Solved

Need help with antivirus setup

Posted on 2013-11-17
5
582 Views
Last Modified: 2013-11-19
Hi experts,

I have what I consider to be fairly or good antivirus coverage, but I am confused about a few things. I am hoping you can help.

First, I know what when I have come on here asking for help in the past to remove some viruses that got by my A/V software (Trend Micro at the time), I was asked to do a series of maneuvers such as run MBAM, Combofix, etc. So, from that strategy, I tend to assume that you should have an actual "anti-virus program) on your computer such as ESET, Avast, AVG, etc. (I use ESET Nod32 now, which I have found to be the best). And, malware programs such as MBAM, Combofix, SAS, etc. should be used for more targeted things such as looking for a virus or malware if you think you have one that your A/V didn't detect.

In other words, would running MalwareBytes by itself with real time scanning be sufficient? I currently am running ESET with real time scanning and weekly scans (I hear good and bad about scanning) and I have MBAM Pro just running in the background, not doing scans. Supposedly, from what MBAM themselves told me, the pro version has some preventative measure from CryptoLocker.

I also think I want to use the pro version since it is on a commercial network.

Any help would be appreciated. I am very confused.
0
Comment
Question by:Bert2005
  • 2
  • 2
5 Comments
 
LVL 82

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 100 total points
ID: 39655153
First, don't run two real time scanners.  It slows things down and it they decide to double check each other, then they can bring your computer to a halt.

No two programs detect exactly the same things.  ComboFix is not a real time scan and requires you to stop your anti-virus while it is running so it can dig deep into your system to find things that your anti-virus may not be aware of.
0
 
LVL 9

Accepted Solution

by:
tsaico earned 400 total points
ID: 39655175
I found running both Malwarebytes and a low footprint AV runs fine on most rigs.  I have one that is a Pentium 4 Duo with 2 GB of RAM, and it runs Vipre and Malwabytes pro just fine.  I do agree, it doesn't help with performance, but the user tends to be infected a lot, and I found the two work well in my case.  (it is the owner's machine, and good luck telling him he can't do something or go to certain websites).

As far a cryptolocker, I found the easiest and fastest way to fight against that was make a GPO to prevent running exe from the root of the app folder. as outlined here
http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information#enableapp

(there is a ton of info, the GPO stuffis about 2/3 the way down under the section for Software Restriction Policies to block Cryptolocker.

As a side note, I found a good AV like the ones you listed, plus an untangle box filtering everything for you before it gets to the user, I have a lower incidence of malware reports (1 or 2 per 50 users). I am not normally a fan of software firewalls, especially ones that require subscriptions, but there is a free version of untangle that has the basics, and you can build a decent rig to run it for around ~$300, for a basic unit to handle 50 users or less.

http://wiki.untangle.com/index.php/Installation

You do not have to replace any existing firewalls, and just have your DHCP service dish out the LAN IP of the Untangle box as the gateway and you will have decent filtering at the gateway (before it gets into the network) and whatever is at your desktop.
0
 
LVL 1

Author Comment

by:Bert2005
ID: 39655244
Thanks Dave and tsaico,

Wow, that is a tremendous amount of good information. I would have answered immediately, but my job called. So, before I digest all of this great info, we all agree that it is fine to run MBAM next to A/V as long as it is only the A/V that runs real time.

1. When the obvious statement is made for a user to run an A/V program, we are talking something like AVG or Trend Micro and not MBAM? I don't think I would run MBAM by itself.
2. If a program like MBAM is running on your machine next to ESET, and it is set not to scan or do real time scanning, would it still detect a virus?
3. If ESET is running real time scans, is scheduling complete scans beneficial?

OK, no more questions. My main question has been answered which produced some follow-up questions, but it wouldn't be fair nor within the EE rules to just keep asking questions.

Thanks.
0
 
LVL 9

Expert Comment

by:tsaico
ID: 39659942
1. I haven't run AVG or Trend in a long time, so I am not sure what they are like anymore.  If I have the choice, I run Vipre.  But come across Symantec, MSE, and ESET the most.  In all the cases, I have found for the most part, MBAM does not interfere that much with current real time scanner in either modes (on demand or realtime).  It helps when users "white list" or just click ok on any promt they are given.  I do not have a lot of clients that want to buy both, so generally I use the on demand to clean things up.
 
It is not meant to be an AV on it's own, rather a complimentary suite, and generally can be part of a plan.
https://helpdesk.malwarebytes.org/entries/20818081-Does-Malwarebytes-Anti-Malware-replace-antivirus-software-


2. No, it will not.
3. Many people say yes, but I have observed it only seems to hit when I have a client with a pop type account setup on Outlook (or similar) that downloads the attachments. Otherwise, everything seems to get detected upon insertion (whether by USB stick, download)


I think of things like combofix and malwarebytes to be more specific things that are trending, where the AV is the broad blanket.  AV covers you far and wide, but these other apps are focused on specific threats.
0
 
LVL 1

Author Closing Comment

by:Bert2005
ID: 39660310
That is great information. Specific and to the point. Thanks to both of you. And, tsaico, thanks for the in depth answers.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
In every aspect, security is essential for your business, and for that matter you need to always keep an eye on it. The same can be said about your computer network system too. Your computer network is prone to various malware and security threats t…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now