Can I run both Emsisoft Anti-Malware and Malwarebytes at the same time?

[max2]

Both on demand.

[Buddel]

It's OK to use several on-demand apps as second-opinion scanners. However, you should also have some real-time protection. Or are you talking about EAM and MBAM running in real-time? As far as I know, they are compatible with each other. However, MBAM is not really necessary when EAM protects your machine. 

[GT500]

If you're running EAM in freeware mode (no protection) then there shouldn't be any conflicts with other security software.

[Buddel]

9 hours ago, GT500 said:

If you're running EAM in freeware mode (no protection) then there shouldn't be any conflicts with other security software.

Does this mean EAM and MBAM are NOT compatible if run in real-time mode?

[Peter2150]

I have run both together in real time with no issues.

[Buddel]

Thanks for your reply. Maybe I will give it a try, but there is a certain "overlap", isn't there? 

PS: Maybe I should rephrase my question. Even if EAM and MBAM (both running in real-time) are (more or less??) compatible with each other, is it recommended/needed to run MBAM real-time alongside EAM real-time? Would MBAM real-time protection be another useful layer of protection worth adding to EAM real-time protection?

[GT500]

16 hours ago, Buddel said:

Does this mean EAM and MBAM are NOT compatible if run in real-time mode?

We don't normally get reports of compatibility issues, so there shouldn't be any issues with running the two together.

 

10 hours ago, Buddel said:

... is it recommended/needed to run MBAM real-time alongside EAM real-time?

We don't generally recommend running more than one security software that has real-time protection at the same time. We understand that Malwarebytes designs their software to be able to work that way, however we don't see it as necessary (our Behavior Blocker will be more effective than extra protection from an extra security software), and running more than one security software with real-time protection does reduce system performance at least slightly.

[Buddel]

Thanks for your reply. I installed Malwarebytes last night - no problems so far. 

[Peter2150]

GT500 is correct.    I have licenses for MBAM 3, but I don't have it installed.    Testing against live malware showes me it just doesn't add anything.

 

 

[Buddel]

Thanks for your reply, Peter. I have a lifetime licence for Malwarebytes, but if it doesn't add any protection at all, why keep it? So it would be a good idea to uninstall it, wouldn't it?

Is additional security software such as Voodooshield, Zemana Anti-Logger or an anti-exploit app needed or is Emsisoft all I need to stay protected? I'm asking because it feels kind of "naked" to be with just one anti-malware app.

[GT500]

10 hours ago, Buddel said:

Is additional security software such as Voodooshield, Zemana Anti-Logger or an anti-exploit app needed or is Emsisoft all I need to stay protected? I'm asking because it feels kind of "naked" to be with just one anti-malware app.

Technically none of that should be needed. You can try using a sandbox or virtual machine to run new/untrusted software in if you'd like to err on the side of caution, however our Behavior Blocker should be capable of catching anything that the Anti-Virus engines used by our File Guard might miss.

[Buddel]

Thank you very much for your reply. Much appreciated.

[GT500]

You're welcome.

[lock]

On ‎12‎/‎14‎/‎2017 at 8:05 PM, GT500 said:

Technically none of that should be needed

"Technically" you are correct.

On the other side , if you ask the same question on all antiviruses forums, you will get the same answer: our antivirus is the best and will catch everything, you do not need a layered protection.

I recently tested MBAM  Ransomware shield only, against Wanacry, and MBAM behavior blocker blocked Wanacry after 4 files being encrypted. So seems to be working.

And don't forget: EMSI behavior shield (aka Mamutu) requires user decision. In Jan to Jun AV Comparatives the user dependent portion of EMSI was 6.4%.

At one point, the user will made a mistake and allow something.

 

[Buddel]

I also think layered protection is a good concept, rather than relying on just one security solution. However, I haven't found a decent app yet that I like and that is compatible with EAM. I tried Voodooshield last night, but I uninstalled it today because it blocked too many perfectly legit programs that I use.

Any suggestions for a good and easy-to-use security app (free or paid) that can be used as an additional layer of protection?

