Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Question about antivirus and antimalware setup


  • Please log in to reply
13 replies to this topic

#1 hedera

hedera

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 08 July 2015 - 07:02 PM

I just got my laptop back from a local shop which kindly (for a fee) removed a virus I'd gotten.  I'm pretty paranoid; this is the first real infection I've had in several years.  But the advice i got from them doesn't match the advice I've seen in this forum, and I'd like to run it by the community for opinions.

 

My laptop is a Lenovo T530, Win7 Pro 64bit, 8 GB RAM, 450GB hard drive (7200rpm).  I also have a custom desktop on an ASUS motherboard, with the same security setup, not currently infected.

 

My security setup was (still is on the desktop) Microsoft Security Essentials, plus MalwareBytes Pro running real-time protection.  I also had WinPatrol installed and running, and CCleaner (I thought) installed but not running, although I find that it was running.

 

My local techs chewed me out for too many security programs running at once. Having been infected, I decided to take them seriously and remove CCleaner (which I haven't used since I got WinPatrol, I mainly used it to manage the startup list) and WinPatrol.  I'm having trouble uninstalling WinPatrol, but that's another issue.

 

The techs also said I should not run Malwarebytes full time against MSE.  I have a Malwarebytes Pro license for both the laptop and a desktop, and I run them in real-time protection mode.  Before I set this up I spent a lot of time reading the antivirus and antimalware posts on this site, and I concluded it was OK to run Malwarebytes Pro at the same time I ran MSE.  Has thinking changed on this?  Should I really not run MBAM full time, against a running MSE?  If I want to use it, I have to reinstall it - the techs said the virus "chewed up" Malwarebytes, and I see it has been uninstalled.



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 PM

Posted 08 July 2015 - 07:13 PM

Hi hedera :)

Looks like your local techs are part of the ones that don't know what they're saying. Sorry to be so blunt, but I've seen so many techs like these that I'm not surprised to hear more stories like these anymore. First of all, Microsoft Security Essentials and Malwarebytes are compatible together. If you want to make sure there will be no conflict, you can add Malwarebytes' files to Microsoft Security Essentials exclusion list.

Files to be added:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Windows\System32\drivers\mbam.sys
How to add exclusions to Microsoft Security Essentials: http://answers.microsoft.com/en-us/protect/wiki/mse-protect_scanning/how-to-exclude-a-filefolder-from-microsoft/26f2810a-47fd-40d8-b35e-3740f00fce85

You could also easily whitelist both C:\Program Files (x86)\Malwarebytes Anti-Malware and C:\ProgramData\Malwarebytes Anti-Malware. This being said, WinPatrol is also compatible with that setup, so you are free to reinstall it without any problem. To finish, what web browser are you using? Also, are you using any web extensions with it? If so, which ones? Since the web browser is often the first door used by malware to get in a system, making it as secure as possible is a must.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:30 PM

Posted 08 July 2015 - 07:18 PM

My local techs chewed me out for too many security programs running at once. Having been infected, I decided to take them seriously and remove CCleaner (which I haven't used since I got WinPatrol, I mainly used it to manage the startup list) and WinPatrol. I'm having trouble uninstalling WinPatrol, but that's another issue.

CCleaner is not a security program.

There is no need to uninstall WinPatrol but if you are adamont use the WinPatrol Removal Tool which will remove all files and registry entries created by installing WinPatrol. After running the tool, it will be removed automatically the next time you reboot.

 

The techs also said I should not run Malwarebytes full time against MSE. I have a Malwarebytes Pro license for both the laptop and a desktop, and I run them in real-time protection mode.

That is incorrect. Either these techs do not know what they are talking about or they do not understand show Malwarebytes is designed to work....it is intended to be a supplement to your anti-virus software. Malwarebytes Anti-Malware works well and should run alongside anti-virus software without conflicts. In fact, Malwarebytes has been conducting AV Compatibility Testing for years.

AV-Testing-Report-May-2013-copy.jpg

Conflicts typically occur when installing two anti-virus products but Malwarebytes Anti-Malware is not an anti-virus program.

Does Malwarebytes Anti-Malware replace antivirus software?

