Using multiple HIPS progs - conflicts?

Discussion in 'other anti-malware software' started by R2D2, Jan 24, 2006.

Thread Status:
Not open for further replies.
  1. R2D2

    R2D2 Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    70
    Location:
    Tatooine
    It is well advised to not use multiple antivirus progs together since they may conflict with each other upon virus detection. But, I wonder if using multiple HIPS (IPS, IDS,...) proactive protection progs together would also result in conflict issues just as well? For example, Online Armor can be used with an antivirus prog with its proactive protection feature. But, now that Eset's NOD32 also supports proactive protection against malware including rootkit detection, would it conflict with Online Armor's proactive protection also since NOD32 is an antivirus prog? OR, how about using two strictly HIPS proactive progs together?
    (I don't mind redundancy with prompt alerts.)

    I am soon to test these two programs together as trial versions to experiment if any conflicts arise with both of their proactive HIPS protection features. I will post results of both programs on how they work together but my chances of catching bad malware with them is probably slim within their trial timeline periods and since I practice safe .......browsing:D
     
  2. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    An antivirus, with or without heuristics, isn't going to conflict with a behavior blocker under normal circumstances. Two HIPS programs that do some of the same things possibly can, although they are less likely to conflict than two antiviruses or firewalls. Whenever you install more than one program of the same type, that operate primarily in kernel mode, it is very wise to be prepared for the worst. It may be that they work quite well together, but you don't want to find out the hard way that they don't and not have an escape plan :)

    With your specific situation, I have not found any problems running OA with NOD32. OA is made to work alongside programs like NOD32, and several of us that did the beta made sure of it :D NOD32 is still just a scanner, it's proactive features are in it's scanning, it's not a behavior blocker at this point (and it probably never will be). I haven't even had problems with NOD32 and other rootkit scanners such as the one in Prevx1 or UnHackMe/RegRun Platinum.
     
  3. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,041
    NOD , PG, Online Armour, RegRun-Antihack and Outpost are fine together on my system. When I had SNS on my system it generally got along well with other apps - few problems but it was a Beta

    I use First Defence ISR and always take asnapshot before installing this sort of app. For me Outpost has caused the most install problems and the occasional running problem - fixed now.

    Fsecure and Zonelabs don't good along well.
     
  4. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    If you do find conflicts with Online Armor, please let us know. Personally I am keen to make sure OA is as good a citizen as possible when it comes to peaceful co-existence with other vendors software.

    Cheers

    Mike
     
  5. R2D2

    R2D2 Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    70
    Location:
    Tatooine
    Good to know that OA and NOD32 worked well together during beta Notok.
    Thanks for that info!

    I'll try them both on my Win98 OS for a few weeks and of course I'll let you know Mike if any conflicts arise using OA with the newest version of NOD.

    Does this mean its proactive feature (ThreatSense® technology) is only enabled through NOD32's on demand scanner rather than running resident?
    Reference: http://www.eset.com/about/press.htm#rootkit

    Jeff
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,054
    Hi R2D2

    Barring some unusual thing, you shouldn't have a problem. I am running latest version of Outpost 3.0,Kav 6.0 beta with Proactive Defense turned on, Online Armor,Appdefend,Regdefend, and Safe'n'Sec. They all work fine together. Very quiet on the popup front until you do and install or uninstall. Then does get just a tad busy.

    Pete
     
  7. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    No, it's just that NOD32's proactive defense is based on scanning.. it runs the file in a virtual environment, scanning it for malicious behavior, before letting it run.. apps like OA defend certain points in the system so that if a malicious action is taken after it runs, you have the opportunity to block it. They control the process at completely different points, so there shouldn't be any conflict in that regard :)
     
  8. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    That is definately a lot of HIPS type protection you got there going on. On the other hand , by experience here, I have noticed a slight conflict using all options on Safe'n'Sec while using AppDefend\RegDefend. Now I can imaging adding the Proactive module from KAV, which is still not quite finished. Nice work in getting them to work together. Hope you keep on getting a smooth ride using all of them.

    dja2k
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,054
    Well, I do apply a little discretation. I've turned off the network monitoring in SnS, just because it is a total over lap to appdefend. Also I have Office guard off in KAV 6.0 beta because there still is a bug there. But I've found while there obviously is overlap, they all still do cover some unique things.I(Don't ask I haven't cataloged them) and as I said as long as I am not doing installs, all is pretty quiet.

    Pete
     
Loading...
Thread Status:
Not open for further replies.