Malwarebytes vs Antivirus

We have Trend Micro in our network. After looking at  sever audit failure logs on windows domain server, we ran scan and couldnt find anything.

After running scan by malwarebytes we found several issues and cleaned up. This appears to have helped with malwarebytes.

Can we do away with Trendmicro and just have malwarebytes or do we need both malwarebytes and trendmicro?
dreamer123456Asked:
Who is Participating?
 
Joseph HornseyConnect With a Mentor President and JanitorCommented:
Generally speaking, it's personal preference for most of us when it comes to which antivirus we use.  We've used McAfee, Norton, Webroot, Trend Micro and ESET.

Right now, we're using ESET and are pretty happy with it because:

A) It's not a cloud solution
B) It's small
C) It's fast
D) It's thorough

I'm not a big believer in using two solutions at once due to potential management headaches, conflicts and performance issues.  That said, you can pretty much trust anything Andrew says, so it's not a knock on his advice.
1
 
Andrew Hancock (VMware vExpert / EE MVE^2)Connect With a Mentor VMware and Virtualization ConsultantCommented:
We always use two trusted vendors for anti-virus and malware.

as an example, we use McAfee, Microsoft System Endpoint and Clyance. https://www.cylance.com
0
 
dreamer123456Author Commented:
I would prefer two vendors as well. Have to be budget conscious though.

I overheard malwarebytes 3 version can used as replacement for antivirus. So trying to gauge if we can replace trendmicro antivirus with malwarebytes to be cost effective.
0
The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

 
Joseph HornseyPresident and JanitorCommented:
Short answer:  Yes.

Long answer:

Figure out which features are important to you.  As a Managed Service Provider, we need server-centric solutions with which we can control deployments, profiles, etc. from a centralized server.  We also want a very small footprint and a lot of flexibility to create exceptions, groups, etc.

Of course, price is an issue as well.

The bottom line is just about any solution you get is going to be fine as long as it hits the price point you need and has the feature set you need.  They're all going to protect you pretty much as well as any other.
1
 
dreamer123456Author Commented:
Dont think Trend micro does malware scan. Malwarebytes did report lot of malware. I guess question would be rephrased. Can malwarebytes do antivirus or is there a good product that does it all?
0
 
Joseph HornseyPresident and JanitorCommented:
Yes, it does.  Take a look at their page.
0
 
JohnConnect With a Mentor Business Consultant (Owner)Commented:
We use corporate Antivirus on all workstations and servers and then Malwarebytes if we need it.

Our individual clients on Windows 10 use Windows Defender and then Malwarebytes if we need it.

Top notch solutions look after both AV and Malware and having Malwarebytes around for a scan in some cases also works well
0
 
Andrew LeniartConnect With a Mentor Senior EditorCommented:
Can we do away with Trendmicro and just have malwarebytes or do we need both malwarebytes and trendmicro?

Only if you want to lower your defences.

Don't fall for the (let's grab more sales) advertising hype that Malwarebytes marketing tried sprouting, claiming that it does away with Antivirus Software - it does not.

Malwarebytes is an excellent product and has been designed to run alongside other Antivirus software for a reason, and it does that quite well. I've been running it alongside other AV products here, and on my client's machines for years.

The short answer to your question is "No"  

Hope that's helpful.

Regards, Andrew
1
 
Blue Street TechConnect With a Mentor Last KnightCommented:
Hi dreamer123456,

In general, antivirus is for pre-care (near real-time protection), and antimalware (like MBAM aka Malwarebytes) is for post-care (after the systems have been infected).

Companies in these segments will try to consume market share by appearing to "do it all" but in reality they are good at one. Anti-spyware companies try to crossover into antivirus and antivirus companies try to crossover into antimalware and vice versa amongst all of them, but a better security strategy is a multi-layered defense amongst different vendors. There is no panacea in security!

Also, it is never advised to run more that one AV on a system simultaneously because of the hooks they creates deep in the OS. Running two or more can cause conflicts and false positives along with performance degradation due to real-time inspections let alone full scans.