[Peter2150]

Appguard and/or Hitman Pro Alert are two excellent choices.  But frankly unless you are in a high risk catagory EAM alone should stand you in good shape

[Buddel]

OK, thanks Peter. EAM alone is probably more than enough for me.

[Ken1943]

I have been running both with exclusions in both. You paid for the so use them. This is what I do and don't care what anyone else says !

No program will catch everything. That is why a layered approach is best.

[Buddel]

A layered approach is what I have always preferred. I did try running MB Premium and EAM together but this combo slowed things down a bit. I reinstalled Voodooshield today to give it a second try. I'm always a bit impatient when it comes to trialling new (security) software. VS has been running smoothly since I installed it a couple of hours ago. Maybe I will just stick with EAM and VS, which seems to be quite a good layered approach to security.

[digmor crusher]

16 hours ago, Buddel said:

I also think layered protection is a good concept, rather than relying on just one security solution. However, I haven't found a decent app yet that I like and that is compatible with EAM. I tried Voodooshield last night, but I uninstalled it today because it blocked too many perfectly legit programs that I use.

Any suggestions for a good and easy-to-use security app (free or paid) that can be used as an additional layer of protection?

MBAM is an adequate soft for secondary protection, some people like to bash it now for whatever reason but it still provides a fairly strong secondary layer in my opinion. As Peter said, Appguard is another good choice if you want industrial strength protection with minimal popups. I think some of the protection layers in EAM and Hitman Pro Alert may overlap. If I were you I would go with AG or MBAM. Right now I am wrestling with the same decision, I want to run 2 programs only,  EAM is a keeper, the other choices are, AG, VS and MBAM. I have lifetime licenses for all of them. Minimal popups will be of the deciding factors. I may be overthinking this as EAM is probably all anyone needs, however, I'm like you, feel naked only running 1 program.

[Buddel]

Thanks for your reply, @digmor crusher. I'm currently using EAM and VS. I'm still playing with this combo a bit, and I do think this might be the security setup I have been looking for. No problems so far. 

[JeremyNicoll]

Do those of you who run things other than EAM come across things that EAM didn't detect?   If/when that happens do you report those failures-to-be-detected to Emsisoft?  

Also, do you find that EAM finds things that the other products don't? 

How do you decide that running two products is sufficient?

[Buddel]

Quote

Do those of you who run things other than EAM come across things that EAM didn't detect?

No, not yet.

Quote

Also, do you find that EAM finds things that the other products don't?

Don't know either. I have been using EAM for only two weeks.

Quote

How do you decide that running two products is sufficient?

It's not the number of apps that's important here. It's got something to do with the different layers of security. If two apps cover most security-related areas (exploits, ransomware etc.), then running two security products should be sufficient. For average users like me, running EAM is probably sufficient. Unless you are a "power user", Emsisoft should be all you need.

[Peter2150]

1 hour ago, JeremyNicoll said:

Do those of you who run things other than EAM come across things that EAM didn't detect?   If/when that happens do you report those failures-to-be-detected to Emsisoft?  

Also, do you find that EAM finds things that the other products don't? 

How do you decide that running two products is sufficient?

Hi Jeremy

With my systems I've never detected anything.   Mainly I am extremely hard on email.   Even in my business email I have two strict rules.  Open no attachments and click on no links.   This apply's even w ith client emails.

Now in testing agains malware which I do in a VM configured like my hardware machine, when I want to test secondary layers of security I always have to turn off EAM.   That should answer that question.

 

Pete

 

PS I run more then two products.

[Umbra]

I also run several products but not 2 real-time scanners at same time.

[GT500]

On 12/16/2017 at 7:07 AM, lock said:

I recently tested MBAM  Ransomware shield only, against Wanacry, and MBAM behavior blocker blocked Wanacry after 4 files being encrypted. So seems to be working.

Ours blocks it with zero files encrypted.

Also, the last time I checked MBAM didn't have a behavior blocker like we do. They simply bought up Nathan Scott's company that made CryptoMonitor and had him integrate the technology into their products. I guess what it does could be considered a type of behavioral detection technology, however ours is more generic, and focuses on all potential threats rather than just ransomware (which means it will stop more threats). Ours also jumps into action faster from what I've seen, and ensures less damage is done to the system and the user's data.

