Advisory: Support Portal Maintenance. Login is currently unavailable, more info available here.
Hi ,
in some computer we get the Error "One or more Sophos services are missing or not running" . The Windows is UptoDate. I found an Article about it but how can i find which third party application may interfere with Sophos services.
I reinstalled Sophos Endpoint Agent but the Services will disappear again.
Regards
Ahmed
Hier is the newest logfile
Started C:\Users\admin\AppData\Local\Temp\sfl-d4733000\Setup.exe 2020-11-23T13:13:18.7320780Z INFO : Stage 1 command-line options: 2020-11-23T13:13:18.7320780Z INFO : -…
Hi M-ameen Ahmed Ahmed,
to give you best support please provide some insights to us. Please provide the following information:
As soon as we get more info from you, we can start a better troubleshooting.
Thank you in advance!
IntrususSophos Certified Engineer | Sophos Certified Technician
private lab: XG firewall with SFOS 18.0.3 MR-3Intercept X Advanced (for Server) with EDR EAP latest If a post solves your question use the 'Verify Answer' link
Thank You for quick Support,
both Sophos MCS Agent and Client are missing.
OS is Windows 10 1803
Okay, could you please provide me the Cloud-Installer logfile? You can find it at %ProgramData%\Sophos\CloudInstaller\Logs\SophosCloudInstaller_<date>_<time>.log
%ProgramData%\Sophos\CloudInstaller\Logs\SophosCloudInstaller_<date>_<time>.log
Please provide the newest logfile if there is more than one. Upload it to a cloud share or copy&paste it here by using the "Code feature" of the editor (Insert > Code).
Thanks!
Started C:\Users\admin\AppData\Local\Temp\sfl-d4733000\Setup.exe 2020-11-23T13:13:18.7320780Z INFO : Stage 1 command-line options: 2020-11-23T13:13:18.7320780Z INFO : --- 2020-11-23T13:13:18.7330779Z INFO : Quiet mode on: 0 2020-11-23T13:13:18.7340759Z INFO : Automatic Proxy detection disabled: 0 2020-11-23T13:13:18.7350780Z INFO : No feedback mode on: 0 2020-11-23T13:13:18.7360779Z INFO : Dump feedback enabled: 0 2020-11-23T13:13:18.7370780Z INFO : Bypass competitor removal: 0 2020-11-23T13:13:18.7370780Z INFO : Using CRT catalog file path: -- 2020-11-23T13:13:18.7380779Z INFO : Only register endpoint with Central: 0 2020-11-23T13:13:18.7390759Z INFO : Log messages between endpoint and Central: 0 2020-11-23T13:13:18.7400780Z INFO : Log command-line passed to executables: 0 2020-11-23T13:13:18.7410779Z INFO : Using custom server that hosts the installer stage2 filename : -- 2020-11-23T13:13:18.7420781Z INFO : Using cloud group: -- 2020-11-23T13:13:18.7420781Z INFO : Overriding computer name: -- 2020-11-23T13:13:18.7440762Z INFO : Overriding computer description: -- 2020-11-23T13:13:18.7450767Z INFO : Overriding domain name: -- 2020-11-23T13:13:18.7460782Z INFO : Language will be set to: -- 2020-11-23T13:13:18.7470781Z INFO : Using message relays: -- 2020-11-23T13:13:18.7470781Z INFO : Proxy address: -- 2020-11-23T13:13:18.7480780Z INFO : Proxy user name: -- 2020-11-23T13:13:18.7490779Z INFO : Using custom customer token: -- 2020-11-23T13:13:18.7500781Z INFO : Using specified products: -- 2020-11-23T13:13:18.7500781Z INFO : Using certificates from the MCS app data folder.: 0 2020-11-23T13:13:18.7510780Z INFO : Using custom customer ID.: -- 2020-11-23T13:13:18.7520779Z INFO : Using specified user ID.: -- 2020-11-23T13:13:18.7530758Z INFO : Using local install source.: -- 2020-11-23T13:13:18.7540779Z INFO : Using experimental SRV.: -- 2020-11-23T13:13:18.7550778Z INFO : Invoked as part of SEC migration.: 0 2020-11-23T13:13:18.7560780Z INFO : --- 2020-11-23T13:13:18.8091124Z INFO : Sending HTTP 'POST' request to: api/download/stage2-details/e4917408-5a4e-4e07-9c95-1ffcecdfbe42 2020-11-23T13:13:18.8321126Z WARNING : WinHttpGetProxyForUrl returned: 12180 2020-11-23T13:13:18.8340769Z INFO : Attempting to connect using proxy '' of type 'Empty Proxy'. 