[SOLVED] How to modify Windows to not realise a third party AV is installed?

[andrewlen]

Here's something I've wanted to do for a while but don't really have an idea on how to best achieve it.

To explain, I currently use Avast Premium Security as my main antivirus solution and have been for quite some time, but the only reason I continue using it these days is because of its included built-in Password Manager that I also subscribe to.

If not for the module alone, (it can't be installed as a standalone program) I would ditch Avast Premium Security in a heartbeat to just use Microsoft Defender, which I'm convinced does just as good a job as any other commercial antivirus available according to the AV-Comparatives test sit that is my goto for reliable independent AV Testing site that I keep a close watch on.

What I want to do is keep Avast installed but have it completely disabled with regard to AV protection.

My motivation is not to avoid the yearly subscription fees because I'm happy to continue paying for it in order to continue having access to their excellent Passwords module that works extremely well for me.

Though I've tried totally disabling all of Avast's real-time scanning functions, Windows 10 will still not allow Microsoft Defender to take over as the Antivirus.

I'm hoping someone here can provide some ideas for me to try.

Is there a registry modification I can make in order to stop Windows from seeing that Avast is installed and thus re-enable Defender as the installed AV?

Any other ideas?

Your advice and suggestions would be appreciated.

Many thanks,

Andrew

 

[x BlueRobot]

Wouldn't it be best to get a dedicated password manager? It seems rather obtuse to keep Avast just for the password manager and then attempt to find some workaround to allow Windows Defender to be able to run at the same time.

 

[axe0]

From what I have found, antivirus software doesn't normally register themselves like many expect, via the registry for example, therefore making it impossible to tell Windows Defender that Avast is not an antivirus replacing Windows Defender while keeping Avast installed. Across multiple sources (example and example) the same thing is described, antivirus software uses private API calls to make them the primary antivirus solution which they get access to by becoming a member of the Microsoft virus initiative.

 

[Digerati]

From what I have found, antivirus software doesn't normally register themselves like many expect, via the registry for example

It sure should! If it doesn't that is the fault of the 3rd party program. Actually, it is supposed to register itself in Windows Security Center (though that likely is ultimately a registry setting).

I cannot speak for Avast, but, for example, with Malwarebytes Premium, it correctly and automatically registers itself in the Windows Security Center. This then tells Microsoft Defender to disable itself so there are not two real-time solutions running simultaneously. In the past, running two at once was discouraged due to potential conflicts. These days, conflicts are extremely rare but more common is the simple fact running two at once may consume a lot of resources affecting performance. I like to say it is like 2 dogs guarding the same bone, each wondering what the other is up to.

With Malwarebytes Premium, however, it plays very well with Microsoft Defender (no conflicts) without hogging resources. :) So many, including myself on my two primary computers, like to run with both enabled.

So, again using Malwarebytes Premium as an example, you have to tell Malwarebytes not to register itself. You do this in the Malwarebytes Premium control panel under Settings > Security > Windows Security Center by ensuring the slider switch for "Always register Malwarebytes in the Windows Security Center" is set to "Off".

Having said all that - this is totally different from what the OP is asking.

You are right Andrew, Microsoft Defender (formally Windows Defender - now often called just Defender) is fully capable of keeping our systems safe AS LONG AS we keep it and the operating system current, and we avoid being "click-happy" on unsolicited links - the same precautions we must take regardless our primary security of choice.

If you don't want Avast's real-time scanner to start with Windows, you need to look in Avast's control panel.

I also found this: Avast passwords without Antivirus on Windows?

 

[axe0]

They are registering in the Windows Security Center yes, but according to what I found, this is not done in the registry but via API calls. If this were to be done via the registry I imagine any program (even malware!) could pretend to be an antivirus effectively disabling the built-in security without any other protection.

 

[Digerati]

If this were to be done via the registry I imagine any program (even malware!) could pretend to be an antivirus effectively disabling the built-in security without any other protection.

Oh! Good point! I am sure you are right - though it would still take some clever programming on the part of the bad guy and most likely involve exploiting an exposed/unpatched vulnerability. Either that or the user would have to open the door and invite the bad guy in - which, sadly, is pretty much exactly how socially engineered methods of malware distribution works (by tricking the user into clicking on a safe "looking" malicious link).

 

[andrewlen]

Many thanks for your responses guys, but after doing a lot of searching, as well as consulting both the Avast Community and another forum, I found it is possible and have achieved the result I was looking for.

