Extraction failure trying to install Intercept X

We tried to install Intercept X on some client workstations and the error below is displayed:
"Installation failed. Failed to extract the installation package."
The user has an administrator profile.

In the logs it presents the following lines:
2020-11-19T20: 15: 53.0343311Z INFO: Extracting files:
2020-11-19T20: 15: 53.0353232Z ERROR: Extraction failure.
2020-11-19T20: 15: 53.0363205Z INFO: Cleaning up extracted files

Does anyone know how to solve this problem? What is the cause?

  • Hi jeanleles,

    could you please provide a more detailed logfile? This would help to get a better understanding. Please also provide some info about the system you're trying to install Intercept X to.

    I assume it's a windows system, so to begin troubleshooting please share the Installer-LogFile: %ProgramData%\Sophos\CloudInstaller\Logs\SophosCloudInstaller_<date>_<time>.log 

    If it's a mac, please share /private/var/log/install.log

    Please use formatting tools so that your reply can be read in an easy way.

    Thanks!

    Intrusus
    Sophos Certified Engineer | Sophos Certified Technician

    private lab:
    XG firewall with SFOS 18.0.3 MR-3
    Intercept X Advanced (for Server) with EDR EAP latest
    If a post solves your question use the 'Verify Answer' link

  • Hi Intrusus, 

    We tried to install Intercept X on Windows 10.   

    Today I tried to instal using the comand C:\sophos\SophosSetup.exe--localinstallsource=c:\sophos

    But it gave the message: Couldn't connect to Sophos Central

    Before that we put the workstation bypassed the firewall.

    Some logs were generated during installation attempts, so I prefer to upload it to a drive. Follow the link

    https://drive.google.com/drive/folders/1vHBRoyXZwCFRRxD0ES9WrdD-Gnp6PVaG

    Thank you!

  • Hi,

    so the logs you have provided no longer seem to refer to the extraction failure, is that correct? Because now you get a different error when trying to install product.  In your provided logfiles I can see that there was a certificate problem during connection establishment.  

    I refer here to logfile SophosCloudInstaller_20201120_185209:

    2020-11-20T18:52:17.0982122Z ERROR : Failed to validate server cert; terminating HTTP connection. 
    2020-11-20T18:52:17.0982122Z ERROR : WinHttpSendRequest failed with certificate check failure and error 12017
    2020-11-20T18:52:17.0982122Z INFO : Failed to connect using proxy '' with error: WinHttpSendRequest failed: certificate check failure
    2020-11-20T18:52:17.0982122Z ERROR : HTTP error: Failed to connect with any proxy: certificate check failure
    2020-11-20T18:52:17.0982122Z ERROR : System Property Check: ValidDeploymentInfo - FAILED  

    This error messages can be caused by a TLS\SSL inspection, which seems to be still active. If you haven't installed the cert from the root CA on your device it could cause the "Couldn't connect to Sophos Central" error. Install it or define an exclusion for the device. If you are running a Sophos XG, please try to add an exception rule on the TLS\SSL inspection page. Sophos is in general recommending excluding Sophos related traffic from HTTPS decryption. 

    If you have checked that the device got the Root Certificate installed or is excluded in TLS\SSL Inspection, you can also check the validity of the certificate of the SophosSetup.exe. Maybe you're using an old installer, I don't know. You can find the valid date in the SophosSetup.exe properties > Digital Signatures > Details > View Certificate.

    If there are any error messages you may choose to install the certificate manually. This is done by clicking Install Certificate.

    Please give me feedback on the steps you have taken and let me know if a new problem has arisen or if you were able to solve the problem!

    Have a great weekend,

    Intrusus
    Sophos Certified Engineer | Sophos Certified Technician

    private lab:
    XG firewall with SFOS 18.0.3 MR-3
    Intercept X Advanced (for Server) with EDR EAP latest
    If a post solves your question use the 'Verify Answer' link



    Changed formatting.
    [bearbeitet von: intrusus um 5:06 PM (GMT -8) am 21 Nov 2020]
  • We were able to solve this problem by adding exceptions on the firewall for the domains listed in the KB below.
    https://support.sophos.com/support/s/article/KB-000035367?language=en_US

    This way it worked!

    Thanks for the help, Intrusus.

  • Oh, good to know! Thanks so much for sharing the solution.
    Yes, often when it's not the certificates, it's the networking itself. Innocent

    Glad that everything worked out for you.

    Have a great weekend,

    Intrusus
    Sophos Certified Engineer | Sophos Certified Technician

    private lab:
    XG firewall with SFOS 18.0.3 MR-3
    Intercept X Advanced (for Server) with EDR EAP latest
    If a post solves your question use the 'Verify Answer' link