Dantheman: As long as the AVG version is 9.0.927 (any definition version) or 9.0.929a, definition 4916 or higher, it is safe to re-enable MalwareBytes. The only issues we've seen continuing with the newer versions of AVG and MBAM is that the new versions of AVG have been preventing the MBAM service from registering or starting. In these cases, we've found that disabling resident shield for the duration of the MBAM install has allowed the installation to complete, after which the AVG resident shield can be safely reenabled.
OK so it sounds like I need to make a new KES profile with resident shield disabled, apply that to whoever I want to reinstall MBAM on, then push the install, then re-enable when it shows as installed. So I DON'T need a profile for MBAM that disables Protection module when Windows starts as well? Just curious, don't want another calamity :D