Malwarebytes Anti-Malware...is a complementary but essential program which detects and removes zero-day malware and "Malware in the Wild". This includes malicious programs and files, such as virus droppers, worms, trojans, rootkits, dialers, spyware, and rogue applications that many antivirus programs do not detect or cannot fully remove. That being said, there are many infections that Malwarebytes Anti-Malware does not detect or remove which any antivirus software will, such as file infectors. It is important to note that Malwarebytes Anti-Malware works well and should run alongside antivirus software without conflicts. In some rare instances, exclusions may need to be set for your specific antivirus product to achieve the best possible system performance.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 hedera

hedera
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 08 July 2015 - 07:39 PM

Thank you both for confirming what I thought.  I'm actually now rather concerned about WinPatrol because attempts to remove it gave me weird errors about corrupted files.  I'll try the removal tool you mention and see if that helps.  Then I can decide whether to reinstall it.

 

Aura, you asked about my browser - I use FireFox on my desktop and Chrome on my laptop.  My usual extensions on FireFox are LastPass, AdBlock Plus, XMarks bookmark synchronizer, Firebug, Shockwave Flash, and Adobe Acrobat.  I'm doing this on the desktop and don't recall offhand what's on Chrome, except that it does include LastPass, Adblock Plus, and XMarks, and probably Adobe Acrobat.

 

I've worked with these guys before, in fact they built my desktop, which is a solid and stable machine; but their English isn't as good as their technical skill (first language Chinese), I just wasn't up to arguing with them about security software.



#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 PM

Posted 08 July 2015 - 07:41 PM

I would swap Adblock Plus for uBlock (Firefox) and uBlock Origin (Chrome), way more efficient than Adblock Plus. I would also add HTTPS Everywhere, Ghostery and Web of Trust (be sure to read what quietman's will post next about extensions like these, but they can still save you from time to time). Also, I would consider using NoScript in Mozilla Firefox and also add Malwarebytes Anti-Exploit so it can take care of your plugins/extensions and prevent your browsers from being exploited by 0-days.

https://www.malwarebytes.org/antiexploit/

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:30 PM

Posted 08 July 2015 - 07:51 PM

...I'm actually now rather concerned about WinPatrol because attempts to remove it gave me weird errors about corrupted files.  I'll try the removal tool you mention and see if that helps.  Then I can decide whether to reinstall it.

I highly recommend keeping it. I use the PLUS version on all my computers. v33.6.2015.1 was released last month but I encountered an in installation issue with it. I am currently working with Bret Lowry to resolve it.


Notes about Adblock Plus and NoScript:
Google, Amazon, Microsoft pay to get ads past Adblock Plus
Attention NoScript Users - Adblock Plus
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:03:30 AM

Posted 09 July 2015 - 01:58 AM

For what it's worth, uBlock Origin is also available for Firefox.

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:30 PM

Posted 09 July 2015 - 05:01 AM

uBlock vs. uBlock Origin: what's the difference?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 PM

Posted 09 July 2015 - 05:17 AM

Oh I didn't know that the Origin fork was on Firefox now. If so, I would go with it instead.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:30 PM

Posted 09 July 2015 - 05:20 AM

 

the uBlock development team only supports uBlock, not uBlock Origin. Thus, uBlock Origin-specific issues are under gorhill's control


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 hedera

hedera
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 09 July 2015 - 01:39 PM

I have a question about HTTPS Everywhere.  I've installed it on Chrome but it doesn't seem to be available for FireFox.  If it isn't there, what is the best alternative?  The top item in the search list is HTTP Nowhere, which doesn't sound like what I want.  I'm running FireFox 39 and I see this review:

 

'HTTP Nowhere' were linemen for their quarterback, 'HTTPS Everywhere'. As of Firefox 35, This add-on no longer installs.

 

Is HTTP Nowhere really my only option for Firefox 39?



#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 PM

Posted 09 July 2015 - 01:41 PM

This is where you download HTTPS Everywhere from.

https://www.eff.org/Https-everywhere

The first link for Firefox is the most recent version.

https://www.eff.org/files/https-everywhere-5.0.5.xpi

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 hedera

hedera
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 09 July 2015 - 02:46 PM

Thanks very much; installed.



#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 PM

Posted 09 July 2015 - 02:48 PM

No problem, you're welcome :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users