McAfee Total Protection & Windows Defender

[LevelBest]

Is anyone successfully running McAfee (or another AV) and Windows Defender at the same time?

 

[UsernameIssues]

If the installation process for an AV app turns off (disables) Windows Defender, the you should not try to run Windows Defender with that particular AV app. There are a few AV apps that leave Windows Defender enabled.

I would suggest uninstalling McAfee Total Protection and using Microsoft Security Essentials or Panda. McAfee does not have a good reputation in these forums.

 

[ThrashZone]

Hi,
Mcafee only has a good reputation on it's own support forum

 

[LevelBest]

Yes I gathered that McAfee doesn't enjoy a good reputation on this forum. I've had McAfee for five years as it comes with PlusNet. It has let me down, the once with a virus but I now have MalwareBytes downloaded as an extra as most AV companies say that no one AV does it all.

I was toying with the idea of changing at some point but not sure what to go with. The only one that seems attractive to me is to buy the full version of MalwareBytes. Does anyone have that as their only AV (full, purchased premium version)?

LevelBest

 

[UsernameIssues]

Antivirus apps bury themselves deep in the operating system to be able to detect & suspend suspicious processes. Malwarebytes is not an antivirus app. That said, there are people that only use Malwarebytes. They have no antivirus app installed. The folks at Malwarebytes suggest that you use an antivirus app too.

https://support.malwarebytes.com/cu...malware-replace-antivirus-software-?b_id=6438

...there are many infections that Malwarebytes Anti-Malware does not detect or remove which any antivirus software will, such as file infectors.

McAfee is "free" via several ISPs. Such "give aways" probably make up the majority of McAfee's install base. McAfee does not play well with others. You can read about LSP issues on several software vendor's websites. Here is but one. [MSE has not caused LSP problems for years now.] You got lucky and did not have any software conflicts or BSOD due to McAfee.

Maybe someone will post some install and setup tips for Panda.
Stuff like...
...no need to enter your e-mail address
...how to turn off adverts.
I've not played with Panda for months now.

If you opt for MSE, you will need Malwarebytes to catch the PUPs (Potentially Unwanted Programs) that MSE just does not bother with.

 

[ThrashZone]

Hi,
Yes most of us use mbam premium although most of use were grandfathered from mbam pro which was a one time purchase so most do not pay monthly or yearly dues.
But it is highly recommended to have.

Just because a isp offers free av does not mean anyone should use it

Panda free is what I've been using and it's very good
On the install it does offer some crapware like Yahoo.... and Panda security toolbar which I unchecked all of that stuff.

 

[LMiller7]

Using more than one AV product at the same time is NOT recommended. The results of doing this are unpredictable but may include having less protection that you would with either product.

AV products are not normal applications. To do their job they must integrate themselves into the OS in ways considered unacceptable for normal applications. AV products are not designed to coexist with each other and things get very messy when they do. Best to avoid the situation entirely.

Windows defender has some advantages in that it's developers tend to know the OS better and have access to internal documentation that third party developers do not.

 

[Layback Bear]

It's been posted but I think it needs posted again.

**Malwarebytes Anti Malware in NOT a anti virus program. It is as the name implies, a anti malware program.

I believe like the people that made Malwarebytes, it should be used with a anti virus program.

What one uses for a anti virus program is up to the owner of the computer.
Personally for me McAfee would never be on the list of anti virus programs to even try. The problems McAfee has had for years is all the proof I need to stay away from it.

What I use active on my computers and that has worked very well for many years is:

1. Microsoft Security Essentials (MSE)

2. Malwarebytes Anti Malware Premium.

I use several on demand security programs when I think it is or might be necessary.

 

[znop01]

I use McAfee Enterprise 8.7.0i and the Avast online Security (Google Chrome plugin/exstention) -- And, haven't had a virus, malware, trojan, worm, nor spyware attack -- they all get caught. Updating to version 8.8 tonight

 

[UsernameIssues]

I use McAfee Enterprise 8.7.0i and the Avast online Security (Google Chrome plugin/exstention) -- And, haven't had a virus, malware, trojan, worm, nor spyware attack -- they all get caught. Updating to version 8.8 tonight

How could you know that "they all get caught"? Security apps are not going to alert you to unknown items/actions. McAfee's heuristics are not that good. Unknown things don't get caught: https://community.mcafee.com/thread/87570?start=0&tstart=0 The same can be said for Symantec Endpoint Protection (which I'm stuck with at work).

At least Chrome is improving:
Pwn2Own 2015: The year every web browser went down | ZDNet
Pwn2Own 2016: Chrome, Edge, and Safari hacked, $460,000 awarded in total | VentureBeat | Security | by Emil Protalinski

 

[znop01]

I use McAfee Enterprise 8.7.0i and the Avast online Security (Google Chrome plugin/exstention) -- And, haven't had a virus, malware, trojan, worm, nor spyware attack -- they all get caught. Updating to version 8.8 tonight

How could you know that "they all get caught"? Security apps are not going to alert you to unknown items/actions. McAfee's heuristics are not that good. Unknown things don't get caught: https://community.mcafee.com/thread/87570?start=0&tstart=0 The same can be said for Symantec Endpoint Protection (which I'm stuck with at work).

At least Chrome is improving:
Pwn2Own 2015: The year every web browser went down | ZDNet
Pwn2Own 2016: Chrome, Edge, and Safari hacked, $460,000 awarded in total | VentureBeat | Security | by Emil Protalinski

Perhaps, I should have said -- all attacks so far have been caught...