I'll include the details here in case anyone else wants to have more than one AV installed to Windows 10/11.

The trick is to set third-party AV and Anti-Malware programs to Passive Mode.

Long story short, I found out how to change Avast to Passive Mode and did that.

But then I found that Malwarebytes was also preventing Defender from activating as the Primary antivirus / firewall etc.

After another quick search, I found out how to Unregister Malwarebytes in the Windows Security Center, rebooted Windows, and voila, Success!

All real-time components of Defender are now active and Malwarebytes continues providing Real-Time protection against Web, Malware, Ransomware, and Exploit threats.

Malwarebytes, Avast, and SuperAntiSpyware (which is also active on my system) will continue to receive automatic updates and I can still use it to manually scan on demand whenever needed and my favourite Avast password manager continues to work flawlessly.

Here's some snaps showing the result.













I'd tried disabling everything, but that didn't work.

Putting Avast in passive mode and unregistering Malwarebytes from Windows Security did the trick.

Bonus is Malwarebytes continues its real-time protection alongside Microsoft Defender AV and Windows Firewall. SuperAntiSpyware continues to provide real-time protection too. No conflicts.

All my google searches revealed prior to posting were warnings to NEVER have more than one AV installed. Pffft.. So much for that advice spread all over the web! lol

I'm a happy camper now. Didn't think it would turn out to be as easy as it was to set this up in the way I wanted.

I much appreciate everyone's input here to try and help solve this though.

Best, Andrew

 

[andrewlen]

Wouldn't it be best to get a dedicated password manager? It seems rather obtuse to keep Avast just for the password manager and then attempt to find some workaround to allow Windows Defender to be able to run at the same time.

I have three dedicated password managers that I run in tandem actually.

Roboform, Dashlane, and Avast Password Manager

I reviewed several password managers back in 2018 to figure out a way to run more than one for redundancy purposes in case any of them failed.

With the help of a friend who is an experienced programmer with the AutoHotkey language, I have been able to configure all three so that they all sync with each other automatically so as to contain identical login and other information using strongly encrypted formats.

I also reviewed several Password Managers in a two-part article series that I published back in 2018. Links below if interested to take a look.

• Password Managers - 5 of the best reviewed
  
  
• Password Managers - (Part 2) - Final Conclusions

What I intend to do now though, is disable both Roboform and Dashlane and use Avast Password Manager exclusively. Will just need my mates help to make sure that both Roboform and Dashlane keep being automatically updated from Avast's Password Manager once they're disabled. I'm confident that should be fairly easy though as my guy is a somewhat of a Savant when it comes to scripting solutions in AutoHotkey. I beta test and provide feedback on quite a few of his programs for him in return for the favours he grants me :)

I will also be swapping to Avast Free when my subscription ends now that I've found this workaround, and only keeping a paid subscription to Avast Passwords instead.

All in all, for me, it's a perfect and ideal result.

Best regards, Andrew

 

[Digerati]

But then I found that Malwarebytes was also preventing Defender from activating as the Primary antivirus / firewall etc.

After another quick search, I found out how to Unregister Malwarebytes in the Windows Security Center, rebooted Windows, and voila, Success!

Ummm, another quick search? Curious? Did you not see where I posted that yesterday morning in post #4 above?

And just for the record, Malwarebytes was not preventing Defender from serving as the primary security solution. That is a feature/function of Defender itself. Microsoft knows that some folks prefer using 3rd party solutions. So Microsoft designed Defender to gracefully step aside whenever any 3rd party solution is installed.

So Malwarebytes was not preventing Defender. Instead Defender was allowing Malwarebytes to take over. Same end result, but a different way of getting there.

All in all, for me, it's a perfect and ideal result.

Well, I am glad you found a solution that works for you. That is what is important.

That said, I find Avast in general extremely frustrating. For example, you just said you are keeping a paid subscription to Avast Passwords. I have an extreme aversion to subscriptions. I particularly really hate recurring "bills" for software - especially when there typically are so many very capable competing products that are "free" or have just a one-time payment for a "lifetime" license. So I decided to go out to Avast and see how much Avast Passwords cost to purchase, and what the recurring fees are.

Good luck finding it. They don't even appear to have a Search feature on their site.

No thanks.

 

[axe0]

That's because Avast Password subscriptions aren't being sold anymore.
Avast Passwords - FAQs | Official Avast Support

 

[Digerati]

Okay, thanks for that, but...

