I use Avira as my anti-virus and I have read on their website (I believe it was in the knowledgebase) that the realtime components of Avira AntiVir and Spybot are incompatible and that Spybot must be uninstalled or disabled.

Apart from that, I understand that having any realtime scanning program (and particularly multiple) will significantly impact system performance and so I am considering disabling Spybot's realtime scanning, and just keeping a daily system scan. With that in mind, I have a couple of questions.

1) Are Avira AntiVir and Spybot S&D's realtime components actually incompatible with each other? If so, are Safer Networking and Avira working together to resolve this issue, or are all Avira users simply excluded from using Spybot in real time?

2) Does the on-demand system scan detect everything that the realtime scanner detects (and vice versa)? Apart from the first scan after I installed Spybot (which found a few things), the regular daily system scans that Spybot performs have never found anything. So on these days, I know that the realtime scanner has done nothing, but if I disabled it, would the system scan detect anything and everything that should have been stopped by the realtime scanner?

Thank you.

Hello qwerty12345,

Are you referring to this (http://www.avira.com/en/support-for-free-knowledgebase-detail/kbid/600) Avira KB?

They are speaking specifically of the Resident SDHelper and Resident TeaTimer.

Please see How Spybot-S&D protects against the installation of Spyware/Malware. (http://forums.spybot.info/showthread.php?t=281)

Best regards. :)

On a different topic but of interest 22 November 2010, Avira blocks security tool and struggles with memory leak (http://www.h-online.com/security/news/item/Avira-blocks-security-tool-and-struggles-with-memory-leak-1140478.html)

Hello qwerty12345,

Are you referring to this (http://www.avira.com/en/support-for-free-knowledgebase-detail/kbid/600) Avira KB?

They are speaking specifically of the Resident SDHelper and Resident TeaTimer.

Hello tashi, yes that is the KB article I was referring to. I realise they are talking about the SDHelper and the TeaTimer, I think I made that clear in my post.

Also, I'm afraid I don't understand why you linked to the other thread.

Hello qwerty12345,

Hello tashi, yes that is the KB article I was referring to. I realise they are talking about the SDHelper and the TeaTimer, I think I made that clear in my post.
As they were speaking of the components as you originally stated I asked the question to clarify,

and that Spybot must be uninstalled or disabled. :)


1) Are Avira AntiVir and Spybot S&D's realtime components actually incompatible with each other?

I do not have AntiVir installed anymore, previously I personally did not experience any issues.


1) If so, are Safer Networking and Avira working together to resolve this issue, or are all Avira users simply excluded from using Spybot in real time?

Of interest: http://www.landzdown.com/index.php/topic,46306.msg133566.html#msg133566



2) Does the on-demand system scan detect everything that the realtime scanner detects (and vice versa)? Apart from the first scan after I installed Spybot (which found a few things), the regular daily system scans that Spybot performs have never found anything. So on these days, I know that the realtime scanner has done nothing, but if I disabled it, would the system scan detect anything and everything that should have been stopped by the realtime scanner?

How are you defining that the the real time components have not done anything? The on call system scan would not detect something that had already been blocked.
(http://forums.spybot.info/showthread.php?p=389642#post389642)
Also, I'm afraid I don't understand why you linked to the other thread.
To clarify how the real time components work.

Best regards. :)

How are you defining that the the real time components have not done anything? The on call system scan would not detect something that had already been blocked.
On the post that you linked to it says:
TeaTimer also monitors processes that are initiated in the system. If the process being initiated matches a list of processes in Spybot's detection files, the process is terminated and a dialog is issued to notify you and allow you to make choices as to how to handle the same process during future detections.
So if I have received no notification, then the realtime scanner can't have blocked anything.

So, does the system scan detect everything that the realtime component detects?

Hello qwerty12345,


Quote:
"TeaTimer also monitors processes that are initiated in the system. If the process being initiated matches a list of processes in Spybot's detection files, the process is terminated and a dialog is issued to notify you and allow you to make choices as to how to handle the same process during future detections."

So if I have received no notification, then the realtime scanner can't have blocked anything.
spybotsandra's previous response appeared to answer your question? http://forums.spybot.info/showpost.php?p=389778&postcount=6

Resident SDHelper, a second layer of protection for IE, won't alert if the box to block all pages silently is checked but you will still have the protection.


So, does the system scan detect everything that the realtime component detects?

Homepage Tutorial: 8. Resident (http://www.safer-networking.org/en/tutorial/index.html)

Since Spybot-S&D 1.6 the TeaTimer uses our database where known files are rated as good or dangerous. This database contains several hundreds of thousands entries and is enlarged continuously. Nonetheless now and then there are files which are not contained yet.Best regards. :)

So, have I completely misunderstood the realtime aspect of the TeaTimer? I thought it was like the realtime component of an Anti-virus, in that it scans all accessed files, in the same way and using the same definitions as the system scan.

But actually the TeaTimer checks for nothing (or almost nothing) that the system scan does. Instead, it simply monitors all loaded processes and checks them against a list of good and bad, and only if it is a known malicious process will it terminate and ask for a decision?

If I had something that had been detected by the system scan, I would test it myself, to see if TeaTimer did anything. But, as I said, the scanner never detects anything.