Need help with antivirus setup

Hi experts,

I have what I consider to be fairly or good antivirus coverage, but I am confused about a few things. I am hoping you can help.

First, I know what when I have come on here asking for help in the past to remove some viruses that got by my A/V software (Trend Micro at the time), I was asked to do a series of maneuvers such as run MBAM, Combofix, etc. So, from that strategy, I tend to assume that you should have an actual "anti-virus program) on your computer such as ESET, Avast, AVG, etc. (I use ESET Nod32 now, which I have found to be the best). And, malware programs such as MBAM, Combofix, SAS, etc. should be used for more targeted things such as looking for a virus or malware if you think you have one that your A/V didn't detect.

In other words, would running MalwareBytes by itself with real time scanning be sufficient? I currently am running ESET with real time scanning and weekly scans (I hear good and bad about scanning) and I have MBAM Pro just running in the background, not doing scans. Supposedly, from what MBAM themselves told me, the pro version has some preventative measure from CryptoLocker.

I also think I want to use the pro version since it is on a commercial network.

Any help would be appreciated. I am very confused.
Who is Participating?
I found running both Malwarebytes and a low footprint AV runs fine on most rigs.  I have one that is a Pentium 4 Duo with 2 GB of RAM, and it runs Vipre and Malwabytes pro just fine.  I do agree, it doesn't help with performance, but the user tends to be infected a lot, and I found the two work well in my case.  (it is the owner's machine, and good luck telling him he can't do something or go to certain websites).

As far a cryptolocker, I found the easiest and fastest way to fight against that was make a GPO to prevent running exe from the root of the app folder. as outlined here

(there is a ton of info, the GPO stuffis about 2/3 the way down under the section for Software Restriction Policies to block Cryptolocker.

As a side note, I found a good AV like the ones you listed, plus an untangle box filtering everything for you before it gets to the user, I have a lower incidence of malware reports (1 or 2 per 50 users). I am not normally a fan of software firewalls, especially ones that require subscriptions, but there is a free version of untangle that has the basics, and you can build a decent rig to run it for around ~$300, for a basic unit to handle 50 users or less.

You do not have to replace any existing firewalls, and just have your DHCP service dish out the LAN IP of the Untangle box as the gateway and you will have decent filtering at the gateway (before it gets into the network) and whatever is at your desktop.
Dave BaldwinFixer of ProblemsCommented:
First, don't run two real time scanners.  It slows things down and it they decide to double check each other, then they can bring your computer to a halt.

No two programs detect exactly the same things.  ComboFix is not a real time scan and requires you to stop your anti-virus while it is running so it can dig deep into your system to find things that your anti-virus may not be aware of.
Bert2005Author Commented:
Thanks Dave and tsaico,

Wow, that is a tremendous amount of good information. I would have answered immediately, but my job called. So, before I digest all of this great info, we all agree that it is fine to run MBAM next to A/V as long as it is only the A/V that runs real time.

1. When the obvious statement is made for a user to run an A/V program, we are talking something like AVG or Trend Micro and not MBAM? I don't think I would run MBAM by itself.
2. If a program like MBAM is running on your machine next to ESET, and it is set not to scan or do real time scanning, would it still detect a virus?
3. If ESET is running real time scans, is scheduling complete scans beneficial?

OK, no more questions. My main question has been answered which produced some follow-up questions, but it wouldn't be fair nor within the EE rules to just keep asking questions.

1. I haven't run AVG or Trend in a long time, so I am not sure what they are like anymore.  If I have the choice, I run Vipre.  But come across Symantec, MSE, and ESET the most.  In all the cases, I have found for the most part, MBAM does not interfere that much with current real time scanner in either modes (on demand or realtime).  It helps when users "white list" or just click ok on any promt they are given.  I do not have a lot of clients that want to buy both, so generally I use the on demand to clean things up.
It is not meant to be an AV on it's own, rather a complimentary suite, and generally can be part of a plan.

2. No, it will not.
3. Many people say yes, but I have observed it only seems to hit when I have a client with a pop type account setup on Outlook (or similar) that downloads the attachments. Otherwise, everything seems to get detected upon insertion (whether by USB stick, download)

I think of things like combofix and malwarebytes to be more specific things that are trending, where the AV is the broad blanket.  AV covers you far and wide, but these other apps are focused on specific threats.
Bert2005Author Commented:
That is great information. Specific and to the point. Thanks to both of you. And, tsaico, thanks for the in depth answers.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.