max2

Can I run both Emsisoft Anti-Malware and Malwarebytes at the same time?

Recommended Posts

It's OK to use several on-demand apps as second-opinion scanners. However, you should also have some real-time protection. Or are you talking about EAM and MBAM running in real-time? As far as I know, they are compatible with each other. However, MBAM is not really necessary when EAM protects your machine. 

Share this post


Link to post
Share on other sites

If you're running EAM in freeware mode (no protection) then there shouldn't be any conflicts with other security software.

Share this post


Link to post
Share on other sites
9 hours ago, GT500 said:

If you're running EAM in freeware mode (no protection) then there shouldn't be any conflicts with other security software.

Does this mean EAM and MBAM are NOT compatible if run in real-time mode?

Share this post


Link to post
Share on other sites

Thanks for your reply. Maybe I will give it a try, but there is a certain "overlap", isn't there? 

PS: Maybe I should rephrase my question. Even if EAM and MBAM (both running in real-time) are (more or less??) compatible with each other, is it recommended/needed to run MBAM real-time alongside EAM real-time? Would MBAM real-time protection be another useful layer of protection worth adding to EAM real-time protection?

Share this post


Link to post
Share on other sites
16 hours ago, Buddel said:

Does this mean EAM and MBAM are NOT compatible if run in real-time mode?

We don't normally get reports of compatibility issues, so there shouldn't be any issues with running the two together.

 

10 hours ago, Buddel said:

... is it recommended/needed to run MBAM real-time alongside EAM real-time?

We don't generally recommend running more than one security software that has real-time protection at the same time. We understand that Malwarebytes designs their software to be able to work that way, however we don't see it as necessary (our Behavior Blocker will be more effective than extra protection from an extra security software), and running more than one security software with real-time protection does reduce system performance at least slightly.

Share this post


Link to post
Share on other sites

GT500 is correct.    I have licenses for MBAM 3, but I don't have it installed.    Testing against live malware showes me it just doesn't add anything.

 

 

Share this post


Link to post
Share on other sites

Thanks for your reply, Peter. I have a lifetime licence for Malwarebytes, but if it doesn't add any protection at all, why keep it? So it would be a good idea to uninstall it, wouldn't it?

Is additional security software such as Voodooshield, Zemana Anti-Logger or an anti-exploit app needed or is Emsisoft all I need to stay protected? I'm asking because it feels kind of "naked" to be with just one anti-malware app.:D

Share this post


Link to post
Share on other sites
10 hours ago, Buddel said:

Is additional security software such as Voodooshield, Zemana Anti-Logger or an anti-exploit app needed or is Emsisoft all I need to stay protected? I'm asking because it feels kind of "naked" to be with just one anti-malware app.

Technically none of that should be needed. You can try using a sandbox or virtual machine to run new/untrusted software in if you'd like to err on the side of caution, however our Behavior Blocker should be capable of catching anything that the Anti-Virus engines used by our File Guard might miss.

Share this post


Link to post
Share on other sites
On ‎12‎/‎14‎/‎2017 at 8:05 PM, GT500 said:

Technically none of that should be needed

"Technically" you are correct.

On the other side , if you ask the same question on all antiviruses forums, you will get the same answer: our antivirus is the best and will catch everything, you do not need a layered protection.

I recently tested MBAM  Ransomware shield only, against Wanacry, and MBAM behavior blocker blocked Wanacry after 4 files being encrypted. So seems to be working.

And don't forget: EMSI behavior shield (aka Mamutu) requires user decision. In Jan to Jun AV Comparatives the user dependent portion of EMSI was 6.4%.

At one point, the user will made a mistake and allow something.

 

Share this post


Link to post
Share on other sites

I also think layered protection is a good concept, rather than relying on just one security solution. However, I haven't found a decent app yet that I like and that is compatible with EAM. I tried Voodooshield last night, but I uninstalled it today because it blocked too many perfectly legit programs that I use.