 

On 12/16/2017 at 7:07 AM, lock said:

And don't forget: EMSI behavior shield (aka Mamutu) requires user decision.

Not anymore.

 

On 12/16/2017 at 7:07 AM, lock said:

In Jan to Jun AV Comparatives the user dependent portion of EMSI was 6.4%.

That testing was done before the "Auto resolve" mode was added to automate Behavior Blocker decisions.

Note that "Auto resolve" is the default option in EAM since it was added, and a user has to specifically change the option to "Alert" if they want to see the traditional alerts rather than allowing the Behavior Blocker to automatically make decisions.

Also note that the notifications displayed while "Auto resolve" is enabled do have options to allow/quarantine detected files so that users can still select what to do, and they have 10 seconds by default to make a selection before the Behavior Blocker takes automatic action.

 

On 12/16/2017 at 8:23 AM, Buddel said:

I also think layered protection is a good concept, rather than relying on just one security solution.

"Layered protection" isn't necessarily bad, you just have to be sure not to use a bunch of software that does the same thing (real-time monitoring that hooks all running programs and injects code into all running programs). Why not mix it up a bit, and use a sandbox/hardware firewall/DNS protection service/etc. in addition to EAM, as opposed to just stacking a bunch of software with real-time protection? Or if you'd prefer to go the paranoid route, why not just do everything in virtual machines with snapshots that you can restore to after using them, and leave EAM to protect the host Operating System?

I know that traditionally the idea of "layered protection" is to install a bunch of software with real-time protection, and just live with the downsides. These days there are so many options when it comes to "layered protection" that we don't need to think along those lines anymore.

[Buddel]

Quote

I know that traditionally the idea of "layered protection" is to install a bunch of software with real-time protection, and just live with the downsides.

This may be the "traditional" idea of "layered protection", but this is not the concept I'm talking about. I wouldn't install two or more apps that all do the same thing.

I have always preferred this approach:

Quote

Why not mix it up a bit, and use a sandbox/hardware firewall/DNS protection service/etc.

A "security mix" is always a good idea, as long as there is no "overlap".

[GT500]

20 minutes ago, Buddel said:

A "security mix" is always a good idea, as long as there is no "overlap".

Exactly, less chance of having weird issues with the computer that way.

[Umbra]

To me, "layered protection" is adding softs with features that complement each others, not overlapping.

I made a guide years ago when the idea of Layered Protection wasn't very popular (some part are outdated but you will get the idea)

[Buddel]

Hi, @Umbra I think number 13 of your guide is definitely the most important aspect to keep in mind. Interesting guide. Well done!

[Umbra]

37 minutes ago, Buddel said:

Hi, @Umbra I think number 13 of your guide is definitely the most important aspect to keep in mind. Interesting guide. Well done!

Thank you  

Sadly i can't edit it.

[Buddel]

1 hour ago, Umbra said:

Sadly i can't edit it.

Maybe you can post an up-to-date guide here (or at Wilders or MT).

[Buddel]

It should be made clear, perhaps, that running EAM on its own is sufficient protection for the average user whose surfing habits can be considered normal. If you surf in "uncharted waters" and/or if your level of paranoia is above average, however, a layered approach to security is something that should be taken into consideration.

[Umbra]

8 hours ago, Buddel said:

Maybe you can post an up-to-date guide here (or at Wilders or MT).

Yes i will do 

7 hours ago, Buddel said:

It should be made clear, perhaps, that running EAM on its own is sufficient protection for the average user whose surfing habits can be considered normal. If you surf in "uncharted waters" and/or if your level of paranoia is above average, however, a layered approach to security is something that should be taken into consideration.

Indeed, Layered Protection is mostly a setup made by security geeks or at least people more security-aware than the others; Average Joe rarely bothers with it. 
If i go to uncharted territories, i rather use a VM  or a Linux live CD 

[Buddel]

36 minutes ago, Umbra said:

9 hours ago, Buddel said:

Maybe you can post an up-to-date guide here (or at Wilders or MT).

