Why it isn’t a good idea to run multiple full antivirus products at the same time

You’ve probably heard it before: Never run two antivirus programs at the same time, it’s trouble!

But what’s the logic behind this?

Is it sound advice based on technical reasoning? Or is it just a feeble marketing attempt by antivirus companies to dissuade you from installing competitors’ products on your PC?

Admittedly, some vendors in our industry use questionable methods to make some easy cash. However, that’s not the driving reason behind this principle, which has been around for more than a decade. Let’s take a look beneath the surface of protection software.

1. Chain reactions: Endless scan loops

While this was mainly a problem in the early years of antivirus software, it’s still worth mentioning. In those days, antivirus software typically scanned all files that were being accessed on your computer to check for any dangerous programs you may have had lying around that could cause you grief if you happened to start them up.

In simple tech terms: The operating system would signal that a file was being read when you viewed it in Explorer. Then the first antivirus would read the file to scan it with its signatures/matching patterns. That file reading action would trigger another file-access signal by the operating system, which would tell the second antivirus to scan the file too. But while the second antivirus read the file, a new independent signal would be triggered that forced the first antivirus to scan the file again, and so on. As a result, both antivirus products would re-scan files in an endless loop until all system resources were used up and the computer became inoperable.

Fortunately, that problem is mostly wiped out today. The industry has developed strategies to avoid such loops, and files are typically not scanned on each read action anymore, but only when they are newly created, started or modified.

2. Complexity issues: Potential incompatibilities

Modern antivirus/antimalware software acts like an extra layer that sits between the base of the operating system and the apps and programs that run on it. Developing this type of software isn’t trivial and requires many years of experience due to the sheer number of variables to consider. Protection programs are created in many different ways and often developers don’t stick to recommended coding standards. In particular, the use of undocumented operating system interfaces often cause unexpected crashes or freezes that are very difficult to resolve.

Sometimes it’s difficult to tell whether some vendors don’t have the required expertise to create their products in a way that makes them compatible with others, or if they simply don’t care and expect their customers to sort the problems out on their own.

We at Emsisoft always try to make our product compatible with as many others as possible and as some of our early users may still remember, our products were once even sold as ‘additional protection’ to classic antivirus products.c

3. Both detect a threat: Who is first to quarantine?

Imagine you have two antivirus products with real-time scans enabled. You download a dangerous file and both detect and alert a threat. But which is first to quarantine or remove the threat? You may encounter error messages as files suddenly disappear for one of the two programs as they attempt to quarantine. The best case scenario is that you’re left feeling confused; in the worst case scenario, neither of the antivirus are able to successfully quarantine the threat!

4. More isn’t always more: Little advantage for high resource cost

This is actually the strongest reason against running two full protection systems simultaneously. Virus/malware protection products today are rather complex and the exponentially growing number of threats (it doubles every year) requires a lot of code to keep the computer safe. This naturally results in a relatively high usage of computer resources, especially its memory (RAM). By running two full antivirus programs all the time, you’re basically wasting resources, because 90 percent or more of their functionality will be the same. All available protection products of reputable vendors today operate on very high quality standards and detection rates often only differ by about 1-2 percent according to test labs.

So, you might end up spending 0.5 to 1 GB or more of your available RAM to bring your detection rate up from, say, 98 percent to 99 percent. But is this minuscule improvement really worth it? Every new file on the computer would need to be scanned by both products, triggering two complex sets of code that use a lot of your CPU time, which could undoubtedly be better used for other tasks – you know, stuff you actually want to do on the computer.

The better option is to go for one product that comes with multiple scanning engines that are tuned to work together seamlessly, or a product that uses a layered protection approach with different technologies, or, better still, a product that implements both.

Our recommendation: Use only one protection

Do yourself a favor and avoid installing two full antivirus/antimalware products. It’s not worth it. If you have strong protection software that you are happy with, stick with it. If you are unhappy with it, uninstall it and then install a new one.

Don’t fall for free offerings. Even if the software doesn’t cost anything, it doesn’t necessarily make sense to add it to an already working security strategy.

Go for a complete antivirus/antimalware product that comes with layered protection and implements surf protection, file monitoring, behavior blocking and anti-ransomware modules that complement each other well. Emsisoft Anti-Malware bundles all of them and even adds a second full antivirus scanner, which is integrated on a very deep technical level to avoid all the problems of having two scanners that we described earlier.

Occasionally run second opinion scans

We encourage you to check your protected system with a second opinion scanner from time to time, just to be sure that your main antivirus/antimalware hasn’t missed anything. Scanner-only products typically don’t have any issues running alongside protection products so it’s safe to use them.

Cloud based scanners are nice light-weight options here. Alternatively, if you’re not using Emsisoft Anti-Malware to protect your computer, you can use our free Emsisoft Emergency Kit, which is the only fully featured dual-engine scanner available and doesn’t even require installation to check your PC for threats and unwanted programs (PUPs).

