Malwarebytes vs Antivirus

We have Trend Micro in our network. After looking at  sever audit failure logs on windows domain server, we ran scan and couldnt find anything.

After running scan by malwarebytes we found several issues and cleaned up. This appears to have helped with malwarebytes.

Can we do away with Trendmicro and just have malwarebytes or do we need both malwarebytes and trendmicro?
dreamer123456Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
We always use two trusted vendors for anti-virus and malware.

as an example, we use McAfee, Microsoft System Endpoint and Clyance. https://www.cylance.com
0
Joseph HornseyPresident and JanitorCommented:
Generally speaking, it's personal preference for most of us when it comes to which antivirus we use.  We've used McAfee, Norton, Webroot, Trend Micro and ESET.

Right now, we're using ESET and are pretty happy with it because:

A) It's not a cloud solution
B) It's small
C) It's fast
D) It's thorough

I'm not a big believer in using two solutions at once due to potential management headaches, conflicts and performance issues.  That said, you can pretty much trust anything Andrew says, so it's not a knock on his advice.
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dreamer123456Author Commented:
I would prefer two vendors as well. Have to be budget conscious though.

I overheard malwarebytes 3 version can used as replacement for antivirus. So trying to gauge if we can replace trendmicro antivirus with malwarebytes to be cost effective.
0
Discover the Answer to Productive IT

Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.

Joseph HornseyPresident and JanitorCommented:
Short answer:  Yes.

Long answer:

Figure out which features are important to you.  As a Managed Service Provider, we need server-centric solutions with which we can control deployments, profiles, etc. from a centralized server.  We also want a very small footprint and a lot of flexibility to create exceptions, groups, etc.

Of course, price is an issue as well.

The bottom line is just about any solution you get is going to be fine as long as it hits the price point you need and has the feature set you need.  They're all going to protect you pretty much as well as any other.
1
dreamer123456Author Commented:
Dont think Trend micro does malware scan. Malwarebytes did report lot of malware. I guess question would be rephrased. Can malwarebytes do antivirus or is there a good product that does it all?
0
Joseph HornseyPresident and JanitorCommented:
Yes, it does.  Take a look at their page.
0
JohnBusiness Consultant (Owner)Commented:
We use corporate Antivirus on all workstations and servers and then Malwarebytes if we need it.

Our individual clients on Windows 10 use Windows Defender and then Malwarebytes if we need it.

Top notch solutions look after both AV and Malware and having Malwarebytes around for a scan in some cases also works well
0
Andrew LeniartSenior EditorCommented:
Can we do away with Trendmicro and just have malwarebytes or do we need both malwarebytes and trendmicro?

Only if you want to lower your defences.

Don't fall for the (let's grab more sales) advertising hype that Malwarebytes marketing tried sprouting, claiming that it does away with Antivirus Software - it does not.

Malwarebytes is an excellent product and has been designed to run alongside other Antivirus software for a reason, and it does that quite well. I've been running it alongside other AV products here, and on my client's machines for years.

The short answer to your question is "No"  

Hope that's helpful.

Regards, Andrew
1
Blue Street TechLast KnightCommented:
Hi dreamer123456,

In general, antivirus is for pre-care (near real-time protection), and antimalware (like MBAM aka Malwarebytes) is for post-care (after the systems have been infected).

Companies in these segments will try to consume market share by appearing to "do it all" but in reality they are good at one. Anti-spyware companies try to crossover into antivirus and antivirus companies try to crossover into antimalware and vice versa amongst all of them, but a better security strategy is a multi-layered defense amongst different vendors. There is no panacea in security!

Also, it is never advised to run more that one AV on a system simultaneously because of the hooks they creates deep in the OS. Running two or more can cause conflicts and false positives along with performance degradation due to real-time inspections let alone full scans.