If you have an active Avast Passwords subscription, you can still renew it.

Great! But then how much are the recurring renewal fees?

Avast is not alone in making this type information easily available. It seems to be a common theme among the security software industry. They want to get you hooked so you will pay pay and pay again.

 

[andrewlen]

Hi @Digerati

Ummm, another quick search? Curious? Did you not see where I posted that yesterday morning in post #4 above?

If the information about Malwarebytes is there, I didn't notice it sorry?

I did look at the link you provided and found it was about Avast being run without AV activated, but without a working solution. The penny eventually dropped for me using the link below.

I searched for how to unregister Malwarebytes from Windows Security and found the solution here: https://support.malwarebytes.com/hc...-for-Windows-with-the-Windows-Security-Center

The link shows how to fix a problem when MWB won't register itself in Windows Security. I just did the reverse instead. Settings > Security and turned off the "Always register Malwarebytes in the Windows Security Center" Here's a

pic of how the setting now looks on my own copy of MWBP.



That it continues to protect in real-time regardless I consider a huge bonus because it has often caught things that Avast or SAS wouldn't bat an eye over. On the flip side to that though, MWB also failed to recognise exploits that either Avast or SuperAntiSpyware recognised too. It's why I prefer to have three levels of protection active when possible. AV, Antimalware, AntiSpyware. I often do such tests using a VM through multiple VPNs at a couple of .onion sites I've managed to get access to that are designed for that purpose (zero-day exploits etc) on the dark web.


The Avast solution I eventually figured out from a question I posted to Avast forums myself here: Avast Password as a standalone module

In Avast Premium Protection, you enable the setting Menu > General > Troubleshooting > Enable Passive Mode



That essentially turns Avast into an on-demand scanner only.



Once the above two things are done, neither Avast nor Malwarebytes are seen as existing in Windows Security and Defender re-enables itself as the active Antivirus.

As for SuperAntiSpyware, nothing needed to be done for it to continue running in real-time protection mode.

And just for the record, Malwarebytes was not preventing Defender from serving as the primary security solution. That is a feature/function of Defender itself.

Curious. I looked high and low for a setting like that in Defender but couldn't find one. Just for my future reference/education, can you show me whereabouts that configuration option is in Defender?

That said, I find Avast in general extremely frustrating.

On that, I couldn't agree with you more. I particularly hate them trying to upsell registered users with their third party garbage like Cleanup Premium, Secureline VPN, Drivers Updater, Avast Secure Browser etc., and even re-installing trial versions of unwanted components after I'd manually uninstalled myself whenever the program build is updated. With Passive Mode now turned on, I'm hopeful that sort of nagging will now finally stop for good, but somehow, I tend to doubt that.

So I decided to go out to Avast and see how much Avast Passwords cost to purchase, and what the recurring fees are. Good luck finding it. They don't even appear to have a Search feature on their site.

I'm not sure where that information is either, to be honest, but I see from my account that the last purchase I made was for $28.99 AUD for a 12-month extension. I dislike (one of my pet hates) "Auto-Renewal" subscriptions so some years back, I contacted accounts and insisted they turned Auto-Renew off on all of my Avast related subscriptions. I get warning reminder emails about 2 months before expiry instead now.




The activation code is valid for up to 5 mobile devices as well as 1 Desktop installation.

Regards, Andrew

 

[andrewlen]

Further and just to clarify the last point above, the Avast Password App is no longer officially available on the Google Play Store or Apple App Store. They're still there, but they are hidden. I assume that's because they're no longer accepting any "new" subscriptions to the password manager.

I had to email Avast Support to get the hidden links when I recently updated both my Android mobile and Apple iPhone a few months back. The process was fairly painless though. I just explained what I needed to do by emailing the details of my account to support and got an email back a couple of days later with two links, one to Google Play and the other to Apples App Store. Both installed without an issue and synchronised with my desktop automatically via their online server.

 

[axe0]

Curious. I looked high and low for a setting like that in Defender but couldn't find one. Just for my future reference/education, can you show me whereabouts that configuration option is in Defender?

It is not a configuration, but how Defender behaves. It is well known that if an antivirus program registers itself in the Windows Security Center, Defender automatically lets that antivirus program take over and won't provide protection in real-time to prevent problems that arise when having two or more antivirus programs running in real-time at the same time. This also means if you decide to remove the antivirus that took over, Defender will automatically take over protection again which ensures that there is always an antivirus program running in real-time protecting the system.

