Interaction problems between F-Secure and Malwarebytes, with solutions

I will share some recent experiences I had with W-7 64-bit PCs running Microsoft Security Essentials and MBAM Pro, F-Secure Anti-Virus and MBAM Pro, and F-Secure Internet Security and MBAM Pro.  All systems were configured with the following optional MBAM Advanced Settings selected:
 - Enable self-protection module
 - Enable self-protection early start

 - hourly update

 

A system with MSE/MBAM booted.  I manually updated MBAM.  Then I manually updated MSE before MBAM finished.  As many of you know, MBAM displays a message "Not Responding" while it is updating.  They have a great malware removal system, but the worst update process.  In this case, MSE complained, something about that it could not reach the Internet.  Task Manager showed a CPU in the 20-30% range.  After a reboot, everything was fine.

 

Systems running AV/MBAM worked fine with the aforementioned settings.  However, all of these PCs were recently upgraded to IS.

 

A system with IS/MBAM booted.  I started IE11, but the webpage only half-finished displaying.  Action Center told me I had no anti-virus at all.  I double-clicked the F-Secure icon, but nothing happened.  I opened Control Panel and tried to uninstall IS from "Uninstall or change a program," thinking that the last F-Secure update was poisoned (vendors do this from time to time), but nothing happened (literally, nothing happened after I clicked on Uninstall).  I rebooted and this time the system was normal.

 

Also, something which annoyed me on IS/MBAM PCs is that the cursor would change to the circular cursor every hour or so, signifying that the system is being maxed-out in some respect.

 

My opinion is that MBAM monopolizes network resources and this confuses the additional processes IS has over AV.  I think it is a bad sign that MSE, a Microsoft product which normally operates without a hiccup, has problems with MBAM (too bad MSE has such terrible protection).

 

I changed all MBAM settings as follows to try to ensure that anti-virus and MBAM are not starting and/or updating at the same time:
 - deselect "Enable self-protection module"
 - deselect "Enable self-protection early start"
 - select "Delay Protection at startup for 60 seconds

 

I changed the MBAM update schedule to only run once per day around noon.  I changed the threat scan schedule to run once per day (including an update) near the end of the day.  This insures that MBAM receives three updates per day -- startup, noon, and end of day -- but this does not present a problem because IS provides a real-time shield (the MSE PC is only a lab system).

 

I have not seen the circular cursor since I made the changes.

 

I will update this thread if anything new arises.

 

P.S. Yes, I am aware that F-Secure does not recommend running any other anti-malware packages.  I think I have proved that point.  And I will never again manually run an antivirus update or scan while MBAM is updating.

Ukko

Best Answer

Comments

  • SimonSimon Posts: 2,635 Superuser
    Thanks for that interesting comparison. Just one question, how do you make it three updates to MBAM with the daily update and scan settings? I have been running MBAM 2 on two machines, one Win7 and one Win8.1, and I've never managed to get it to update on startup, so curious to know how you did it.
  • And Simon wins the prize!  Smiley Happy

     

    You are correct.  I was in the middle of lots of sysadmin tasks yesterday and I forgot about that.  So my scheme only results in two updates per day.  That's still not a problem because F-Secure's IS shield is the main protection.  I have readjusted my update time to occur earlier in the day.

  • SimonSimon Posts: 2,635 Superuser
    The only way I could get my MBAM 2 to update regularly and automatically, was to set it to Realtime, 15 minute intervals. Not sure what impact that has on system performance, but I must admit, I have noticed my Windows 7 machine slowing up on seemingly random occasions lately.
  • Things just went from strange to weird.

     

    I finally looked at Event Viewer and perused the System events, only to discover a whole bunch of "mbamchameleon" events where MBAM was having trouble with F-Secure, hard drives, and a few other things.  Another PC with the same configuration did not have those errors.  I uninstalled MBAM and reinstalled it.  The errors seem to have gone away.  I have no idea what to make of this.  I'm tempted to disable the real-time shield for MBAM on all of my systems.

     

    So far, the moral of my MBAM stories has been: if anything is strange, uninstall and reinstall MBAM.

    Ukko
  • NikKNikK Posts: 935 Rock Star

    Well, a clean reinstall can often solve strange problems Smiley Wink

     

    Regarding the mbamchameleon "errors". This is caused by MBAM's self-protection module. I get lots of them too, but none is actually reported as error in event viewer(Windows Logs\System), they're all reported as "Information" which I interpret as non-critical. If you get too many of these you might consider disabling the self-protection.

     

    If you suspect a clash between MBAM and F-Secure there's always the ability to set up a mutual exclusion to have MBAM ignore F-Secure and v.v. It's probably easiest to exclude their respective folder in the Program Files folder.

     

    I don't have any problems. Self-protection is ON but not the "early start". Update checks every 30 minutes. If you set it to more often that shouldn't be a problem as most of these checks won't find any new updates to download, so it probably only takes milliseconds to do the check.

  • NikK, what was so strange is that I had just built two new W-7 64-bit PCs and installed Internet Security and MBAM.  But one had mbamchameleon messages (you are correct, they are information, not errors), but the other did not.  And when I uninstalled / reinstalled MBAM, those message went away.

     

    I was confused at first by mbamchameleon messages because MBAM Chameleon is a trick to fool malware that MBAM is actually something else.

     

    I think the early start is a problem with Internet Security, but not with Anti-Virus (or MSE).  That makes some sense because both IS and MBAM Pro have Internet screening, but MSE and AV do not.

This discussion has been closed.