IE7 Installation and Anti-Malware Applications

A few people have asked why we recommend temporarily disabling anti-virus or anti-spyware applications (which I’ll refer to together as anti-malware) prior to installing IE7, so here’s a little insight to the situation.

Along with copying IE7 files to your system, IE7’s setup writes a large number of registry keys.  A common way anti-malware applications protect your computer is by preventing writes to certain registry keys used by IE.  Any registry key write that fails during setup will cause setup to fail and rollback changes.  We work around the problem in most instances by checking permissions at the beginning of setup, but many anti-malware programs monitor the key rather than change permissions.  Therefore, setup thinks it has access when it starts, but then fails when it later attempts to write the key.

The majority of users likely haven’t seen any such problems even with anti-malware enabled because we work with third-party vendors to identify IE7 setup as ‘safe’ based on something like digital signatures or file hashes.  While this could lead us to remove the recommendation to disable anti-malware apps, we’ve decided to leave it in setup because a number of factors may still cause some customers to have this problem.  Specifically:

  • With all the anti-malware apps available, we don’t want to assume all of them work just because we haven’t heard of a problem yet.
  • Even anti-malware apps we’ve tested sometimes require the latest definition updates.  If a user doesn’t have the latest definitions, he or she may still hit a problem even though we consider the issue resolved.
  • Failed installation is an awful user experience so we take every step to reduce the chances of setup failing.

I hope this helps answer some of your questions.

John Hrvatin
Program Manager