Let me know if you have any questions.
0
 
serialbandConnect With a Mentor Commented:
I usually installed a 2nd and 3rd AV on a separate servers to remote scan files, especially on a fileserver.  No single AV catches everything.
0
 
Hello ThereConnect With a Mentor System AdministratorCommented:
We use only one anti-virus solution - Kaspersky (not big fan of two solutions on one device - they might block each other). It has pretty nice detection. But when we see any computer was infected we use Malwarebytes and other tools for sure. It really depends on what we face to. So we use Kaspersky TDSSKiller for removing rootkits, Malwarebytes and HitmanPro for removing malware, AdwCleaner for removing adware.

You can run Malwarebytes along antiviruses (normally it's ok) but I would never run Malwarebytes alone without AV. A good practice is to run Anti-virus, Anti-Malware and Anti-Ransomware.

But whatever solution you choose, you should first test it for potential performance issues etc.
0
 
McKnifeConnect With a Mentor Commented:
If you consider switching to the free malwarebytes version (if it is even allowed for businesses), be aware that it is an on-demand scanner, no on access scanner.
0
 
Lionel MMConnect With a Mentor Small Business IT ConsultantCommented:
malwarebytes used to do just malware scans, now it protects against ransomware, viruses and web exploits so if I was forced to choose between malwarebytes and TrendMicro I would go with paid version of malwarebytes
0
 
bbaoConnect With a Mentor IT ConsultantCommented:
> No single AV catches everything

installing all AV programs together also doesn't mean to catch everything.
0
 
Bryant SchaperConnect With a Mentor Commented:
Most AV solutions are malware solutions anymore, viruses are just a type of malware.  We use Sophos internally and it does a great job of protecting against both.

I prefer to look for solutions that are designed to look for malicious behavior.  Signature based scanning is an old technology, with the even changing threat landscape there are better ways.
0
 
Craig BeckConnect With a Mentor Commented:
Running more than one solution that does the same thing is actually counter-intuitive. It can cause issues, consume resources and provide false-positives.
0
 
serialbandConnect With a Mentor Commented:
You only run one in real-time mode.  You don't install them on the same systems, that would be stupid.  https://www.howtogeek.com/133704/how-to-scan-your-computer-with-multiple-antivirus-programs/  That way you only pay for multiuser, multiplatform licenses for one AV, then pay for a single server license for another AV to scan your other systems when the first one misses something.  If it wasn't a thing that some sysadmins do, then there wouldn't be a tool to manage multi-AV scans.  http://multi-av.thespykiller.co.uk/

The other one(s) are run remotely from a separate server to help detect files when you realize that you may be infected and your default AV dosen't seem to be catching the infection.  Again, it's not installed on the same system, but on separate systems.  It's akin to most people running malware bytes after their regular AV fails to detect malware.  It works works well if your org requires a less than stellar AV as default.  I ran 2 separate AV for scanning the file server at separate times to catch malware on user files that the required corporate AV didn't catch.  I also ran Malware Bytes.  If you believe a single AV is sufficient for your needs, then go ahead and run just the one.

While corporate required AV on all systems including servers, I never needed AV on the servers except for the file and mail servers, where user data transits.  Don't let anyone surf the web on any server and don't let junior admins on them without strict supervision/controls, remove all unnecessary services and firewall everything and your servers can usually survive without AV.  These days many people have VMWare and Veeam.  Recovery should be easy if you're doing proper backups.

I have run multiple AV over the years, and sometimes one company gets the a virus signature ahead of the others.  They all catch the old viruses, it's the newest ones and the 0-days that are worrisome.
0
 
bbaoIT ConsultantCommented:
> I have run multiple AV over the years, and sometimes one company gets the a virus signature ahead of the others.

did you observe how much processor and memory resource was used by the multiple AV and for the AV on the system? did you notice any resource conflicts even dead lock caused the AV packages on the same system? be aware that basically an AV works the exact same way that a virus does, at the same low level in terms of self-protection, resource monitoring and interrupt capturing.
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)Connect With a Mentor VMware and Virtualization ConsultantCommented:
We have Microsoft Security Essentials (Endpoint from SCCM) and Cylance, and notice no ill effects. No performance issues.

We've just replaced McAfee.