Let me know if you have any questions.
0
serialbandCommented:
I usually installed a 2nd and 3rd AV on a separate servers to remote scan files, especially on a fileserver.  No single AV catches everything.
0
Hello ThereSystem AdministratorCommented:
We use only one anti-virus solution - Kaspersky (not big fan of two solutions on one device - they might block each other). It has pretty nice detection. But when we see any computer was infected we use Malwarebytes and other tools for sure. It really depends on what we face to. So we use Kaspersky TDSSKiller for removing rootkits, Malwarebytes and HitmanPro for removing malware, AdwCleaner for removing adware.

You can run Malwarebytes along antiviruses (normally it's ok) but I would never run Malwarebytes alone without AV. A good practice is to run Anti-virus, Anti-Malware and Anti-Ransomware.

But whatever solution you choose, you should first test it for potential performance issues etc.
0
McKnifeCommented:
If you consider switching to the free malwarebytes version (if it is even allowed for businesses), be aware that it is an on-demand scanner, no on access scanner.
0
Lionel MMSmall Business IT ConsultantCommented:
malwarebytes used to do just malware scans, now it protects against ransomware, viruses and web exploits so if I was forced to choose between malwarebytes and TrendMicro I would go with paid version of malwarebytes
0
bbaoIT ConsultantCommented:
> No single AV catches everything

installing all AV programs together also doesn't mean to catch everything.
0
Bryant SchaperCommented:
Most AV solutions are malware solutions anymore, viruses are just a type of malware.  We use Sophos internally and it does a great job of protecting against both.

I prefer to look for solutions that are designed to look for malicious behavior.  Signature based scanning is an old technology, with the even changing threat landscape there are better ways.
0
Craig BeckCommented:
Running more than one solution that does the same thing is actually counter-intuitive. It can cause issues, consume resources and provide false-positives.
0
serialbandCommented:
You only run one in real-time mode.  You don't install them on the same systems, that would be stupid.  https://www.howtogeek.com/133704/how-to-scan-your-computer-with-multiple-antivirus-programs/  That way you only pay for multiuser, multiplatform licenses for one AV, then pay for a single server license for another AV to scan your other systems when the first one misses something.  If it wasn't a thing that some sysadmins do, then there wouldn't be a tool to manage multi-AV scans.  http://multi-av.thespykiller.co.uk/

The other one(s) are run remotely from a separate server to help detect files when you realize that you may be infected and your default AV dosen't seem to be catching the infection.  Again, it's not installed on the same system, but on separate systems.  It's akin to most people running malware bytes after their regular AV fails to detect malware.  It works works well if your org requires a less than stellar AV as default.  I ran 2 separate AV for scanning the file server at separate times to catch malware on user files that the required corporate AV didn't catch.  I also ran Malware Bytes.  If you believe a single AV is sufficient for your needs, then go ahead and run just the one.

While corporate required AV on all systems including servers, I never needed AV on the servers except for the file and mail servers, where user data transits.  Don't let anyone surf the web on any server and don't let junior admins on them without strict supervision/controls, remove all unnecessary services and firewall everything and your servers can usually survive without AV.  These days many people have VMWare and Veeam.  Recovery should be easy if you're doing proper backups.

I have run multiple AV over the years, and sometimes one company gets the a virus signature ahead of the others.  They all catch the old viruses, it's the newest ones and the 0-days that are worrisome.
0
bbaoIT ConsultantCommented:
> I have run multiple AV over the years, and sometimes one company gets the a virus signature ahead of the others.

did you observe how much processor and memory resource was used by the multiple AV and for the AV on the system? did you notice any resource conflicts even dead lock caused the AV packages on the same system? be aware that basically an AV works the exact same way that a virus does, at the same low level in terms of self-protection, resource monitoring and interrupt capturing.
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
We have Microsoft Security Essentials (Endpoint from SCCM) and Cylance, and notice no ill effects. No performance issues.

We've just replaced McAfee.