Yes i will do 

Cool, looking forward to it.

[emwul64]

Could it be that Malwarebytes is a little more strict compared to EAM ?

Had both running (MBAM and EAM) and download-geek.com was immediately blocked by MBAM.

Disabled/uninstalled MBAM and visited the same site that included a link to download-geek.com. The site wasn't blocked by EAM.

I checked some comments on this site on other sites and noticed 'Fraud Site Alert' and negative reviews on TrustPilot.

https://www.reddit.com/r/fraud/comments/6lk8ms/fraud_site_alert_downloadgeekcom/

https://ie.trustpilot.com/review/download-geek.com

 

[ShadowPuterDude]

You are running 2 security applications that overlap each other.  One being more strict than the other has absolutely nothing to do with who detects something and the other doesn't.  It entirely depends on which application intercepts the activity first.  If MBAM intercepts and acts on something first then there is nothing for EAM to act on, and the reverse applies.  If EAM intercepts and and acts on something first then there is nothing for MBAM to act on.

[GT500]

12 hours ago, emwul64 said:

Could it be that Malwarebytes is a little more strict compared to EAM ?

Had both running (MBAM and EAM) and download-geek.com was immediately blocked by MBAM.

Disabled/uninstalled MBAM and visited the same site that included a link to download-geek.com. The site wasn't blocked by EAM.

I checked some comments on this site on other sites and noticed 'Fraud Site Alert' and negative reviews on TrustPilot.

It isn't on any blacklists that VirusTotal checks:
https://www.virustotal.com/#/url/700ecd8cb7acae0b41af60c1ed455b5cc2548e2ce091336d0f81e46ed47c7184/detection

It probably doesn't meet our criteria for classifying it as a threat, even though it does sounds like it's pretty shady.

[emwul64]

5 hours ago, Kevin Zoll said:

You are running 2 security applications that overlap each other.  One being more strict than the other has absolutely nothing to do with who detects something and the other doesn't.  It entirely depends on which application intercepts the activity first.  If MBAM intercepts and acts on something first then there is nothing for EAM to act on, and the reverse applies.  If EAM intercepts and and acts on something first then there is nothing for MBAM to act on.

Ehm... Just for good order's sake: I uninstalled MBAM (+did a reboot) and then tried the same site again, so as to see how EAM would respond on the same site.

Note that the thing I am worried about most is being infected by simply visiting a website / re-directed to a website. Think it is called 'exploit kits'(?)
Files, attachments, etc. they are within -my- control, meaning to say: I can check them with EAM, Virustotal and in case of need run them within VM.
The usual Youtube videos show differences between AV product X and AV product Y whilst testing them on virus .exe files. Interesting, but not my prime concern.
1)  my ISP scans on viruses (virus scan is included in my subscription),
2) then  in case of emails, they first land into Mailwasher that quote Eliminate spam and viruses before they get to your pc unquote (obviously it can not be compared to a dedicated AV product, but still)
3) then Emsisoft
4) Virustotal
5) run within VM if I still have doubt
In case of possible phishing mails, I check them out first (check the included URLs, check if there are any reports, etc)

But .. getting infected by visiting a website is beyond my control... As said, that's the thing I am worried about most.
Sorry to keep on nagging about this specific thing.
So far I was always warned when visiting such sites and I immediately moved away from them. EAM is set to using its default settings.

[emwul64]

4 hours ago, GT500 said:

It isn't on any blacklists that VirusTotal checks:
https://www.virustotal.com/#/url/700ecd8cb7acae0b41af60c1ed455b5cc2548e2ce091336d0f81e46ed47c7184/detection

It probably doesn't meet our criteria for classifying it as a threat, even though it does sounds like it's pretty shady.

Many thanks indeed!

[GT500]

On 1/6/2018 at 1:23 AM, emwul64 said:

I can check them with EAM, Virustotal and in case of need run them within VM.

Keep in mind that PUP detection is disabled in our scanner on VirusTotal, so scan results on VirusTotal may not always be identical to what you'd see in the product.