ewido guard & AVG shield conflict?

Discussion in 'other anti-trojan software' started by Tommy Vercetti, Jun 15, 2005.

Thread Status:
Not open for further replies.
  1. Hi,

    I don't know if this issue has been discussed before, but i could not find anything searching the forum.

    I've recently installed the trial version of ewido security suite(13 days of trial left). I also have AVG Free edition (7.0323) running on my machine.

    I wanted to test ewidoguard, so i tried too download the eicar testfile. Obviously, the AVG shield immediately picked up on this, and asked if i wanted to delete eicar testfile.

    No warning was given by ewidoguard, so there seems to be some kind of conflict between AVG and ewidoguard?

    Shouldn't ewidoguard not also report a warning at the same time?

    I disabled AVG and tried again, this time, ewidoguard did give a warning!

    My point is, that whilst there will be some malware detectable by both AVG shield and ewidoguard. AVG seems to have priority and will report first.

    My question is, if something that isn't detected by AVG, but is by ewido, would AVG unknowningly block ewido from reporting these detections?

    Is there a testfile similar to the eicar test, that is detected by antitrojans only and not by AV's like AVG ?

    That way i know, that no conflict exists between the two guards and that ewidoguard is truely working.

    Otherwise as far as i can tell ewidoguard only works when AVG is disabled. Which is pointless since i want my antivirus and antitrojan to work together!

    Thanks
    Tommy
    PS (Ewidoguard does not have a red cross in it and works fine when avg is disabled)
     
  2. se7engreen

    se7engreen Registered Member

    Joined:
    Feb 6, 2004
    Posts:
    369
    Location:
    USA
    No, AVG should only lock the files that it detects as malware.
    I wouldn't call it pointless as there may be a time where AVG does not detect something that Ewido will. Anyway, when an antivirus grabs a malware file, it locks it preventing access to that file by anything else. So that's why ewido won't detect it at the same time. I'm sure it would work the same if ewido got hold of the file first, then AVG wouldn't have access.
    Here's a link to a trojan simulator (from the same company that makes TrojanHunter): http://www.trojanhunter.com/trojansimulator/ The file is harmless.
     
  3. Thanks.

    I downloaded the simulator and ewidoguard caught it, fast :)

    I realise now, that there is no conflict.

    Out of curiousity, what determines which anti-malware gets too malware first?
    ie - in this case AVG got to the eicar test file before ewido?

    Tommy
     
  4. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Your AV will always have first bite of the cherry. An AT only picks up what the AV misses.

    The reason for this is that an AV digs deep into your system, in order to avoid conflict it is necessary for the AT to work at a different 'level'.

    An AT is designed to be used as an additional layer of protection. Why not try the trojan test with Ewido switched off - I think you will find that your AV misses it altogether. That is why people have ATs!
     
  5. .....

    ..... Registered Member

    Joined:
    Jan 14, 2005
    Posts:
    312
    Your anti-virus will have "first dibs" at the malware. EwidoGuard is a MEMORY SCANNER - scans the files while in memory. Your anti-virus is a FILE SCANNER - the realtime monitor scans the file as its accessed/ executed.



    Ooops... TopperID beat me to it :doubt:
     
    Last edited: Jun 15, 2005
Thread Status:
Not open for further replies.