Reading Time: ~ 3 min.
“Antivirus programs use techniques to stop viruses that are very
“virus-like” in and of themselves, and in most cases if you try to
run two antivirus programs, or full security suites, each believes the other is
malicious and they then engage in a battle to the death (of system usability,
“…running 2 AV’s will most likely cause conflicts and slowness
as they will scan each other’s malware signature database. So it’s not
The above quotes come from top answers on a popular computer help site and
community forum in response to a question about “Running Two AVs”
Seattle Times tech columnist Patrick Marshall has
similarly warned his readers about the dangers of antivirus products
conflicting on his own computers.
Historically, these comments were spot-on, 100% correct in
describing how competing AV solutions interacted on endpoints. Here’s why.
The (Traditional) Issues with Running Side-by-Side AV Programs
In pursuit of battling it out on your machine for security
supremacy, AV solutions have traditionally had a tendency to cause serious
This is because:
- Each is convinced the other is an imposter. Antivirus programs tend to look a lot like viruses to other antivirus programs. The behaviors they engage in, like scanning files or scripts and exporting information about those data objects, can look a little shady to a program that’s sole purpose is to be on the lookout for suspicious activity.
- Each wants to be the anti-malware star. Ideally both AV programs installed on a machine would be up to the task of spotting a virus on a computer. And both would want to let the user know when they’d found something. So while one AV number one may isolate a threat, you can bet AV number two will still want to alert the user to its presence. This can lead to an endlessly annoying cycle of warnings, all-clears, and further warnings.
- Both are hungry for your computer’s limited resources. Traditional antivirus products store static lists of known threats on each user’s machine so they can be checked against new data. This, plus the memory used for storing the endpoint agent, CPU for scheduled scans, on-demand scans, and even resource use during idling can add up to big demand. Multiply it by two and devices quickly become sluggish.
Putting the Problem Into Context
Those of you reading this may be thinking, But is all of
this really a problem? Who wants to run duplicate endpoint security products
Consider a scenario, one in which you’re unhappy with your
current AV solution. Maybe the management overhead is unreasonable and it’s
keeping you from core business responsibilities. Then what?
“Rip and replace”—a phrase guaranteed to make many an MSP
shudder—comes to mind. It suggests long evenings of after-hours work removing
endpoint protection from device after device, exposing each of the machines
under your care to a precarious period of no protection. For MSPs managing
hundreds or thousands of endpoints, even significant performance issues can
seem not worth the trouble.
Hence we’ve arrived at the problem with conflicting AV
software. They lock MSPs into a no-win quagmire of poor performance on the one
hand, and a potentially dangerous rip-and-replace operation on the other.
But by designing a no-conflict agent, these growing pains
can be eased almost completely. MSPs unhappy with the performance of their
current AV can install its replacement during working hours without breaking a
sweat. A cloud-based malware prevention architecture and “next-gen” approach to
mitigating attacks allows everyone to benefit from the ability to change and
upgrade their endpoint security with minimal effort.
Simply wait for your new endpoint agent to be installed,
uninstall its predecessor, and still be home in time for dinner.
Stop Wishing and Expect No-Conflict Endpoint Protection
Any modern endpoint protection worth its salt or designed
with the user in mind has two key qualities that address this problem:
- It won’t conflict with other AV programs and
- It installs fast and painlessly.
After all, this is 2019 (and over 30 years since antivirus
was invented) so you should expect as much. Considering the plethora of (often
so-called) next-gen endpoint solutions out there, there’s just no reason to get
locked into a bad relationship you can’t easily replace if something better
So when evaluating a new cybersecurity tool, ask whether
it’s no conflict and how quickly it installs. You’ll be glad you did.
The post Why MSPs Should Expect No-Conflict Endpoint Security appeared first on Webroot Blog.