Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Why do some programs say to "disable anti-virus" before installing, and should I turn it on again after?

Question:

I recently purchased a new software package. I was told to disable my
anti-virus software before I install the software. Why? What also has me
concerned is that it does not say I can turn it back on after installation.
What do you feel I should do?

Turn it back on.

There. For those with really short attention spans I wanted to get that
incredibly important tidbit out there before you move on.

Now, as to why you had to turn it off in the first place, that requires just
a little explanation.

Become a Patron of Ask Leo! and go ad-free!

Anti-virus programs as well as anti-spyware programs, which I’ll
collectively refer to as anti-malware programs work, essentially, two different
ways:

  • The tools scan for known patterns of data on your hard disk, and if enabled,
    in the data that’s arriving on your computer via the network or media such as
    CDs and USB keys. Those patterns are also called “signatures”; they’re what a
    piece of malware “looks like”.

    The bottom line here is that if the scanner sees something that
    looks like a virus it can then take appropriate action.

  • The tools monitor for specific types of behavior that malware is known to
    perform. The simplest example is malware which overwrites your browser’s home
    page in order to hijack it. Most malware scanners will monitor for any attempts
    to change your home page, and will often either alert you, or simply block the
    attempt.

    In this case the bottom line is that if the scanner sees something that
    acts like a virus it can then take appropriate action.

Traditionally anti-virus programs most often work the first way, and
anti-spyware tools work the second, however the line is most definitely
blurring and it’s safest to assume that all anti-malware tools may operate
using both techniques as well as perhaps others.

Now, program installation is an interesting operation, for several reasons.
When you run a setup program it may do many different things including:

“If your anti-malware program blocks or otherwise interferes with a program installation you may end up with a failed install.”
  • writing program files into Windows folders

  • writing entries into the Windows registry

  • adding “auto-start” entries that launch programs whenever you boot your
    computer or login

  • starting, stopping or installing Windows services

  • deleting other files relating to the program being set up, typically older
    versions

  • … and much more

Here’s the problem: all of those things are often exactly what malware
does
. And some anti-malware scanners aren’t always 100% accurate at
telling the difference.

If your anti-malware program blocks or otherwise interferes with a program
installation you may end up with a failed install. Or worse, something that
looks like a “successful” install that doesn’t really work.

Hence almost all software installation programs now recommend that you turn
off your anti-malware scanners before the install to avoid any of these “false
positives” that might cause a problem with the installation.

And to be clear, whether they explicitly say it or not, they mean
turn it off for the duration of the installation process. In other
words, be sure to turn it back on when the installation is complete, or you’ll
be running unprotected from then on.

And that can lead to other problems.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

14 comments on “Why do some programs say to "disable anti-virus" before installing, and should I turn it on again after?”

  1. Actually, most programs that create installations include that warning on their page templates. 9 times out of 10 it can be ignored. I use two different installation packages and have for years. Both had the warning but neither I nor my customers ever noticed it. Someone finally did and, since it wasn’t necessary, I removed it.

    Reply
  2. Same situtation when installers tell you close close other programs before continuing. The vast majority of the time it is completely unnecessary.

    Reply
  3. It doesn’t take all that long to temporarily disable the AV, AS and firewall. I’ve personally experienced corrupted installs because of my AV or firewall. Guess I’m always the 10th person or not a part of the vast majority.

    Reply
  4. I’ve been in the group that ignores the warnings to disable AV and AS. However, we do have a totally nonfunctional (and as it turns out non-removable) version of Adobe reader, and I wonder if it’s the dreaded “something that looks like a “successful” install that doesn’t really work.”

    Reply
  5. What bugs the hell out of me is that I,m always hearing that it only takes seconds to have your computer infected because you don,t have anti-virus stuff set up. If you disable your anti-virus are you not looking for problems?

    Reply
  6. Jeanne – If you have Adobe Reader 8.x you might want to look through this Adobe KB article and the manual steps to uninstall:
    http://kb.adobe.com/selfservice/viewContent.do?externalId=kb400769&sliceId=1

    Brian – As I understand things, when you’re randomly surfing the net or visiting unknown sites, your risks for malware increase tremendously. But if you’re downloading from a known site or installing something from a disk, it’s pretty safe to temporarily disable your AV, firewall, etc. I also seem to recall reading that downloads should first be saved to the desktop, then run an AV scan, and finally, if the scan is clean to install the program to hard drive.

