I’ve always had a love/hate relationship with SAP BusinessObjects installations and antivirus software. My first experiences with installing XI R2 went badly when antivirus software was still running, frequently resulting in botched WAR file deployments. And who can forget the joy of SAP BusinessObjects Enterprise XI 3.1 SP2 and its crawling installation process? Although the root cause was the Microsoft installer, SAP also advised in KB 1374386 to“disable the antivirus before starting the install so that this does not interfere with the install process”.
While most organizations rely on the big vendors like Symantec or McAfee (the latter company has a more colorful history than the former- hence the photo above), I recently had a situation with Trend Micro antivirus preventing the installation program from running properly. The installer would fail with a “failed to update cache for execution” error. The error can either be triggered by antivirus software (see SAP KB 1781641) although it can also be triggered by the Microsoft User Account Control (UAC) setting (see SAP KB 1671421).
Let’s review some best practices for working with SAP BusinessObjects and antivirus software.
Pre-installation Best Practices
During the kickoff meeting for an installation or upgrade project, determine the vendor and version of the antivirus software in use. Next, identify the person who administers the antivirus software who will assist, if necessary, during the installation process. It’s really important to identify this person, even if everyone in the kickoff meeting begins to stare uncomfortably at their shoes when you pose the question. Determine if the software can either be disabled for the duration of the installation process or if the folder location of the installation can be permanently exempted from scans. Lastly, find out if you can make the necessary changes yourself or if you’ll need to ask a system administrator. With my recent Trend Micro experience, I could see the antivirus software running in the Windows system tray but not any active exemptions. In addition, I had to ask an administrator to make the necessary exemptions from a centralized console that I did not have access to.
Installation Best Practices
Disable the services associated with the antivirus program so they are not running during the installation process. Work with your organization’s system administration team if you’re unable to figure out how to do this. It’s critical that the antivirus program doesn’t interfere with a successful installation of SAP BusinessObjects. The installation will be faster if the antivirus program isn’t analyzing it.
Post-installation Best Practices
Determine what the permanent solution for antivirus software will be after the installation of SAP BusinessObjects. Will the SAP installation folder be exempted from scans? Will specific SAP programs be exempted? Look for a permanent solution for dealing with antivirus software during the project kickoff meeting. If the exemptions are only temporary during the installation process, it is likely that they’ll become a thorn in somebody’s side when it comes time to apply a support pack or patch.
Thus Saith SAP
In many cases, it takes documentation from the vendor to successfully lobby for an exemption to corporate security policies. Here are some relevant knowledge base articles from SAP that you can reference to help your organization work toward a solution.
- SAP KB 106267 – generic note about SAP and antivirus software, not specific to SAP BusinessObjects
- SAP KB 1497394 – Configuring antivirus software to support SAP BusinessObjects XI 3.1 and BI 4.0
- SAP KB 1781641 – “Failed to update cache for execution” error occurred while installing SAP BusinessObjects Business Intelligence 4.0.
Do you have horror stories of SAP BusinessObjects installations gone bad due to antivirus software? Any best practices that I haven’t mentioned? Please share your thoughts below.