This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to Install Sophos EDR, requestion full version

I am trying to install Sophos in some remote sites which is protected by Sophos XG. While it is working on some sites, I am unable to install on most of the sites.

I already added the following to allow FW rule but it seems it doesnt connect to Sophos Central on those sites.

 

I tried SophosInstall.exe with command and even with the message relay server. The Device register but most of the components don't install and always show red.

SophosSetup.exe --quiet --messagerelays=[IP address]:8190

The recommendation as always to install and use SophosSetup.exe which is not working and it is not what I want

I created a rule and added the following to the allowed list:

*.sophos.com
az416426.vo.msecnd.net
dc.services.visualstudio.com
*.cloudfront.net
*.sophosupd.com
*.sophosupd.net
*.sophosxl.net
*.globalsign.com
*.s3.amazonaws.com

 

 

But even with this, it doesnt work sometimes as per logs:

 

2020-02-09T13:23:26.2928848Z INFO : Stage 1 command-line options:
2020-02-09T13:23:26.2928848Z INFO : ---
2020-02-09T13:23:26.2928848Z INFO : Quiet mode on: 1
2020-02-09T13:23:26.2928848Z INFO : Automatic Proxy detection disabled: 0
2020-02-09T13:23:26.2928848Z INFO : No feedback mode on: 0
2020-02-09T13:23:26.2928848Z INFO : Dump feedback enabled: 0
2020-02-09T13:23:26.2928848Z INFO : Bypass competitor removal: 0
2020-02-09T13:23:26.2928848Z INFO : Using CRT catalog file path: --
2020-02-09T13:23:26.2928848Z INFO : Only register endpoint with Central: 0
2020-02-09T13:23:26.2928848Z INFO : Log messages between endpoint and Central: 0
2020-02-09T13:23:26.2928848Z INFO : Log command-line passed to executables: 0
2020-02-09T13:23:26.2928848Z INFO : Using custom server that hosts the installer stage2 filename : --
2020-02-09T13:23:26.2928848Z INFO : Using cloud group: --
2020-02-09T13:23:26.2928848Z INFO : Overriding computer name: --
2020-02-09T13:23:26.2928848Z INFO : Overriding computer description: --
2020-02-09T13:23:26.2928848Z INFO : Overriding domain name: --
2020-02-09T13:23:26.2928848Z INFO : Language will be set to: --
2020-02-09T13:23:26.2928848Z INFO : Using message relays: --
2020-02-09T13:23:26.2928848Z INFO : Proxy address: --
2020-02-09T13:23:26.2928848Z INFO : Proxy user name: --
2020-02-09T13:23:26.2928848Z INFO : Using custom customer token: --
2020-02-09T13:23:26.2928848Z INFO : Using specified products: --
2020-02-09T13:23:26.2928848Z INFO : Using certificates from the MCS app data folder.: 0
2020-02-09T13:23:26.2928848Z INFO : Using custom customer ID.: --
2020-02-09T13:23:26.2928848Z INFO : Using specified user ID.: --
2020-02-09T13:23:26.2928848Z INFO : Using local install source.: --
2020-02-09T13:23:26.2928848Z INFO : ---
2020-02-09T13:23:26.2928848Z INFO : Sending HTTP 'POST' request to: api/download/stage2-details/a95228bc-e837-4f9f-b916-8428a5478ce8
2020-02-09T13:23:26.2928848Z WARNING : WinHttpGetProxyForUrl returned: 12180
2020-02-09T13:23:26.2928848Z INFO : Attempting to connect using proxy '' of type 'Empty Proxy'.
2020-02-09T13:23:26.2928848Z INFO : Set security protocol: 00000800
2020-02-09T13:23:26.2928848Z INFO : Opening connection to dzr-api-amzn-eu-west-1-9af7.api-upe.p.hmr.sophos.com
2020-02-09T13:23:26.2928848Z INFO : Request content size: 31
2020-02-09T13:23:33.2131135Z INFO : Sending request
2020-02-09T13:23:33.2131135Z INFO : Request sent
2020-02-09T13:23:35.0878104Z INFO : Sending request
2020-02-09T13:23:35.0878104Z INFO : Request sent
2020-02-09T13:23:35.0878104Z INFO : Response status code: 200
2020-02-09T13:23:35.0878104Z INFO : Response data size: 175
2020-02-09T13:23:35.0878104Z INFO : trySendRequestThroughPotentialProxy returning response with status code: 200
2020-02-09T13:23:35.0878104Z INFO : Parsing message received for Stage 2 filename: '{"mcs_server":"dzr-mcs-amzn-eu-west-1-9af7.upe.p.hmr.sophos.com","stage2_filename":"stage2-1.6.1112.0-7c172ee33a33004f58c51d634349303caf768675a278b74bb1e9d5acde4f3f87.tar.gz"}'
2020-02-09T13:23:35.0878104Z INFO : Sending HTTP 'GET' request to: full/central/windows/business/installer/stage2-1.6.1112.0-7c172ee33a33004f58c51d634349303caf768675a278b74bb1e9d5acde4f3f87.tar.gz
2020-02-09T13:23:35.0878104Z WARNING : WinHttpGetProxyForUrl returned: 12180
2020-02-09T13:23:35.1032407Z INFO : Attempting to connect using proxy '' of type 'Empty Proxy'.
2020-02-09T13:23:35.1032407Z INFO : Set security protocol: 00000800