Even though Defender isn't active when another antivirus program is installed, you can still configure Defender such that it receives updates and scans the system, although these scans are mostly manually (there is a configuration that allows Defender to scan periodically which I have enabled, but I never noticed anything from it) but can serve as a 'second option' like how Malwarebytes used to be often used as a 'second option', and still is used as such.

While I'm not a fan of Windows 7, I have used it on a family laptop before Windows 8 and I remember quite well the annoying problem when you wanted to install a different antivirus program instead of Microsoft Security Essentials. MSE was quite decent IF you'd follow basic security practices, but it did not come pre-installed so if you'd wish to install another antivirus program, you'd have to uninstall MSE and download & install another antivirus program. If you're smart you'd have done the download prior removing MSE, but nobody I knew did that so there was a chance you could become infected with some malware after removing MSE by accidentally visiting the wrong site. Defender's behavior is an answer to that problem.

 

[x BlueRobot]

but I never noticed anything from it) but can serve as a 'second opinion' like how Malwarebytes used to be often used as a 'second opinion', and still is used as such.

I think you mean "option"

I'm a happy camper now. Didn't think it would turn out to be as easy as it was to set this up in the way I wanted.

I'm glad you were able to find a solution and configured the system how you would like. Thank you for informing us of your steps too.

 

[axe0]

I think you mean "option"

I do yes, fixed.

 

[Digerati]

there is a configuration that allows Defender to scan periodically which I have enabled, but I never noticed anything from it

And that's a good thing. It suggests your primary solution (or you, the user and ALWAYS weakest link in security) didn't let something slip by.

One distinct advantage Defender provides, that no other security solution can, is the fact Defender is already built into Windows. So, right from the very start of the very first boot of a new machine (or even during the OS installation), a significant level of anti-malware protection is provided.

In contrast, every other security program depends on the OS already being installed and configured for the user and the user's network. It also requires the user fire up their browser to connect and download and then install the 3rd party solution. Prior to W8, that was a long period of time the computer was left with essentially no security at all!

I think you mean "option"

IDK - I think "second opinion" fits - perhaps even more so. That's why I run Malwarebytes - to get a second "opinion", thus ensuring me my system is clean.

A second "option" suggests (to me anyway) one, or the other. That is not how most people use it. They scan with their primary solution, then get a "second opinion" by scanning with their secondary scanner to make sure the primary didn't miss anything. That's a second opinion to me.

@axe0 - you were right the first time.

 

[andrewlen]

I'm glad you were able to find a solution and configured the system how you would like. Thank you for informing us of your steps too.

Thanks, I always make sure I do that. I hate it when users ask for help, get considerable input and when they've finally found a solution, be it from the input they got or another location, just abandon the question or say something like, "Never mind, I fixed it", never to return - I've always thought that doing something like that to be both rude and totally inconsiderate to the people who freely provided their time and efforts to try and help them out.

 

[Digerati]

I've always thought that doing something like that to be both rude and totally inconsiderate

It is rude and inconsiderate - if they know better. Many don't know better. Why? Because they failed to take a few minutes to learn forum etiquette. So you might argue failing to the time to learn forum etiquette is being rude and inconsiderate.

 

[britechguy]

So you might argue failing to the time to learn forum etiquette is being rude and inconsiderate.

The funny thing is I cannot blame "the uneducated" exclusively in this regard.

There was a time when forum etiquette, and netiquette in general, was promptly communicated and enforced if someone stepped beyond the pale. That was back in the old days when most of the internet was populated by "tech geeks." It was not considered an insult or attack to be told promptly, and in no uncertain terms, that whatever you did should not be repeated again in the future.

In recent years, and I see it everywhere, any attempt to directly enforce forum etiquette is generally taken as "being nasty/mean" and the person attempting to enforce is identified as the problem, rather than the person violating etiquette.

There has definitely been a "dumbing down" in regard to what can be reasonably expected in venues such as this. And I blame it as much on those who can't/won't "take the heat" if they decide to communicate violations of netiquette as I do those who've violated it (at least if I believe them to be newbies). Cultures communicate expectations, and I think that tech forums have suffered from the "social media-fication" of the internet as a whole. If we who are old-timers don't consistently try to keep the guardrails in place, they will disappear from lack of maintenance.

The whole idea of code switching, that what you can do in location X often is not what you can also do in location Y, is virtually nonexistent.