 

[UsernameIssues]

I use McAfee Enterprise 8.7.0i and the Avast online Security (Google Chrome plugin/exstention) -- And, haven't had a virus, malware, trojan, worm, nor spyware attack -- they all get caught. Updating to version 8.8 tonight

How could you know that "they all get caught"? Security apps are not going to alert you to unknown items/actions. McAfee's heuristics are not that good. Unknown things don't get caught: https://community.mcafee.com/thread/87570?start=0&tstart=0 The same can be said for Symantec Endpoint Protection (which I'm stuck with at work).

At least Chrome is improving:
Pwn2Own 2015: The year every web browser went down | ZDNet
Pwn2Own 2016: Chrome, Edge, and Safari hacked, $460,000 awarded in total | VentureBeat | Security | by Emil Protalinski

Perhaps, I should have said -- all attacks so far have been caught...

I'm not trying to pick at your wording as much as I'm attempting to change your mindset. Your computer could have several infections right now and you might never know about them. Some infections have gone undetected for years. You just cannot say with certainty that all infections/attacks ("so far" or otherwise) are being detected/prevented.

From here:

Harbour and two colleagues from security consulting firm Mandiant were one of four teams to enter Defcon’s controversial “Race to Zero” virus-writing contest. His team, the “chicagostreetsweepers,” finished in six hours and picked up first-place honors.

~~~

Defcon said it notified the two largest anti-virus software providers, McAfee and Symantec, about “Race to Zero,” but the companies declined to participate.

I realize that the article quoted above is from 2008. Things have probably gotten worse since then. The contestants are not creating a new virus, they modify an existing/known/detectable virus so that it is no longer detectable by signature or heuristics.


From here:

More than 317 million new pieces of malware -- computer viruses or other malicious software -- were created last year. That means nearly one million new threats were released each day.

The author of that article has the same flawed mindset. The quote above should read:

More than 317 million new pieces of malware -- computer viruses or other malicious software -- were detected last year. That means nearly one million new threats were released each day.

We have no way of knowing how many pieces of malware were created that went undetected.


You might not want to do certain tasks online (e.g. banking).

 

[Callender]

Interesting recent test by VoodooShield developer - execution of malware samples and detection rates by top AV's including Norton, Avast & McAfee that have been mentioned in this thread. It's a long video but you can skip sections to see each AV in action.

 

[UsernameIssues]

White listing (done well) is probably the best protection. The "Race 2 Zero" contest is sponsored by a company that makes a security app that uses White Listing. None of the malware that the contestants created got thru the sponsor's security app. VoodooShield's claim to fame is the auto mode (so that the user does not have to authorize each app in the white list).

VoodooShield is an excellent app; however, some comments about that video:
The video is probably a great marketing tool. I wonder if VoodooShield's marketing department requested the test and the video or if the developers came up with the test method all by themselves.

They make this statement, "once a single line of malicious code is allowed to run... all bets are off". Many of those 1000 files that they ran, probably never executed a single line of malicious code. The antivirus apps being tested opted not to flag the installer of the malware. We don't know if the antivirus apps would have stopped* each piece of malware once it was extracted from the installers.

*stopped before "a single line of malicious code is allowed to run".

It is unfair of VoodooShield to make this statement, "We figured 5 months was enough time for leading Antivirus software to sufficiently detect these known threats." The testing shown does not indicate that the Antivirus software involved was not going to deal with the infection once it was unpacked from the installer (before "a single line of malicious code is allowed to run"). The testing simply shows that the Antivirus software being tested does not handle the installers in a way that VoodooShield would.


For the "non-installer files" that ran, but threw an error due to some missing file (presumably quarantined by the Antivirus software being tested): there was no analysis to determine if any harm was done. e.g. was a single line of malicious code allowed to run?

VoodooShield seems to consider allowing a bad file to be written to the hard drive as a failure - even if the bad file never executed. That said, there were clearly some files that ran unabated. We just don't know how many or how damaging (if at all) they were.


Caveats to the info above:
I mainly focused on what I saw as the flawed handling of installers in the testing. Some of the infections being run in that video were not installers. The exe being run was the malicious app itself. There will be malware that some Antivirus software will intentionally not flag as malware. It is a subjective call as to what constitutes a malicious file or action. You will never get all of the Antivirus companies to agree on just what constitutes a malicious file or action. For example, I have multiple key loggers installed on this work laptop. Some Antivirus apps have quarantined some of them. Others recognize them as non-malicious.

I know that an "installation screen" that is waiting for Next to be clicked might be a ruse. The installer might very well be doing malicious things without the need for user input. Without a careful analysis of the impact of running each of those 1000 apps, they really should not claim a level of failure on the part of any Antivirus software.

 

[Callender]

Hi UsernameIssues - all the points you make are valid. However Voodooshield is designed not to let any new (to the machine) executables run without the user's say so once the files have been analysed for safety. It might well block installers that are harmless unless the user doesn't pay attention to installation options.

The installer might very well be doing malicious things without the need for user input. Without a careful analysis of the impact of running each of those 1000 apps, they really should not claim a level of failure on the part of any Antivirus software.

Good point!

Personally I've been using whitelisting software for more than two years.

Autopilot Mode is going to block anything considered unsafe by the app. Personally I prefer "Smart Mode" where I get to make the decisions.