The workstations are Core i7, 16GB with SSD - Windows 10 Ent.
0
Craig BeckCommented:
Performance will be impacted. Every file, process, etc needs to be inspected twice.
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Well our users here are not complaining...about any performance impact or issues, other than Cylance screening and blocking ransomware, worms, trojans, and mining utilities which get missed by Security Essentials, and others because it does not have sigs.

in fact after watching it act on a PC, it seems to operate completely seamlessly, at removing files - very quickly.
0
serialbandCommented:
My first lines in the previous comment says:
You only run one in real-time mode.  You don't install them on the same systems, that would be stupid.
I also installed the 2nd one on a separate server for remotely scanning the file server.  You also exclude the other AV during that very first scan.
I've also install malwarebytes and run it with no issues on the systems with AV.  I never had issues with RAM or CPU.  If you are having issue, then you're doing it wrong.
0
Craig BeckCommented:
I didn't say I'm having issues, just that it will have an impact on resources.
0
Blue Street TechLast KnightCommented:
dreamer123456,

I think it would be great to hear from you otherwise the comments will continue in vein!

Feedback from you is a necessity to make the interaction more beneficial to you!

Aside from Andrew which his security concoction is an exception because he uses non-traditional AV, everyone here has the same consensus that you should not run more than 1 AV on the same machine. Running Malwarebytes and AV simultaneously can work because: they are from different security classes (AV (AntiVirus) vs AM (AntiMalware)), you can also run AS (AntiSpyware) simultaneously with the other two without conflict (assuming their scheduled scans do not overlap). In addition, if you run the Free version of MBAM with your AV...even better because of the difference in hooking the OS. The conflicts aside from scheduled scans has to do with how the security software hooks the OS.

Let us know if you have any further questions!
1
Andrew LeniartSenior EditorCommented:
you can also run AS (AntiSpyware) simultaneously with the other two without conflict (assuming their scheduled scans do not overlap)
Excellent summary Blue Street Tech. I've been running Avast, Malwarebytes Premium and SuperAntiSpyware Pro here, with zero ill effects or slow down issues for years! Also on many of my clients machines. I even wrote an article about it a while back. All of them have real-time monitoring enabled. No issues.
1
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Both Security Essentials aka Defender OnAccess and Cylance On-Access working on a 5,700 desktop rollout Windows 10 with no issues!

Other than catching many malware trojans mining apps a day that gets missed!!! By Defender!

I'll let you know about a much larger rollout when completed!
0
Blue Street TechLast KnightCommented:
Hi Andrew, I'm not sure if this was directed at me but I added the exception is your security profile because you are using AV + Cybersecurity AI and they are different security classes, which is why they work together very well.

In fact I am fundamentally against AI, but that is where the security industry is headed. Definitions are a backwards methodology for detecting malicious code/applications.
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
AI is the future compared to legacy old AV solutions!
0
Bryant SchaperCommented:
definitions are not fool-proof, zero day viruses and malware that dont have a definition/signature need AI/ML to catch the behavior
0
Blue Street TechLast KnightCommented:
I believe we are all saying the same thing...but have not heard from the OP except once!
1
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Exactly why the current non-efficient AV cannot deal with many thousand seat installations, and our clients are switching now in droves to Cylance! - AI!

and although SCCM currently in place and Endpoint, that is probably now on borrowed time, but one simple policy change can turn that on or off!
0
Bryant SchaperCommented:
I like Cylance.  I prefer single software at the end point then, traffic inspection as it moves through the network, mix and match your firewall vendors if you want, with SSL inspection we see it all, and action accordingly.

In my opinion, if you stick with some quality products, that is half the battle.
0
dreamer123456Author Commented:
We have Trendmicro subscription. We just installed Malwarebytes endpoint solution.

We have had several issues due to malwarebytes such as workstations performance being degraded, unable to access shared drives, false positives.

I liked the malwarebytes management console but I will be looking at other solutions at this point.
1
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.