Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Avast + MSE Threat Alerts

23 Oct 2010   #21
Microsoft MVP

Vista, Windows7, Mint Mate, Zorin, Windows 8

Quote   Quote: Originally Posted by blue skies View Post
Quote   Quote: Originally Posted by marsmimar View Post
I also considered that maybe MSE is just faster than Avast in detecting threats so it's the first to sound the alarm so to speak.
I used to have Avast and after switching to MSE (which I much prefer) I was shocked at how much faster MSE scans files compared to Avast. Maybe it really is just finding the virus and quarantining it before Avast has a chance.
I think that's it. MSE quarantines the bugger and Avast never sees it.

My System SpecsSystem Spec
18 Jan 2011   #22

Win 10 Pro x64, Win 7 Pro x64

Originally Posted by Didier Stevens @Bleepingcomputer: 2 Real time AV's-- Yes or No? (I say NO)

Modern AV use specific API functions provided by modern OSs to intercept the datastream they need to scan. For example, to perform on-access-scans of the file system, AVs install a File System Filter. Several File System Filters can be installed at once. The OS knows about these filters and manages them, there are no "hooking" conflicts.
I explained this in more detail in this blogpost: Malicious Cryptography « Didier Stevens

File System Filters have an "altitude", this essentially dictates which filter gets the data first as it goes up and down the driver stack. So if you install 2 AVs that use a File System Filter, they will work together without problem. However, because of the difference in altitude (Microsoft assigns altitudes upon request by the developers), one of the filters will see the data first and thus act first (for example delete the virus). The other filter, which comes second, will not see the data in that case. But if the first filter misses a virus (e.g. because it is not in its signature database), the second filter will see it and can act.

There are other ways modern AV products use to perform on-access-scan. For example, many AVs will scan VBScript and JavaScript scripts prior to execution. I explained in this blogpost how they do this:
Quickpost: Scanning Scripts « Didier Stevens
This system too can work fine with 2 AVs, but again, one of the proxies will be the first.
From experience, I know AV vendors are very careful in the design of their installation products. They usually manage installing the filters I describe above without conflicts. But it is true that the uninstaller is sometimes less well designed. I can see, for example, how sloppy uninstallment of the script-scan component would break the chain and disable scripting altogether.

From a performance point of view, if you have a modern multi-processor/multi-core machine, running 2 AVs will not significantly slow down your machine (assuming there are no conflicts).

One reason not to install 2 AVs, is that they might generate false positives on each others artifacts. For example, AV 1 might erroneously detect a virus, while what it is actually seeing is not a real virus, but the file with the signature database of the AV 2. Or AV 2 might have quarantined a file, and AV 1 picks up on this quarantined file. This is not a real false positive, but it's neither a real true positive... You don't need to be alerted twice about the same file.

Another reason against running 2 AVs is vendor support. Most vendors will not provide you with support if you are running their product concurrently with another AV product.
Seems to me that running these two together likely won't hinder a system with ample resources, but with barely negligible added protection. Do as you like, but I'm opting toward adding MBAM's real-time protection, which is designed and intended to to be a supplement, rather than a second AV scanning the same streams, in an ASSIGNED order, rendering the AV second in the altitude order virtually dormant .

But then again, I always tend to keep it simple.
My System SpecsSystem Spec
18 Jan 2011   #23

Windows 7 Ultimate x64

Avast and MSE are exceptions to that rule. Both are designed to team up and work well with each other.
My System SpecsSystem Spec

19 Jan 2011   #24
the dummy

7 premium 64

My System SpecsSystem Spec

 Avast + MSE Threat Alerts

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar help and support threads
Thread Forum
AVAST continuously alerts LNK:Runner threat has been detected
Hello, I am using a Dell Studio laptop with windows 7 (32 bit) installed. Recently I just plugged in one of my friend's virus infected USB drive. I have been asked to format the USB drive. Then, even after formatting the USB drive, the AVAST anti virus in my computer continuously alters with a...
System Security
These 'warning/Alerts' sounds
I'm getting these alert sounds too regularly. The sys.tray shows no problems. How do i track down the troublemaker? Can I adjust in control panel?
General Discussion
MSE detects a threat in Avast folder!
Hi everyone, I currently use 3 free security programs : Avast 6, Microsoft security essentials and Malwarebytes. I just ran a quick computer scan with Avast and just when the scan completed I got an alert from microsoft security essentials : Does this mean that there's a virus located in...
System Security
Outlook Alerts not Working...
Hey all, First, thanks for creating such a great forum. I'm a recovering OSX user who has switched back to Windows. I'm running Office 2010 on Windows 7 and my alerts aren't appearing when i receive new mail. No pop-up, no sound. Even though i have both options selected. Any idea why...
Microsoft Office
Windows Live Alerts
How do I unsubscribe from the items listed on this page: Welcome to Windows Live . I can turn the the notifications "off", but I also want to "unsubscribe". I clicked the "unsubscribe" buttons but they don't seem to do anything but take me to a new page with no unsubscribe option. After further...
Browsers & Mail
Can I use Avast with Norton 2010?Is Avast is light AV?
I m using Norton 2010 but thinking to take Extra security. So should i use Avast with it or MSE ???? Which one will be lighter & better ???????
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 15:09.

Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App