Is there any benefit to using MalwareBytes for Teams AND Windows Defender?

[DoctorWho]

We have a number of workstations running Malwarebytes.  

I noticed that several workstations have both Malwarebytes AND Windows Defender running at the same time.

Is there any benefit in running them at the same time?  Differences in threat protection comes to mind...VPN...etc.?

Are there any risks?  

I assume that running both apps takes up more resources...but I seem to remember that if I was running Malwarebytes alone that Windows (10 Pro) was not particularly happy about this.  

Any thoughts would be appreciated!

 

[Porthos]

8 minutes ago, DoctorWho said:

I noticed that several workstations have both Malwarebytes AND Windows Defender running at the same time.

Malwarebytes for Teams is the same as the consumer version with a few extra support options.

Quote

The reason many of us members are pushing Keeping Defender on is the following.

Malwarebytes does not target script files during a scan... That means MB will not target; JS, HTML, VBS, .CLASS, SWF, BAT, CMD, PDF, PHP, etc.

It also does not target documents such as; PDF, DOC, DOCx, XLS, XLSx, PPT, PPS, ODF, etc.

It also does not target media files;  MP3, WMV, JPG, GIF, etc.

Malwarebytes will detect files like these on execution-only.

And,

Malwarebytes is not designed to function like normal AV scanners and uses a new kind of scan engine that relies mostly on heuristics detection techniques rather than traditional threat signatures.  Malwarebytes is also designed to look in all the locations where malware is known to install itself/hide, so a full or custom scan shouldn't be necessary, especially on any sort of frequent basis (like daily), especially since the default Threat Scan/Quick Scan checks all loading points/startup locations, the registry, all running processes and threads in memory, along with all system folders, program folders, and data folders as well as any installed browsers, caches, and temp locations.  This also means that if a threat were active from a non-standard location because Malwarebytes checks all threads and processes in memory, it should still be detected.  The only threat it *might* miss would be a dormant/inactive threat that is not actively running/installed on a secondary drive, however, if the threat were executed then Malwarebytes should detect it.  Additionally, whenever a new location is discovered to be used by malware the Malwarebytes Research team adds that location dynamically to the outgoing database updates so the locations that are checked by the default Threat/Quick Scan in Malwarebytes can be changed on the fly by Research without requiring any engine or program version updates/upgrades.

An AV will catch the file just by downloading it or just opening a folder with a detected file in it.

For example, you get an email with an infected attachment, Malwarebytes will not even blink until you run it yet Defender will detect it if it is in their database without even actually clicking on it. Remember the list of files Malwarebytes does not target.

Then I will leave you with this.

As good as Malwarebytes is, it is just a layer of protection.

Using a browser that has Ublock Origin and the Malwarebytes Browser guard enabled is also a layer of protection.

Not opening attachments from an email unless you were expecting it from a specific user during a specific time period.

Do not use Torrents. Do not install every free software you find. Do not click links in an unknown email. Go directly to the site listed in the email.

Having a monthly image of your computer on an external drive that is only connected during the backup is actually better than any protective software ever made. Macrium Reflect free is the program I use and place on every computer I service.

 

[AdvancedSetup]

Malwarebytes should be able to fully protect the system on it's own. That said there are many customers that do run both together. As rules are updated multiple times daily it's always possible that either Malwarebytes or Windows Defender may detect and stop a zero day threat that the other may have temporarily missed.

The resources of running both are quite negligible for most modern computers.

https://www.malwarebytes.com/antivirus

 

[DoctorWho]

@Porthos - Thank you for your very detailed reply and recommendations.  

 

[AndrewPP]

View this Threat Map.  Every time a dot flashes, Malwarebytes has cleaned malware off an endpoint. Look at top right for aggregate counts for Microsoft - Defender.
Malwarebytes does protect against malicious items, but differently to how you may be thinking.
We don't rely only on static scanning:

• Office Word, Excel, Powerpoint, PDF are protected by Exploit Protection, and monitoring them when they rule for malicious activities like launching WMI privileged commands, which we block/kill the document.
• We monitor Media player
• With static scanning, ALL file types are opened to see if a Program Executable (PE) is hiding within

The Endpoint Detection and Response (EDR) provides further Suspicious Activity monitoring and alerting for more subtle indications of attack.

[AndrewPP]

https://www.malwarebytes.com/remediationmap