2020-02-09T13:23:35.1032407Z INFO : Opening connection to downloads.sophos.com
2020-02-09T13:23:35.1032407Z INFO : Request content size: 0
2020-02-09T13:23:48.8191632Z INFO : Sending request
2020-02-09T13:23:48.8191632Z INFO : Request sent
2020-02-09T13:25:08.5917154Z INFO : Response status code: 200
2020-02-09T13:25:08.5917154Z INFO : Response data size: 1745182
2020-02-09T13:25:08.5917154Z INFO : trySendRequestThroughPotentialProxy returning response with status code: 200
2020-02-09T13:25:08.5917154Z INFO : Extracting files:
2020-02-09T13:25:08.5917154Z INFO : integrity.dat
2020-02-09T13:25:08.5917154Z INFO : manifest.dat
2020-02-09T13:25:08.6071749Z INFO : rootca.crl
2020-02-09T13:25:08.6071749Z INFO : rootca.crt
2020-02-09T13:25:08.6071749Z INFO : scf.dat
2020-02-09T13:25:08.6071749Z INFO : sof.dat
2020-02-09T13:25:08.6071749Z INFO : SophosSetup_Stage2.exe
2020-02-09T13:25:08.6384154Z INFO : sul.dll
2020-02-09T13:25:08.6540387Z INFO : Management Certs/sophosca1.crl
2020-02-09T13:25:08.6540387Z INFO : Management Certs/sophosca1.crt
2020-02-09T13:25:08.6540387Z INFO : Management Certs/sophosca2.crl
2020-02-09T13:25:08.6540387Z INFO : Management Certs/sophosca2.crt
2020-02-09T13:25:08.6540387Z INFO : Management Certs/sophosca3.crl
2020-02-09T13:25:08.6540387Z INFO : Management Certs/sophosca3.crt
2020-02-09T13:25:08.6540387Z INFO : Management Certs/sophosca4.crl
2020-02-09T13:25:08.6540387Z INFO : Management Certs/sophosca4.crt
2020-02-09T13:25:08.7009033Z INFO : Running setup.
Started C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
2020-02-09T13:25:08.8727058Z INFO : Stage 2 command-line options:
2020-02-09T13:25:08.8727058Z INFO : ---
2020-02-09T13:25:08.8727058Z INFO : Parent PID: 10560
2020-02-09T13:25:08.8727058Z INFO : Server: dzr-mcs-amzn-eu-west-1-9af7.upe.p.hmr.sophos.com
2020-02-09T13:25:08.8727058Z INFO : Message relays: --
2020-02-09T13:25:08.8727058Z INFO : Suppressing feedback: 0
2020-02-09T13:25:08.8727058Z INFO : Dump feedback to disk: 0
2020-02-09T13:25:08.8727058Z INFO : Register only: 0
2020-02-09T13:25:08.8727058Z INFO : Trail logging: 0
2020-02-09T13:25:08.8727058Z INFO : Command-line logging: 0
2020-02-09T13:25:08.8727058Z INFO : Bypassing competitor removal: 0
2020-02-09T13:25:08.8727058Z INFO : CRT catalog: --
2020-02-09T13:25:08.8727058Z INFO : Language: --
2020-02-09T13:25:08.8727058Z INFO : Log files: C:\\ProgramData\\Sophos\\CloudInstaller\\Logs\\SophosCloudInstaller_20200209_132326.log
2020-02-09T13:25:08.8727058Z INFO : Group: --
2020-02-09T13:25:08.8727058Z INFO : Quiet: 1
2020-02-09T13:25:08.8727058Z INFO : Virtual appliance: 0
2020-02-09T13:25:08.8727058Z INFO : Proxy address: --
2020-02-09T13:25:08.8727058Z INFO : Proxy user: --
2020-02-09T13:25:08.8727058Z INFO : Overriding computer name: --
2020-02-09T13:25:08.8727058Z INFO : Overriding computer description: --
2020-02-09T13:25:08.8727058Z INFO : Overriding domain: --
2020-02-09T13:25:08.8727058Z INFO : Disable proxy detection: 0
2020-02-09T13:25:08.8727058Z INFO : Customer Token Specified: a95228bc-e837-4f9f-b916-8428a5478ce8
2020-02-09T13:25:08.8727058Z INFO : Products: all
2020-02-09T13:25:08.8727058Z INFO : Pipe write handle: 1848
2020-02-09T13:25:08.8727058Z INFO : MCS Certificates Folder: 0
2020-02-09T13:25:08.8727058Z INFO : MCS Customer Id: b4408ca6-f137-a4a5-c991-548e9f96e0d8
2020-02-09T13:25:08.8727058Z INFO : User Id: --
2020-02-09T13:25:08.8727058Z INFO : Local install source: --
2020-02-09T13:25:08.8727058Z INFO : Partner Id: --
2020-02-09T13:25:08.8727058Z INFO : Customer Estate Id: --
2020-02-09T13:25:08.8727058Z INFO : ---
2020-02-09T13:25:08.8727058Z ERROR : Stage 2 error: CoInitialize failed: 0x80070008
2020-02-09T13:25:08.8883269Z INFO : Cleaning up extracted files
2020-02-09T13:25:10.7316351Z ERROR : Exception: ReadFile failed: 109



This thread was automatically locked due to age.
Parents Reply Children
  • It is not a perfect solution as it still fail sometimes. I created a firewall rule for the PC I want to install Sophos EDR on and passed all traffic without any control. Then I disabled the role once the installation is completed.

    I tried to copy the Install Cache from Program Data but it didn't work as it downloaded all items again. Sometime, I do reinstallation 3-4 times before it work and I can see it download all cache almost everytime. My problem is that everytime it download around 1GB which explains why it fail on the remote site which has VSAT