks doesn't matter?"
     
  5. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,509
    W-S I'll look into the two programs you've listed that I haven't used. Do you think it would be worthwhile uninstalling a few of the scanner programs between imaging, or do you think the hooks aren't that big a deal?
     
  6. CrusherW9

    CrusherW9 Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    516
    Location:
    United States
    EAM uses both their anti-malware engine, and Bitdefender's engine. So it's pretty comprehensive. I personally use Hitman Pro and Emsisoft Command Line Scanner (same engine as EAM's scanner).
     
  7. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,079
    Location:
    Netherlands
    Well either WSA or EAM would be sufficient, both are great applications with EAM dual engine with great intrusion detection and WSA super light with great heuristcs and option to monitor untrusted processes (keeping them in AppGuard like container) and behaviour monitor plus smart outbound firewall application monitoring. Can't recommend the one above the other, it is up to preference.

    The others are used on-demand, so hooks / API /SSDT should not be of a problem (when you want less overhead I am afraid you have to choose between EAM and WSA used in real time).
     
  8. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,509
    I guess that is my question, is there any reason to limit the number of on-demand scanners? Maybe I need to do a little reading about hooks.
     
  9. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,780
    If the scanners are truly just on-demand, and nothing resident running, then you can use 100 of them if you like, it doesn't matter...
     
  10. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,509
    In my task manager there are processes running for A2 (Emsisoft), HitmanPro and MBAM. This means they are running resident, right?

    I installed EAM and then turned off the File Guard and Surf Protection because I just wanted to use the behavior blocker (probably redundant since WSA also has a BB) and the scanner on-demand. So if I don't want EAM running resident (adding hooks into the OS?), maybe Emsisoft Emergency Kit would be better? I think HitmanPro asks if you want to install the program, which I did so it could be set to do automatic scans, but maybe it also can just be started manually for scans. MBAM is definitely installed, doing scheduled scans, I'm not sure if it can be used uninstalled.

    Am I on the right track here? Is it better to have fewer installed scanning programs so there are fewer hooks?
     
    Last edited: Jul 17, 2013
  11. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,509
    I've been with WSA for half a year because as you say it is super light, has a BB and supplements the Windows firewall. The good detection scores are a nice bonus.:) I'm asking about my 3 on-demand scanners because I don't want anything getting in the way of WSA.
     
  12. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,780
    Yes... I don't know all of the specific programs you're talking about, so I can't say much, except that running multiple resident apps together could produce conflicts, the same as running more than one AV can. I don't know which ones play well with which, so I can't help there. You can try running a few together and see what happens. Or see what other people recommend...
     
  13. blasev

    blasev Registered Member

    Joined:
    Oct 25, 2010
    Posts:
    763
    My Combo

    HitmanPro + Malwarebytes - for quick scan
    EEK instead of EAM - for deep scan / usb flash drive scan
     
  14. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe
    Not necessary, but Emsisoft Antimalware freeware, for example, runs a process also if it's only on demand. So, I set it in Services as manual.
     
  15. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe
    Agree completely. Your configuration is redundant. Better, if you want a third, a forth opinion, to run a scan/rescue cd av, as Avira or Kaspersky.
     
  16. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,509
    Okay, I've uninstalled EAM, HMP and MBAM, and downloaded Emsisoft Emergency Kit and a new copy of HitmanPro to run on-demand only, no install like before. I already had the Kaspersky rescue disk stashed away, which I'll now use for occasional scans, like before system imaging as W-S suggested. Not sure about what to do with MBAM, if it'll work without an install.

    Could be my imagination, but the computer seems a little snappier now. Anyway, it's a fast setup.

    Seems like it would be a good idea to put these scanners onto a bootable USB or disk. That'll take some looking into to find out how to do it.
     
    Last edited: Jul 17, 2013
  17. noblelord

    noblelord Registered Member

    Joined:
    Aug 19, 2009
    Posts:
    162
    Location:
    UK
    If you're so worried about malware that you'd run three on-demand scanners, you might as well run a Linux live USB - it'll run faster and you'll reduce your vulnerability to malware by about 95%. :)
     
  18. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe
    Did you clean the system after the uninstallations ? also, may be a defrag can be useful.
     
  19. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,509
    The uninstalling was done with RevoPro, a great little program that usually finds stuff left over. Then I ran CCleaner and then used it to clean up the registry. The computer seems just a fraction faster than before, maybe because of removing Mamutu in EAM. The Windows 7 defragger is running once a week, I checked and it said 0% fragmentation.
     
  20. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,509
    Good idea, and I really liked PuppyLinux for browsing, but it becomes a problem when jumping around like I do from browsing to playing games to working with a Windows specific program. And my experience has been that Windows can be safe and fast using the right combination of software.

    In spite of appearances, because of Sandboxie and WSA I'm not that worried about malware. After all, the on-demand scanners never find anything. Since there are some really good scanners available, why not use them. Except that now, thanks to the help given in this thread :) , I realize that there's a difference between installed and uninstalled on-demand scanners.
     
  21. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    That depends on the installation. EAM isn't an on-demand scanner, it's a full antivirus with disabled real-time guards on free license. Heck you were even running Mamutu.

    MBAM and HMP makes little difference installed or not, because they don't run in the background unless you schedule them. I have them installed for convenient right-click menu.
     
  22. Sordid

    Sordid Registered Member

    Joined:
    Oct 25, 2011
    Posts:
    221
    Yeah, if you take a prog/suite like MSE or Emsisoft and remove the realtime, you still get most of the services running albeit likely under lower cpu time.

    & HMP can add shell context. MBAM can run a scheduling service along with context and R/T options.

    I run EEK OD. It's slow as hell and the updates often 200+MB between scans. No impact when off. I use this the least but is in my active toolbox over gear like Norton PE or McAfee Stinger which are simply there "just in case".

    I run MBAM paid scheduled per 1 quick scan a day. Schedule runs always as a service. CPU is high during updates and scans. But all at once. Seamless.

    I run HMP and love it. Can be made fully on-demand/portable/no context. Has the bitdefender engine so no need for EEK updates. And add a few other engines. It's fast. But it does not scan all files (only executables), uses cloud (privacy), doesn't do archives, and won't do large file sizes.

    With MBAM/HMP and a VT uploader--there is really no need for anything else. If the signature is known (aka non-zero day). They are going to nail it or EEK or anything else would doubtfully help versus the time.

    I would consider adding Spybot S/D to the mix as an OD. You have a lot of redundancy in scanning via malware sigs with EEK/MB/HMP. Spybot is almost a bad joke but still very good a finding particular crustware--usually toolbars and such mixed into legit software installers (CNET dung). PUPS/PUCS.
     
  23. Sordid

    Sordid Registered Member

    Joined:
    Oct 25, 2011
    Posts:
    221
  24. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Interesting you consider Spybot when it's currently real-time with background drivers/services. I'd say Comodo Cleaning Essentials is the third best if they updated the program.

    EEK is probably better, but I dislike using engines included by HMP. Don't care about deep scans.
     
  25. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,002
    Location:
    USA
    Does this cloud scanner have to be installed, or is no installation required?
     
Loading...
Thread Status:
Not open for further replies.