Endpoint Protection

Hello: I currently have SEP 11.0.5002.333 installed and love it. For the past several years, I have also been using Lavasoft's Ad-Aware Plus anti-spyware application, using the real-time protections of both SEP and Ad-Aware. However, with Lavasoft's newest versions of Ad-Aware, the company has begun to implement anti-virus capabilities into their Ad-Aware software. I routinely disable this component within the real-time protection of Ad-Aware, so as not to conflict with the real-time components of SEP. Then, when I conduct an Ad-Aware scan, I reboot the system into safe mode, without SEP running in the system tray, and conduct my Ad-Aware scan, also using the anti-virus engine of Ad-Aware, for additional peace of mind. Now, with the advancement of spyware protection within SEP, I am beginning to rethink this strategy and am weighing it against the longer boot-up time it takes for the real-time component of Ad-Aware, Ad-Watch, to load up in my system tray. I am concerned about compatibility issues between the two real-time protection components, in addition to the additional resource requirements it places on my system. In the past, it was suggested to use only one real-time anti-virus protection mechanism, but, more than one anti-spyware mechanism was also suggested. With the advancement of SEP and its anti-spyware protection, what are other users doing, in conjunction with their SEP installations? Are others still using more than one real-time anti-spyware protection mechanisms or are users relying only on the real-time protection of SEP and using either no other anti-spyware applications or only using other anti-spyware protection mechanisms, in the form of additional reactive scanning strategies, thereby, not using any other real-time anti-spyware protection mechanisms? Symantec has a knowledge base article that an SEP installation will suggest to disable Microsoft Windows Defender. Is this still the case? I am considering a few options, in addition to continue using the full capabilities of SEP: --Continue using the Ad-Watch real-time protection mechanism with Ad-Aware, disabling only the File Protection mechanism, which is known to cause compatibility problems with Symantec products --Completely disabling Ad-Watch (Ad-Aware's real-time protection) and only using Ad-Aware as an anti-spyware scanning/reactive application, not using any of its real-time protection mechanisms --Completely disabling Ad-Watch (Ad-Aware's real-time protection) and only using Ad-Aware as an anti-spyware scanning/reactive application, not using any of its real-time protection mechanisms and installing Microsoft Windows Defender and only using it as an anti-spyware scanning/reactive application, not using any of its real-time protection mechanisms Since I am accustomed to having two layers of real-time anti-spyware protection mechanisms in place, I am hesitant to disable one and relying only on SEP's real-time protection, although, I do highly like it. Therefore, I am interested in hearing from other users and Symantec, itself, wondering what works for them, what they have tried, experienced, and what they recommend. Thank you.

Still Symantec recomends to disable Windows Defender



Title: 'Microsoft Windows Defender service will not start after installing Symantec Endpoint Protection (SEP).'
Document ID: 2007121807485348
> Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2007121807485348?Open&seg=ent

A few years ago, while using Symantec AntiVirus Corporate Edition, my university was suggesting that we install both SAV and an anti-spyware application (Lavasoft's Ad-Aware), using the real-time protection mechanisms of both.  It is my understanding that the anti-spyware mechanisms of SAV were not as developed as in SEP.  Is it Symantec's position that users of SEP should not install any anti-spyware application, in addition to SEP?  What if we do not enable the real-time protection mechanisms of these additional anti-spyware applications and simply use them as an additional anti-spyware scanning application, during our routine maintenance? 

I am asking because while my university is now recommending Microsoft Windows Defender (along with recommending its real-time protection mechanism), in place of Lavasoft's Ad-Aware, I continue to use Ad-Aware, today, including enabling its real-time protection mechanism, Ad-Watch, concurrently with SEP's real-time protection.  Although, I am not enjoying all of the changes being made to the Ad-Aware application and I am concerned that newly-introduced compatibility issues are slowly being introduced that may be conflicting with SEP, I am hesitant to give up a perceived additional layer of anti-spyware, proactive protection.  With the improvement in SEP's anti-spyware real-time and reactive (scanning) protections, is this something that I should worry about or will SEP provide me just as much protection as using both SEP and Ad-Aware/Ad-Watch, knowing that no one application can catch everything?  Keep in mind that I have zero intentions of not using SEP; I do, however, have a license for Ad-Aware and I am considering dropping it. 

Thank you.

First of all 2 antivirus are not recommended on 1 system..even if you have two..then real time protection has to turned off for any one..it can be used only Scheduled scans..
It will consume high resource on your system but it will work.
However when you enable Real time protection for both you'll start having conflicts problems and everything you don't wanna have..
One more thing is the Quarantine files of one AV will be always detected by other hence causing problems again..

Totally agree with Vikram. I also don't think this is just a "Symantec" position but with the industry in general. With the advancement of real time scanning and how evasive it can be with any good modern AV's then it is recommended by almost all of them not to run more than one at a time. I am sure you will get many posts on the specific problems that can arise, but the answer is the same. However one area where I have seen two different product suites being installed on the same box is when you are using the firewall from one and the real time scanner of another ect ect.

Hope this helps,
Grant

Hello, Vikram & Grant:

Thank you both for your responses; I appreciate the input.  Perhaps, I am misunderstanding something here; but, I do agree with both of you, regarding only having one anti-virus application installed on a system.  However, I would not consider Microsoft Windows Defender an anti-virus application, nor does Microsoft; so, would either of you (or anyone else) count this specific application as a second anti-virus application, if one was also running SEP?  As with Ad-Aware, it used to be strictly an anti-spyware application; so, I didn't see it as being a problem, having it installed, using its real-time protections, in addition to installing and running SAV and/or SEP, with its real-time protections.  This, after all, would still be only one anti-virus application and one or two anti-spyware applications (if counting anti-spyware protection within SAV/SEP) on the same system.  What is nice with Ad-Aware, even the latest versions, is the application separates its anti-virus and anti-spyware engines.  So, I am under the impression and have run this application alongside SAV/SEP, with the anti-virus engine completely disabled, yet, having its anti-spyware engine enabled, along with its real-time anti-spyware protection enabled, while simultaneously having SAV/SEP installed and running its real-time protection. 

I hope this helps clarify what I am thinking.  I miss the simpler days of only running one security application, namely a Norton/Symantec product.  However, with the advancement of threats and the blending of the threats, themselves, I am wondering if one can rely on a single application, such as SEP.  I really do not have a problem with SEP being able to prevent a traditional virus infection; however, I do have doubts as to SEP's ability to prevent one of these newer threats, such as a rogue anti-virus/anti-spyware application or a drive-by download from a webpage.  I may be incorrect, but, I still have an impression that while it is more of a pain to manage both Ad-Aware and SEP, not to mention the added hardware overhead, Ad-Aware is better suited and able at not only preventing such infections, but, perhaps better at cleanup.  Although, as with others, I want to stop the infection before it gets into my system, which is why I am still using Ad-Aware, in addition to SEP.

Does this help explain what I am thinking?  What do others think?  What about you, Vikram and Grant?  Thanks, again.

Windows defender is something that SEP itself will stop and and can control it..
However when talking about 3rd party AV products like Ad-aware.

I am not saying you cannot have 2 av's with real time protection running..they will run and even catch threats..but once a threat comes in and both have the definitions for it..it can go into loop and cause your system to hang..
However if only one detects it then no problem..
Just think that to av's trying to take action on a file same time..
other than this high CPU might also become your concern..

I would suggest to have only one AV do its real time protection job..and let the other run a frequent quick scan of common loadpoints. and less frequent full scans.