Jump to content

Are 3rd part antivirus programs doomed in Windows?

Recommended Posts

So both of my Windows 8.1 systems were having issues that removal of Malwarebytes eliminated.  Reverting to earlier version of MWB seemed to help one system, but not the other.  Now, after latest Win 10 2004 update, my Surface Go began hanging up on wake from sleep.  Uninstalling MWB fixed that as well.  This is a known issue with MWB according to locked post, above.

It seems as attacks get more sophisticated, that counter measures must be taken at deeper and deeper levels in OS and even hardware.  A 3rd party antivirus solution is then at a disadvantage because neither the OS or hardware manufacturer are going to inform the 3rd party what their strategies for security are.  Ever more sophisticated designs to increase performance will upset an antivirus program trying to keep tabs of things.

I am careful, but one of my systems did get hijacked years ago.  Norton was no help.  Malwarebytes cleaned it up.  Ever since then, MWB has been in my toolbox.  I especially rely on it to keep my wife out of trouble.  But it seems we might be getting to the point that 3rd party solutions must operate at a higher level using different tactics, filling niches the OS doesn't address and leave the OS to keep itself locked down.

How secure can an OS be if a 3rd party app can hook into it deep enough to protect it against the most sophisticated attacks?  I've always thought that Microsoft should know best how to defend its OS.  Now this is being demonstrated. Maybe MWB should leave defense to Microsoft and focus on recovery.

My 2 cents.


Share this post

Link to post
Share on other sites

***This is an automated reply***


Thanks for posting in the Malwarebytes for Windows Help forum.

If you are having technical issues with our Windows product, please do the following:

Malwarebytes Support Tool - Advanced Options

This feature is designed for the following reasons:

  • For use when you are on the forums and need to provide logs for assistance
  • For use when you don't need or want to create a ticket with Malwarebytes
  • For use when you want to perform local troubleshooting on your own

How to use the Advanced Options:

  1. Download Malwarebytes Support Tool
  2. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  3. Place a checkmark next to Accept License Agreement and click Next
  4. Navigate to the Advanced tab
  5. The Advanced menu page contains four categories:
    • Gather Logs: Collects troubleshooting information from the computer. As part of this process, Farbar Recovery Scan Tool (FRST) is run to perform a complete diagnosis. The information is saved to a file on the Desktop named mbst-grab-results.zip and can be added as an email attachment or uploaded to a forum post to assist with troubleshooting the issue at hand.
    • Clean: Performs an automated uninstallation of all Malwarebytes products installed to the computer and prompts to install the latest version of Malwarebytes for Windows afterwards. The Premium license key is backed up and reinstated. All user configurations and other data are removed. This process requires a reboot.
    •  Repair System: Includes various system-related repairs in case a Windows service is not functioning correctly that Malwarebytes for Windows is dependent on. It is not recommended to use any Repair System options unless instructed by a Malwarebytes Support agent.
    • Anonymously help the community by providing usage and threat statistics: Unchecking this option will prevent Malwarebytes Support Tool from sending anonymous telemetry data on usage of the program.
  6. To provide logs for review click the Gather Logs button
  7. Upon completion, click OK
  8. A file named mbst-grab-results.zip will be saved to your Desktop
  9. Please attach the file in your next reply.
  10. To uninstall all Malwarebytes Products, click the Clean button.
  11. Click the Yes button to proceed. 
  12. Save all your work and click OK when you are ready to reboot.
  13. After the reboot, you will have the option to re-install the latest version of Malwarebytes for Windows.
  14. Select Yes to install Malwarebytes.
  15. Malwarebytes for Windows will open once the installation completes successfully.













If you are having licensing issues, please do the following: 


For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/hc/en-us/requests/new to get help

If you need help looking up your license details, please head here: Find my premium license key



Thanks in advance for your patience.

-The Malwarebytes Forum Team

Share this post

Link to post
Share on other sites

Didn't see how to edit post. Need this to get notifications of replies.  Why isn't this default?

Share this post

Link to post
Share on other sites
2 hours ago, Dan964 said:

Didn't see how to edit post. Need this to get notifications of replies.  Why isn't this default?

Post editing is disabled on this forum (except for advanced usergroups) as a result of too much spam being added in edits to posts.
It can be a PITA for those who are not in one of the advanced groups, but obviously the decision to disallow edits wasn't taken lightly.


As for notifications:
Click on your name at the top right of the page and select Account Settings.

On the right of the page that comes up click Notification Settings.

Change the notification settings as you would like them, the options are quite comprehensive.

Notifications aren't usually on by default on most fora because independent research shows most people don't want them (especially email notifications).

Share this post

Link to post
Share on other sites

Please refer to this page; it's a heatmap showing live data where Malwarebytes has detected actual threats (PUPs and blocked websites are not counted; only threats detected by scans, meaning each time a threat is detected, it's one more threat missed by the resident AV).  The data is pulled live, in real-time so you can see for yourself where Malwarebytes has detected a threat missed by each AV.

Windows Defender has been improving, however we still see countless threats stopped in their tracks by Malwarebytes, even on systems where Defender is active and up to date, and preventing a threat is far safer and more effective than trying to remove it after the fact, after the threat has had a chance to take control over the system.

I hope this helps.

Share this post

Link to post
Share on other sites

By the way, while MS may improve how they lockdown their own OS, that does not make them the most proficient at detecting the newest threats.  The heuristics capabilities in products like Malwarebytes have proven most effective at stopping threats before they get into a system to do damage.  Malwarebytes relies on a layered approach to protection which you can learn more about from this page and I also recommend reading this article as well as this threat analysis for further info.

Share this post

Link to post
Share on other sites

Thank you for this info nukecad and exile360.

Just seems there should be way for MWB to be better hooked in to MS development and not have to continually be doing damage control when updates roll out.

How does one define an API for antivirus that doesn't, by its very nature, expose holes attackers can take advantage of?  

In real time threat map, it would be informative to see the level, in terms of OS hierarchy, of the threats uncovered.  It's also informative to note that the map only represents threats caught during scans, not real time detections. Does Defender do a good job of real time detection, compared to what MWB would detect?

One question about 3rd party AVs.  Does 'MS Consumer' AV run when MWB is loaded?  I got the impression Defender stepped aside, in terms of real time protection.

Share this post

Link to post
Share on other sites

Microsoft designs the 'hooks' and APIs used by AV and anti-malware vendors, so they act as the gatekeepers.  This includes only allowing authorized drivers and services to register as AV protection to do things like load early on boot and to hook into certain aspects of the system.  The reason they aren't typically abused by bad guys is because of security features like digital signature enforcement where only authorized vendors, using validated/signed drivers may load on the system.  The heatmap I linked to indicates items detected by Malwarebytes after the resident AV already had its chance to try and stop them, so every time there is such a detection it was a threat that was missed by the AV (including Defender, which is listed as 'Microsoft Consumer') and was detected by Malwarebytes.  The heatmap only counts detections from scans, so the results come either from free users of Malwarebytes, or users who have their Malwarebytes protection disabled and they've run a manual or scheduled scan.  This is how I know the AV already had the chance to look at any potential threats before Malwarebytes made its detections.

If Malwarebytes is configured to register with the Security Center then Defender will disable itself, however you may use both by disabling the option.  Please refer to this support article for further details.  We have many users running both in real-time and they work quite well together.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.