Why do some programs say to "disable anti-virus" before installing, and should I turn it on again after?

Search First! Then browse: Categories | Full Archive | By Date | Newsletter

Home » Viruses and Malware » Malware Detection

Summary: It's not uncommon for setup programs to recommend disabling anti-virus programs first. We'll look at why. But do turn it back on when you're done.

I recently purchased a new software package. I was told to disable my anti-virus software before I install the software. Why? What also has me concerned is that it does not say I can turn it back on after installation. What do you feel I should do?

•

Turn it back on.

There. For those with really short attention spans I wanted to get that incredibly important tidbit out there before you move on.

Now, as to why you had to turn it off in the first place, that requires just a little explanation.

•

Anti-virus programs as well as anti-spyware programs, which I'll collectively refer to as anti-malware programs work, essentially, two different ways:

The tools scan for known patterns of data on your hard disk, and if enabled, in the data that's arriving on your computer via the network or media such as CDs and USB keys. Those patterns are also called "signatures"; they're what a piece of malware "looks like".

The bottom line here is that if the scanner sees something that looks like a virus it can then take appropriate action.
The tools monitor for specific types of behavior that malware is known to perform. The simplest example is malware which overwrites your browser's home page in order to hijack it. Most malware scanners will monitor for any attempts to change your home page, and will often either alert you, or simply block the attempt.

In this case the bottom line is that if the scanner sees something that acts like a virus it can then take appropriate action.

Traditionally anti-virus programs most often work the first way, and anti-spyware tools work the second, however the line is most definitely blurring and it's safest to assume that all anti-malware tools may operate using both techniques as well as perhaps others.

Now, program installation is an interesting operation, for several reasons. When you run a setup program it may do many different things including:

"If your anti-malware program blocks or otherwise interferes with a program installation you may end up with a failed install."

writing program files into Windows folders
writing entries into the Windows registry
adding "auto-start" entries that launch programs whenever you boot your computer or login
starting, stopping or installing Windows services
deleting other files relating to the program being set up, typically older versions
... and much more

Here's the problem: all of those things are often exactly what malware does. And some anti-malware scanners aren't always 100% accurate at telling the difference.

If your anti-malware program blocks or otherwise interferes with a program installation you may end up with a failed install. Or worse, something that looks like a "successful" install that doesn't really work.

Hence almost all software installation programs now recommend that you turn off your anti-malware scanners before the install to avoid any of these "false positives" that might cause a problem with the installation.

And to be clear, whether they explicitly say it or not, they mean turn it off for the duration of the installation process. In other words, be sure to turn it back on when the installation is complete, or you'll be running unprotected from then on.

And that can lead to other problems.

Related:

Ask Leo! - Viruses: How do I keep myself safe from Viruses?
Ask Leo! - Spyware: How do I remove and avoid spyware?
Ask Leo! - How do I keep my computer safe on the internet?

Article C3339 - April 2, 2008

Recent Comments

10 Comments

Actually, most programs that create installations include that warning on their page templates. 9 times out of 10 it can be ignored. I use two different installation packages and have for years. Both had the warning but neither I nor my customers ever noticed it. Someone finally did and, since it wasn't necessary, I removed it.

Posted by: Dan Ullman at April 2, 2008 1:52 PM

Same situtation when installers tell you close close other programs before continuing. The vast majority of the time it is completely unnecessary.

Posted by: Chris at April 2, 2008 3:27 PM

It doesn't take all that long to temporarily disable the AV, AS and firewall. I've personally experienced corrupted installs because of my AV or firewall. Guess I'm always the 10th person or not a part of the vast majority.

Posted by: Mary at April 5, 2008 2:20 AM

I've been in the group that ignores the warnings to disable AV and AS. However, we do have a totally nonfunctional (and as it turns out non-removable) version of Adobe reader, and I wonder if it's the dreaded "something that looks like a "successful" install that doesn't really work."