Any suggestions for a good and easy-to-use security app (free or paid) that can be used as an additional layer of protection?

Share this post


Link to post
Share on other sites

I have been running both with exclusions in both. You paid for the so use them. This is what I do and don't care what anyone else says !

No program will catch everything. That is why a layered approach is best.

Share this post


Link to post
Share on other sites

A layered approach is what I have always preferred. I did try running MB Premium and EAM together but this combo slowed things down a bit. I reinstalled Voodooshield today to give it a second try. I'm always a bit impatient when it comes to trialling new (security) software. VS has been running smoothly since I installed it a couple of hours ago. Maybe I will just stick with EAM and VS, which seems to be quite a good layered approach to security.

Share this post


Link to post
Share on other sites
16 hours ago, Buddel said:

I also think layered protection is a good concept, rather than relying on just one security solution. However, I haven't found a decent app yet that I like and that is compatible with EAM. I tried Voodooshield last night, but I uninstalled it today because it blocked too many perfectly legit programs that I use.

Any suggestions for a good and easy-to-use security app (free or paid) that can be used as an additional layer of protection?

MBAM is an adequate soft for secondary protection, some people like to bash it now for whatever reason but it still provides a fairly strong secondary layer in my opinion. As Peter said, Appguard is another good choice if you want industrial strength protection with minimal popups. I think some of the protection layers in EAM and Hitman Pro Alert may overlap. If I were you I would go with AG or MBAM. Right now I am wrestling with the same decision, I want to run 2 programs only,  EAM is a keeper, the other choices are, AG, VS and MBAM. I have lifetime licenses for all of them. Minimal popups will be of the deciding factors. I may be overthinking this as EAM is probably all anyone needs, however, I'm like you, feel naked only running 1 program.

  • Thanks 1

Share this post


Link to post
Share on other sites

Do those of you who run things other than EAM come across things that EAM didn't detect?   If/when that happens do you report those failures-to-be-detected to Emsisoft?  

Also, do you find that EAM finds things that the other products don't? 

How do you decide that running two products is sufficient?

Share this post


Link to post
Share on other sites
Quote

Do those of you who run things other than EAM come across things that EAM didn't detect?

No, not yet.

Quote

Also, do you find that EAM finds things that the other products don't?

Don't know either. I have been using EAM for only two weeks.

Quote

How do you decide that running two products is sufficient?

It's not the number of apps that's important here. It's got something to do with the different layers of security. If two apps cover most security-related areas (exploits, ransomware etc.), then running two security products should be sufficient. For average users like me, running EAM is probably sufficient. Unless you are a "power user", Emsisoft should be all you need.

Share this post


Link to post
Share on other sites
1 hour ago, JeremyNicoll said:

Do those of you who run things other than EAM come across things that EAM didn't detect?   If/when that happens do you report those failures-to-be-detected to Emsisoft?  

Also, do you find that EAM finds things that the other products don't? 

How do you decide that running two products is sufficient?

Hi Jeremy

With my systems I've never detected anything.   Mainly I am extremely hard on email.   Even in my business email I have two strict rules.  Open no attachments and click on no links.   This apply's even w ith client emails.

Now in testing agains malware which I do in a VM configured like my hardware machine, when I want to test secondary layers of security I always have to turn off EAM.   That should answer that question.

 

Pete

 

PS I run more then two products.

Share this post


Link to post
Share on other sites
On 12/16/2017 at 7:07 AM, lock said:

I recently tested MBAM  Ransomware shield only, against Wanacry, and MBAM behavior blocker blocked Wanacry after 4 files being encrypted. So seems to be working.

Ours blocks it with zero files encrypted. ;)

Also, the last time I checked MBAM didn't have a behavior blocker like we do. They simply bought up Nathan Scott's company that made CryptoMonitor and had him integrate the technology into their products. I guess what it does could be considered a type of behavioral detection technology, however ours is more generic, and focuses on all potential threats rather than just ransomware (which means it will stop more threats). Ours also jumps into action faster from what I've seen, and ensures less damage is done to the system and the user's data.