The workstations are Core i7, 16GB with SSD - Windows 10 Ent.
0
 
Craig BeckConnect With a Mentor Commented:
Performance will be impacted. Every file, process, etc needs to be inspected twice.
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)Connect With a Mentor VMware and Virtualization ConsultantCommented:
Well our users here are not complaining...about any performance impact or issues, other than Cylance screening and blocking ransomware, worms, trojans, and mining utilities which get missed by Security Essentials, and others because it does not have sigs.

in fact after watching it act on a PC, it seems to operate completely seamlessly, at removing files - very quickly.
0
 
serialbandCommented:
My first lines in the previous comment says:
You only run one in real-time mode.  You don't install them on the same systems, that would be stupid.
I also installed the 2nd one on a separate server for remotely scanning the file server.  You also exclude the other AV during that very first scan.
I've also install malwarebytes and run it with no issues on the systems with AV.  I never had issues with RAM or CPU.  If you are having issue, then you're doing it wrong.
0
 
Craig BeckCommented:
I didn't say I'm having issues, just that it will have an impact on resources.
0
 
Blue Street TechConnect With a Mentor Last KnightCommented:
dreamer123456,

I think it would be great to hear from you otherwise the comments will continue in vein!

Feedback from you is a necessity to make the interaction more beneficial to you!

Aside from Andrew which his security concoction is an exception because he uses non-traditional AV, everyone here has the same consensus that you should not run more than 1 AV on the same machine. Running Malwarebytes and AV simultaneously can work because: they are from different security classes (AV (AntiVirus) vs AM (AntiMalware)), you can also run AS (AntiSpyware) simultaneously with the other two without conflict (assuming their scheduled scans do not overlap). In addition, if you run the Free version of MBAM with your AV...even better because of the difference in hooking the OS. The conflicts aside from scheduled scans has to do with how the security software hooks the OS.

Let us know if you have any further questions!
1
 
Andrew LeniartConnect With a Mentor Senior EditorCommented:
you can also run AS (AntiSpyware) simultaneously with the other two without conflict (assuming their scheduled scans do not overlap)
Excellent summary Blue Street Tech. I've been running Avast, Malwarebytes Premium and SuperAntiSpyware Pro here, with zero ill effects or slow down issues for years! Also on many of my clients machines. I even wrote an article about it a while back. All of them have real-time monitoring enabled. No issues.
1
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Both Security Essentials aka Defender OnAccess and Cylance On-Access working on a 5,700 desktop rollout Windows 10 with no issues!

Other than catching many malware trojans mining apps a day that gets missed!!! By Defender!

I'll let you know about a much larger rollout when completed!
0
 
Blue Street TechLast KnightCommented:
Hi Andrew, I'm not sure if this was directed at me but I added the exception is your security profile because you are using AV + Cybersecurity AI and they are different security classes, which is why they work together very well.

In fact I am fundamentally against AI, but that is where the security industry is headed. Definitions are a backwards methodology for detecting malicious code/applications.
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
AI is the future compared to legacy old AV solutions!
0
 
Bryant SchaperCommented:
definitions are not fool-proof, zero day viruses and malware that dont have a definition/signature need AI/ML to catch the behavior
0
 
Blue Street TechLast KnightCommented:
I believe we are all saying the same thing...but have not heard from the OP except once!
1
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Exactly why the current non-efficient AV cannot deal with many thousand seat installations, and our clients are switching now in droves to Cylance! - AI!

and although SCCM currently in place and Endpoint, that is probably now on borrowed time, but one simple policy change can turn that on or off!
0
 
Bryant SchaperCommented:
I like Cylance.  I prefer single software at the end point then, traffic inspection as it moves through the network, mix and match your firewall vendors if you want, with SSL inspection we see it all, and action accordingly.

In my opinion, if you stick with some quality products, that is half the battle.
0
 
dreamer123456Author Commented:
We have Trendmicro subscription. We just installed Malwarebytes endpoint solution.

We have had several issues due to malwarebytes such as workstations performance being degraded, unable to access shared drives, false positives.

I liked the malwarebytes management console but I will be looking at other solutions at this point.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.