Posted by: Jeanne at April 5, 2008 11:40 AM

What bugs the hell out of me is that I,m always hearing that it only takes seconds to have your computer infected because you don,t have anti-virus stuff set up. If you disable your anti-virus are you not looking for problems?

Posted by: Brian at April 6, 2008 8:17 AM

Jeanne - If you have Adobe Reader 8.x you might want to look through this Adobe KB article and the manual steps to uninstall:
http://kb.adobe.com/selfservice/viewContent.do?externalId=kb400769&sliceId=1

Brian - As I understand things, when you're randomly surfing the net or visiting unknown sites, your risks for malware increase tremendously. But if you're downloading from a known site or installing something from a disk, it's pretty safe to temporarily disable your AV, firewall, etc. I also seem to recall reading that downloads should first be saved to the desktop, then run an AV scan, and finally, if the scan is clean to install the program to hard drive.

Posted by: Mary at April 6, 2008 9:43 AM

Please don't disable your A/V software, anti-spyware and firewall unless you have disconnected your computer from the internet first! It may only take seconds for a 'bot to discover an unprotected machine and compromise it - and you'd never know.

Posted by: John E at April 7, 2008 2:02 AM

I experienced major problems with Norton Anti Virus that came with my laptop by default and had an extrememly hard time getting it off my pc... I couldn't even connect to our network because of it. Couldn't install certain programs... I got to a point where I couldn't browse the net, but still be able to chat on Skype. Someone in our IT department told me that Norton is a virus in itself. Luckily my friend helped me to find an uninstall tool to get it off my system and I have now resorted to AVG which proves to be more stable. (I'm running Vista.)

Posted by: Margherita at April 7, 2008 2:57 AM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

"Seconds to infection" typically applies more towards your
firewall, and specifically on an unpatched machine. That
means that if your machine is NOT up-to-date on Windows
patches, AND you are not behind a firewall, your machine
will be infected in seconds. Even if you are up-to-date new
threats are always arriving, and a firewall will block any
that are network-accessed based.

It is typically quite safe to disable your anti-virus for
the duration of an installation, as long as a) you don't do
something else during the install (like surf the net,
download files, and so on), and b) you turn it back on when
the installation is done.

Leo

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFH+l8vCMEe9B/8oqERAkSMAJ0YCLzL8gk0PK4mQw/2zTdClPoNpACdEmNd
dde2DV020Bb8M+7fRBpBn4A=
=MYh4
-----END PGP SIGNATURE-----

Posted by: Leo A. Notenboom at April 7, 2008 10:51 AM

U can't disconnect from the internet if U R downloading from a provider's internet page. If U R putting it onto your desktop, aren't U already at risk?

Posted by: Cesar at May 18, 2008 7:47 AM

Post a comment on "Why do some programs say to "disable anti-virus" before installing, and should I turn it on again after?":

Name: (Required) Email Address: (Required) (Email Address will not be published.) Remember Me? YesNo	By popular demand... my tip jar Buy Leo a Latte!
Comments: (you may use HTML tags for style)	Subscribe to the RSS Feed specifically for comments on this article.

Before commenting, please...

Read the article at the top of this page. If your comment shows you didn't, it'll be deleted and ignored.
Comment only on this article. Use the Google search box at the top of the page if you have a question about something else.
Don't include personal information in the comment. No email addresses. No phone numbers. No physical addresses.

Don't spam. Excessive links to unrelated sites within a comment or across multiple comments will cause all such comments to be removed.
Don't ask me to recover lost passwords or hacked accounts. I can't, and those comments will be deleted.
I can't respond to every comment. And I can't vouch for the accuracy of others who do.

Read Why didn't you answer my question? for hints on getting an answer.
By posting a comment you agree to the Terms of Service. Don't agree? Don't post.
Read the article at the top of this page. If your comment shows you didn't, it'll be deleted and ignored. Yes, I'm saying this twice; you'd be amazed.

Please wait. Your comment is being processed ...

Question? Ask Leo!

Terms, Conditions & Privacy
Product Reviews, Recommendations and Affiliate Links Disclosure