I am interested in any feedback about running multiple anti-malware programs simultaneously. The reason I ask is that I have used Malwarebytes for a few years and contribute to beta testing of thier software products. I understand that you would certainly not run NAV and Kasperski, or any other real-time "AV" protection together. I am interested in any feedback anyone might have on possible conflicts between Norton and MWB. I use MWB because it finds issues that Norton does not. Actually, many issues. I have not encountered any problems such as high memory usage or excessive disk writing / caching. Norton and MWB seem to coexist peacefully on the same machine. Is the pragmatic approach a single-point solution? Or are both beneficial as my experience has shown me?
On a similar thread, I observed a scary event when I started my PC one day. I noticed that Norton did not appear on the task bar for much longer than I had comfort. When I tried to execute task manager, I knew something was wrong. I was sure that I was the recipient of something very nasty in the core of my PC. It turns out that for whatever reason, a program was sitting up at the top of task manager, consuming a huge amout of CPU cycles, for several minutes. When Norton came to the task bar, it was greyed out and the data protection component of Norton was unavailable. I had never seen MsMpEng.exe before and I quickly found out that it was the M$ "AntiMalware Service Executable." I examined the executable in Process Explorer. I have to say that it really pissed me off. I went to see the status of Windows Defender in settings, and found it also was unavailable to turn off. So I edited the registry and the local GP to turn off all references to windows defender. That solved the problem. For now, anyway.
Windows did not seem to care that there was already active, protected antimalware processes running.
This is my question: I was under the impression that the presence of a third-party AV/AM would supercede Windows Defender processes (not all of them, of course) in Win 10. Had I not shut down the M$ Antimalware my PC would be barely usable. Was my assumption incorrect about third-party AV?
I don't wish to vent my issues with M$ on this thread, but Windows 10 is increasingly intrusive and out of control. The fact that Windows can modify my custom firewall settings in Norton is insane. There is no warning or dialogue. </snip>
Thanks all for any feedback on these two issues you may provide. I appreciate it and I thank you for your time. Please do not hesitate to put me in my place if required. Not a problem.
...I found that I needed to delay the MWB startup "self protection" so Windows could take care of housekeeping, like DWM, and especially WMI. My new, fast Dell PC was brought to a halt. After a few hours with Mark Russinovich's ProcExp64 and ProcMon, while modulating the delay time for MWB protection, I came to the conclusion that MWB needed to be removed...
Hi AntiCorr3lation:
... and I don't know if anyone has already suggested this, but you should check your Windows 10 settings and ensure the Fast Startup power option is disabled as instructed in the TenForums tutorial How to Turn On or Off Fast Startup in Windows 10. This Fast Startup feature (also called hybrid boot-up / hybrid shutdown) can interfere with product updates and loading of services at boot-up and result in all sorts of odd glitches and unexpected behaviour with both Norton and Malwarebytes on Win 8.x and Win 10 computers. If you've disabled this power option before just confirm that it's still turned off, since Fast Startup can sometimes re-enable itself after a major Windows update.
I've had issues in the past where conflicts between Norton and Malwarebytes Premium v3.x could not be fixed by creating mutual scan exclusions, but the problem would disappear if Malwarebytes' Self Protection module was disabled - see my post # 102 in MadDemon64's Malwarebytes System Tray Icon Missing After Latest Update for one example. Changing the time when Malwarebytes Self Protection started at boot-up (e.g., Settings | Protection | Startup Options | Enable Self-Protection Module Early Start or Settings | Protection | Startup Options | Delay Real-Time Protection When Malwarebytes Starts) helped but didn't completely resolve the issue so I ended up deactivating my MB Premium license on my Vista SP2 / Norton machine and now use MB Free v3.x as an on-demand scanner. However, there are many Win 8.x and Win 10 users who have reported that Malwarebytes Premium conflicts with their antivirus can often be solved by disabling Windows' Fast Startup.
----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security v22.15.2.22 * Malwarebytes Free v3.5.1
Ref: Norton 360 v 22.19.8.65 / MWB Premium v 4.0.4 / Windows 10 - 1909
....On a similar thread, I observed a scary event when I started my PC one day. I noticed that Norton did not appear on the task bar for much longer than I had comfort....When Norton came to the task bar, it was greyed out and the data protection component of Norton was unavailable. ..
Hi AntiCorr3lation:
Just a few thoughts about your observations.
The delayed loading of the Norton icon in the system tray at boot-up [and/or slow change in status colour from grey (unknown) to green (good)] on some systems has been a known issue for several months - see DavidCoffield's October 2019 thread Tick Icon Changed Colour Still Broken as well as Symantec employee Sunil_GA's 22-Nov-2019 comment <here> about the bug fix in the latest Norton v22.19.9.63. The fact that your Norton system tray icon recently started loading correctly at boot-up might have more to do with the recent bug fix, and less to do with any changes you made to your system.