 

On 12/16/2017 at 7:07 AM, lock said:

And don't forget: EMSI behavior shield (aka Mamutu) requires user decision.

Not anymore.

image.png
Download Image

 

On 12/16/2017 at 7:07 AM, lock said:

In Jan to Jun AV Comparatives the user dependent portion of EMSI was 6.4%.

That testing was done before the "Auto resolve" mode was added to automate Behavior Blocker decisions.

Note that "Auto resolve" is the default option in EAM since it was added, and a user has to specifically change the option to "Alert" if they want to see the traditional alerts rather than allowing the Behavior Blocker to automatically make decisions.

Also note that the notifications displayed while "Auto resolve" is enabled do have options to allow/quarantine detected files so that users can still select what to do, and they have 10 seconds by default to make a selection before the Behavior Blocker takes automatic action.

 

On 12/16/2017 at 8:23 AM, Buddel said:

I also think layered protection is a good concept, rather than relying on just one security solution.

"Layered protection" isn't necessarily bad, you just have to be sure not to use a bunch of software that does the same thing (real-time monitoring that hooks all running programs and injects code into all running programs). Why not mix it up a bit, and use a sandbox/hardware firewall/DNS protection service/etc. in addition to EAM, as opposed to just stacking a bunch of software with real-time protection? Or if you'd prefer to go the paranoid route, why not just do everything in virtual machines with snapshots that you can restore to after using them, and leave EAM to protect the host Operating System?

I know that traditionally the idea of "layered protection" is to install a bunch of software with real-time protection, and just live with the downsides. These days there are so many options when it comes to "layered protection" that we don't need to think along those lines anymore. :)

  • Like 1

Share this post


Link to post
Share on other sites
Quote

I know that traditionally the idea of "layered protection" is to install a bunch of software with real-time protection, and just live with the downsides.

This may be the "traditional" idea of "layered protection", but this is not the concept I'm talking about. I wouldn't install two or more apps that all do the same thing.

I have always preferred this approach:

Quote

Why not mix it up a bit, and use a sandbox/hardware firewall/DNS protection service/etc.

A "security mix" is always a good idea, as long as there is no "overlap".

Share this post


Link to post
Share on other sites
20 minutes ago, Buddel said:

A "security mix" is always a good idea, as long as there is no "overlap".

Exactly, less chance of having weird issues with the computer that way. ;)

Share this post


Link to post
Share on other sites

To me, "layered protection" is adding softs with features that complement each others, not overlapping.

I made a guide years ago when the idea of Layered Protection wasn't very popular (some part are outdated but you will get the idea)

Share this post


Link to post
Share on other sites
37 minutes ago, Buddel said:

Hi, @Umbra I think number 13 of your guide is definitely the most important aspect to keep in mind. Interesting guide. Well done!

Thank you :) 

Sadly i can't edit it.

Share this post


Link to post
Share on other sites

It should be made clear, perhaps, that running EAM on its own is sufficient protection for the average user whose surfing habits can be considered normal. If you surf in "uncharted waters" and/or if your level of paranoia is above average, however, a layered approach to security is something that should be taken into consideration.

  • Like 1

Share this post


Link to post
Share on other sites
8 hours ago, Buddel said:

Maybe you can post an up-to-date guide here (or at Wilders or MT).

Yes i will do 

7 hours ago, Buddel said:

It should be made clear, perhaps, that running EAM on its own is sufficient protection for the average user whose surfing habits can be considered normal. If you surf in "uncharted waters" and/or if your level of paranoia is above average, however, a layered approach to security is something that should be taken into consideration.

Indeed, Layered Protection is mostly a setup made by security geeks or at least people more security-aware than the others; Average Joe rarely bothers with it. 
If i go to uncharted territories, i rather use a VM  or a Linux live CD ;)

  • Like 1

Share this post


Link to post
Share on other sites
36 minutes ago, Umbra said:
9 hours ago, Buddel said:

Maybe you can post an up-to-date guide here (or at Wilders or MT).