    Reply
  7. Please don’t disable your A/V software, anti-spyware and firewall unless you have disconnected your computer from the internet first! It may only take seconds for a ‘bot to discover an unprotected machine and compromise it – and you’d never know.

    Reply
  8. I experienced major problems with Norton Anti Virus that came with my laptop by default and had an extrememly hard time getting it off my pc… I couldn’t even connect to our network because of it. Couldn’t install certain programs… I got to a point where I couldn’t browse the net, but still be able to chat on Skype. Someone in our IT department told me that Norton is a virus in itself. Luckily my friend helped me to find an uninstall tool to get it off my system and I have now resorted to AVG which proves to be more stable. (I’m running Vista.)

    Reply
  9. —–BEGIN PGP SIGNED MESSAGE—–
    Hash: SHA1

    “Seconds to infection” typically applies more towards your
    firewall, and specifically on an unpatched machine. That
    means that if your machine is NOT up-to-date on Windows
    patches, AND you are not behind a firewall, your machine
    will be infected in seconds. Even if you are up-to-date new
    threats are always arriving, and a firewall will block any
    that are network-accessed based.

    It is typically quite safe to disable your anti-virus for
    the duration of an installation, as long as a) you don’t do
    something else during the install (like surf the net,
    download files, and so on), and b) you turn it back on when
    the installation is done.

    Leo

    —–BEGIN PGP SIGNATURE—–
    Version: GnuPG v1.4.7 (MingW32)

    iD8DBQFH+l8vCMEe9B/8oqERAkSMAJ0YCLzL8gk0PK4mQw/2zTdClPoNpACdEmNd
    dde2DV020Bb8M+7fRBpBn4A=
    =MYh4
    —–END PGP SIGNATURE—–

    Reply
  10. U can’t disconnect from the internet if U R downloading from a provider’s internet page. If U R putting it onto your desktop, aren’t U already at risk?

    Reply
  11. For a long time, I used AVG for anti-virus protection. Then, one of their upgrades was buggy, so I uninstalled it and switched to Avira. However, it did not permit on/off switching. The only way to turn it off was to entirely uninstall the program. I tried a couple other A/V programs that had the same issue. Going back to (further upgraded) AVG, I saw they adopted the same feature; no way to selectively turn it off without uninstalling it. So I gave up on all of them. Fortunately, I’ve been using MSE with no problems and it’s been highly recommended, as well. And I CAN turn it off if the need should ever arise.

    Reply
  12. I always install programs in Safe Mode. Saying this I will say that is the best way I have found to do a safe install, because even the installed program is not running in Safe Mode after it has been installed. Once installed, I restart and let the computer start up normally. Avast is then running along with MalWareBytes and Super AntiSpyware. Since I started doing it this way I have had several programs that would have not been caught if I had installed in Normal Mode. If I have no problems running the program, or none of my security programs popup anything on it I then install it on my other computers.

    Also I scan the installer before I install it with Avast, MalWareBytes and SuperAntiSpyware. One hit and I check for a false/positive. If it is a legitimate hit, then I delete the installer and scan my system with all my scanners.

    I am running Windows XP Home with no Service Packs or Microsoft updates. I st behind a hardware and software firewall and Avast scans websites before Firefox opens them. I do nightly scans with several system based programs and a weekly online scan from several online scanners like Panda and Karpursky(sp).

    Reply
  13. As Mike mentioned, I too found that when I wanted to install a program the infamous ‘turn your anti-virus off’ message appears. I too, decided to not use avg and and a couple of others because you could never find an ‘off’ button. I am using mse also, one, because it comes highly recommended and its free, and two, its very user friendly and you can turn it off if needed. I have never installed in safe mode… Leo, any comments on our observations?

    Reply
  14. I have noticed a lot of companies have slim installers for installing the programs, these are really just links to the online installer. I suggest hunting for the full installer on the creators website and download it and then scan it and reboot to Safe Mode and install that way. Leo, what do you think of this?

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.