...Thanks for the post about exclusions. When I first installed MWB, I was getting hundreds of "unauthorized access blocked" messages in the logs...
Unauthorized Access Blocked messages are logged in the Norton Product Tamper Protection (NPTP) section of your Norton security history every time any executable (including trusted Windows system files like svchost.exe, dfrgntfs.exe, etc. as well as third-party software like Malwarebytes' MBAMService.exe) attempts to read/write/edit/delete a Norton file. For example, if a Malwarebytes Threat Scan scans nortonsecurity.exe or some other Norton file that is loaded in memory this will cause NPTP to "wake up" and log an Unauthorized Access Blocked message. This NPTP logging is for information only and it's safe to ignore these Unauthorized Access Blocked entries in your security history if you recognize the "Actor" file in the log as a legitimate process. I posted Stop Logging Unauthorized Access Blocked Warnings in Security History in the Product Suggestions board several years ago because so many users incorrectly assume that these "blocks" indicate their system is under attack.
See my post # 9 in Irhere's Norton Blocking a Malwarebytes File! in the Malwarebytes forum for more information. Creating mutual scan exclusions for an "Actor" file like MBAMService.exe should reduce the number of these annoying Unauthorized Access Blocked messages that are logged in the by Norton Product Tamper Protection (NPTP) but mutual scan exclusions likely won't have a significant impact on your system performance unless there is a legitimate conflict with Norton (e.g., your Norton scans are getting stuck or throwing "false positive" detections when scanning Malwarebyte files).
...I found that I needed to delay the MWB startup "self protection" so Windows could take care of housekeeping, like DWM, and especially WMI. My new, fast Dell PC was brought to a halt....
Since you're posting in bjm_'s Announcing Malwarebytes 4.0 for Windows I assume you're aware of known issues with MB v4.0.4 on Win 10 v1909 machines. Affected users are currently testing a beta release of Component Package v1.777 (this package is separate from the main v4.0.4 scan engine and includes real-time modules for Self Protection, Ransomware Protection, Exploit Protection, etc.) but early feedback <here> indicates the proposed bug fix in this beta version didn't solve the problem.
----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security v22.15.2.22 * Malwarebytes Free v3.5.1
You are absolutely right about the exceptions. One look at the history logs made it clear what was going on.I run OSArmor (OSArmordevsvc.exe and ~OSArmordevui.exe) also, along with other tools like ProcExp64, KVRT, Privazer, and a couple of others that I have exclusions for. These are nuisance issues.
My central point was whether or not the protected background processes (real-time in this case) from both MWB and SAV would contravene either or both processes. A potential conclusion would be, should this occur, that one of the platforms has to go.
Indeed, at 4:00 am this morning, I scrubbed MWB off my SSD. I found that I needed to delay the MWB startup "self protection" so Windows could take care of housekeeping, like DWM, and especially WMI. My new, fast Dell PC was brought to a halt. After a few hours with Mark Russinovich's ProcExp64 and ProcMon, while modulating the delay time for MWB protection, I came to the conclusion that MWB needed to be removed, at least to test my hypothesis. What I do know is that MWB v 4.0.4, Win 10 1909, and Symantec 22.19.9.63 are not happy together. Shutting down the offending WIN 10 WMI is not an option.
After removing MWB, my system is glorious and there are no contentions whatsoever with the Win10 mayhem running behind the scenes on my pc.
I started using Norton products in 1992 and have been a loyal customer to this day. I was introduced to MWB maybe 8 years ago when I had something on a pc that Norton could not identify as a problem. Using Ethereal (at the time) I found some strings in captured TCP packets that made me believe I had an infection. Frustrated, I decided to download MWB to see what it would tell me. The fact is that I relied on NAV solely as protection. My confidence up to that point was that NAV would find any issues I may run into. It did not, and MWB did in this case. I have used them in tandem until today.
So the root of my original question was answered early this morning. At least as far as the specific builds of the software. I know that wil either get better or -not-.
I do appreciate every word that was directed toward my question. I thought that I might share my findings with everyone.
When I brought up my OS, I had installed Norton immediatly and verified that it had usurped Win Defender in Settings, which it did. A couple of weeks later I installed MWB premium and have been running it since, with all updates, including beta. MWB has always taken second place
My security settings all point to Norton 360 as appropriate and MWB is turned off under the "Antivirus" heading.
Thanks for the post about exclusions. When I first installed MWB, I was getting hundreds of "unauthorized access blocked" messages in the logs, so intuitively I thought If I verified the MD5 of each file, I would harvest the executable names from the logs and put them aside. Same with OSArmour, which I have used for some time with excellent success. All good.
Thanks again for your time BJM. I always listen to the gurus. The more I learn, the less I know.