Have a malware-free day!

Categories: EnterpriseSecurity Knowledge
Emsi :

View Comments (38)

  • It's a shame, but Malwarebytes is not what it was 4-5 years ago.I dont know what went wrong, but it's not the problem solver it was. Today I only use Emsi and Webroot. One at a time. As on demand scanner I use Emsisofts emergency app. Free and extremely effective.

    • I personally wouldn't consider Windows Defender a full antivirus/antimalware. It's a baseline protection at best, which is also what Microsoft suggests. You mostly can run it next to antivirus, but it typically doesn't add much in terms of protection.

    • Hello @disqus_D238HMYdpD:disqus i tried for a short time, i didn't see any conflict, but i prefer just stay with Emsisoft, don't want waste resources just for it especially when Windows Defender isn't very light...

  • Obviously, every anti-virus company will do their best to sell their product. Unless they have a business death wish, they will tout their own one as being the best choice. Since Windows 10 came along, I've stuck with Defender. It was right there already, completely integrated, free, and continuously updated in the background. So far, during the 2 yrs, a few viruses have been shot down and quarantined, and it would appear that no virus has got past it. Once in while I run a free anti-malware app. Many stray pups have been found and sent to the great kennels in the sky. Altogether a very simple and efficient setup. You could say 'a howling success' :)

  • I have run two antivirus programs to find that they both missed malware and crashed my system. I now run only Emsisoft that is definitely the best option and a pleasure to use recommended.

    • Hello @disqus_IiLz68Am45:disqus,
      Indeed, it is what i often observe, people use 2+ AVs at same time, everything is ok when nothing happen in the system, but when an infection occurs then the problems appears.
      It is like riding with 2 bikes at same time, on a straight line road, sure you can do well, but when you engage in a slope... ^^

  • Terryw45 said in the comments here: "...but their advertisement guru is up there with the best of them..."
    Exactly my thoughts when I read the post :-))

    But, for some reason, I belive in Emsisoft anyway. I can't really put my finger on the deciding point.
    Competence? People with proper education? People with a hearth for what they do?

    I have been a computer nerd since 1983 (I'm 62) , and I have tried a lot of security software, often 2 or multiple running simultaneously. I have now had only Emsisoft for a year, and I feel very safe. I haven't questioned/double-checked any of the software's decisions. It just works well, as far as I can tell.

    P.s. I'm also the kind of guy that use both belt and suspenders :-) : I have 14 TB of private cloud backup (2x3+2x4), i.e. backup of backup + one, untouchable and locked. (I'm a photographer, architect and a structural engineer. I need to access previous work from time to time, 10-20 years back in time...)

  • My problem with emsisoft is simple:

    When I go to their page I feel totally bullshitted by a button that tells me "Free Download"

    As the software itself is of course not free, which is NOT a problem, this is a blatant attempt to trick people. Why would I want anything to do with a company that tells me "We think you are a moron!"

    • You are aware that Emsisoft Anti-Malware is available in a free version, right? Once your license or trial runs out, it reverts automatically into free mode. The free version allows you to scan for and remove infections and is functionally equivalent to EEK but still offers convenience of a permanently installed application, like context menu integration for example.

  • To be honest...
    This blog post makes me uncertain (again), specifically with regards to using Malwarebytes.

    As for any other AV application: I agree, don't use multiple AV applications, due to potential conflicts.

    But AFAIK Malwarebytes conveniently works together with other AV products. At least they say so.
    I use both Emsisoft and Malwarebytes Premium for quite a number of years and never encountered any issues. Am I just lucky then?
    I do have the Malwarebytes-folder excluded from being monitored by Emsisoft (Settings->Exclusions->Exclude from monitoring).

    That said, I do have the feeling that Malwarebytes intercepts/blocks 'unsafe websites' more often than Emsisoft. When MB blocks a site, there is no similar warning from Emsisoft. Shouldn't there be two pop-ups then?
    But maybe it is a matter of finetuning Emsisoft(?)


    • hello @diwul62:disqus

      "but AFAIK Malwarebytes conveniently works together with other AV products. At least they say so. I use both Emsisoft and Malwarebytes Premium for quite a number of years and never encountered any issues. Am I just lucky then?"

      It was viable in the past, but now Malwarebytes is changing its stand and clearly announced that from now on their product will be a standalone one.

      "That said, I do have the feeling that Malwarebytes intercepts/blocks 'unsafe websites' more often than Emsisoft. When MB blocks a site, there is no similar warning from Emsisoft. Shouldn't there be two pop-ups then?
      But maybe it is a matter of finetuning Emsisoft(?)"

      We surely have different lists, also it may depend which soft detect the site first, if MBAM block a site first, so since you don't access it anymore, Emsisoft probably won't alert.
      there is a lot of factors to consider.