Yes i will do 

Cool, looking forward to it.

Share this post


Link to post
Share on other sites

Could it be that Malwarebytes is a little more strict compared to EAM ?

Had both running (MBAM and EAM) and download-geek.com was immediately blocked by MBAM.

Disabled/uninstalled MBAM and visited the same site that included a link to download-geek.com. The site wasn't blocked by EAM.

I checked some comments on this site on other sites and noticed 'Fraud Site Alert' and negative reviews on TrustPilot.

https://www.reddit.com/r/fraud/comments/6lk8ms/fraud_site_alert_downloadgeekcom/

https://ie.trustpilot.com/review/download-geek.com

 

Share this post


Link to post
Share on other sites

You are running 2 security applications that overlap each other.  One being more strict than the other has absolutely nothing to do with who detects something and the other doesn't.  It entirely depends on which application intercepts the activity first.  If MBAM intercepts and acts on something first then there is nothing for EAM to act on, and the reverse applies.  If EAM intercepts and and acts on something first then there is nothing for MBAM to act on.

Share this post


Link to post
Share on other sites
12 hours ago, emwul64 said:

Could it be that Malwarebytes is a little more strict compared to EAM ?

Had both running (MBAM and EAM) and download-geek.com was immediately blocked by MBAM.

Disabled/uninstalled MBAM and visited the same site that included a link to download-geek.com. The site wasn't blocked by EAM.

I checked some comments on this site on other sites and noticed 'Fraud Site Alert' and negative reviews on TrustPilot.

It isn't on any blacklists that VirusTotal checks:
https://www.virustotal.com/#/url/700ecd8cb7acae0b41af60c1ed455b5cc2548e2ce091336d0f81e46ed47c7184/detection

It probably doesn't meet our criteria for classifying it as a threat, even though it does sounds like it's pretty shady.

Share this post


Link to post
Share on other sites
5 hours ago, Kevin Zoll said:

You are running 2 security applications that overlap each other.  One being more strict than the other has absolutely nothing to do with who detects something and the other doesn't.  It entirely depends on which application intercepts the activity first.  If MBAM intercepts and acts on something first then there is nothing for EAM to act on, and the reverse applies.  If EAM intercepts and and acts on something first then there is nothing for MBAM to act on.

Ehm... Just for good order's sake: I uninstalled MBAM (+did a reboot) and then tried the same site again, so as to see how EAM would respond on the same site.


Note that the thing I am worried about most is being infected by simply visiting a website / re-directed to a website. Think it is called 'exploit kits'(?)
Files, attachments, etc. they are within -my- control, meaning to say: I can check them with EAM, Virustotal and in case of need run them within VM.
The usual Youtube videos show differences between AV product X and AV product Y whilst testing them on virus .exe files. Interesting, but not my prime concern.
1)  my ISP scans on viruses (virus scan is included in my subscription),
2) then  in case of emails, they first land into Mailwasher that quote Eliminate spam and viruses before they get to your pc unquote (obviously it can not be compared to a dedicated AV product, but still)
3) then Emsisoft
4) Virustotal
5) run within VM if I still have doubt
In case of possible phishing mails, I check them out first (check the included URLs, check if there are any reports, etc)

But .. getting infected by visiting a website is beyond my control... As said, that's the thing I am worried about most.
Sorry to keep on nagging about this specific thing.
So far I was always warned when visiting such sites and I immediately moved away from them. EAM is set to using its default settings.

Share this post


Link to post
Share on other sites
On 1/6/2018 at 1:23 AM, emwul64 said:

I can check them with EAM, Virustotal and in case of need run them within VM.

Keep in mind that PUP detection is disabled in our scanner on VirusTotal, so scan results on VirusTotal may not always be identical to what you'd see in the product.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.