2020-11-23T13:13:18.8610772Z INFO : Set security protocol: 00000800 2020-11-23T13:13:18.8630775Z INFO : Opening connection to api-cloudstation-eu-central-1.prod.hydra.sophos.com 2020-11-23T13:13:18.8650776Z INFO : Request content size: 30 2020-11-23T13:13:18.9610785Z INFO : Sending request 2020-11-23T13:13:18.9631126Z INFO : Request sent 2020-11-23T13:13:18.9820777Z INFO : Sending request 2020-11-23T13:13:18.9850777Z INFO : Request sent 2020-11-23T13:13:18.9860781Z INFO : Response status code: 200 2020-11-23T13:13:18.9880782Z INFO : Response data size: 178 2020-11-23T13:13:18.9900783Z INFO : trySendRequestThroughPotentialProxy returning response with status code: 200 2020-11-23T13:13:18.9950786Z INFO : Parsing message received for Stage 2 filename: '{"mcs_server":"mcs-cloudstation-eu-central-1.prod.hydra.sophos.com","stage2_filename":"stage2-1.10.305.0-f6402baa215a4de585ec6b7c5d5efd87f8c091137ed80c75c7ac1bd926376dc0.tar.gz"}' 2020-11-23T13:13:18.9970776Z INFO : Sending HTTP 'GET' request to: full/central/windows/business/installer/stage2-1.10.305.0-f6402baa215a4de585ec6b7c5d5efd87f8c091137ed80c75c7ac1bd926376dc0.tar.gz 2020-11-23T13:13:19.0020784Z WARNING : WinHttpGetProxyForUrl returned: 12180 2020-11-23T13:13:19.0040779Z INFO : Attempting to connect using proxy '' of type 'Empty Proxy'. 2020-11-23T13:13:19.0070782Z INFO : Set security protocol: 00000800 2020-11-23T13:13:19.0090780Z INFO : Opening connection to downloads.sophos.com 2020-11-23T13:13:19.0110786Z INFO : Request content size: 0 2020-11-23T13:13:19.0580779Z INFO : Sending request 2020-11-23T13:13:19.0610768Z INFO : Request sent 2020-11-23T13:13:19.1000775Z INFO : Response status code: 200 2020-11-23T13:13:19.1041122Z INFO : Response data size: 3197559 2020-11-23T13:13:19.1050789Z INFO : trySendRequestThroughPotentialProxy returning response with status code: 200 2020-11-23T13:13:19.1130778Z INFO : Extracting files: 2020-11-23T13:13:19.1150784Z INFO : integrity.dat 2020-11-23T13:13:19.1190769Z INFO : manifest.dat 2020-11-23T13:13:19.1220783Z INFO : scf.dat 2020-11-23T13:13:19.1250782Z INFO : sdds3-sync.exe 2020-11-23T13:13:19.2450783Z INFO : sof.dat 2020-11-23T13:13:19.2490785Z INFO : SophosSetup_Stage2.exe 2020-11-23T13:13:19.3830785Z INFO : su-setup32.exe 2020-11-23T13:13:19.4220784Z INFO : su-setup64.exe 2020-11-23T13:13:19.4700787Z INFO : SUL.dll 2020-11-23T13:13:19.5590781Z INFO : Management Certs/sophosca1.crl 2020-11-23T13:13:19.5620786Z INFO : Management Certs/sophosca1.crt 2020-11-23T13:13:19.5650786Z INFO : Management Certs/sophosca2.crl 2020-11-23T13:13:19.5680786Z INFO : Management Certs/sophosca2.crt 2020-11-23T13:13:19.5710788Z INFO : Management Certs/sophosca3.crl 2020-11-23T13:13:19.5740788Z INFO : Management Certs/sophosca3.crt 2020-11-23T13:13:19.5770768Z INFO : Management Certs/sophosca4.crl 2020-11-23T13:13:19.5800787Z INFO : Management Certs/sophosca4.crt 2020-11-23T13:13:19.5830787Z INFO : ManifestCerts/rootca.crl 2020-11-23T13:13:19.5860786Z INFO : ManifestCerts/rootca.crt 2020-11-23T13:13:19.5880784Z INFO : ManifestCerts/rootca384.crl 2020-11-23T13:13:19.5910787Z INFO : ManifestCerts/rootca384.crt 2020-11-23T13:13:19.5980777Z INFO : Checking manifest:C:\\Program Files (x86)\\Sophos\\CloudInstaller\\extract_cache\\manifest.dat 2020-11-23T13:13:19.6900773Z INFO : Running setup. Started C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe 2020-11-23T13:13:19.8371134Z INFO : Stage 2 command-line options: 2020-11-23T13:13:19.8380790Z INFO : --- 2020-11-23T13:13:19.8390781Z INFO : Parent PID: 13200 2020-11-23T13:13:19.8400788Z INFO : Server: mcs-cloudstation-eu-central-1.prod.hydra.sophos.com 2020-11-23T13:13:19.8410790Z INFO : Message relays: -- 2020-11-23T13:13:19.8420786Z INFO : Suppressing feedback: 0 2020-11-23T13:13:19.8430818Z INFO : Dump feedback to disk: 0 2020-11-23T13:13:19.8450763Z INFO : Register only: 0 2020-11-23T13:13:19.8460790Z INFO : Trail logging: 0 2020-11-23T13:13:19.8470786Z INFO : Command-line logging: 0 2020-11-23T13:13:19.8480788Z INFO : Bypassing competitor removal: 0 2020-11-23T13:13:19.8500789Z INFO : CRT catalog: -- 2020-11-23T13:13:19.8500789Z INFO : Language: -- 2020-11-23T13:13:19.8510785Z INFO : Log files: C:\\ProgramData\\Sophos\\CloudInstaller\\Logs\\SophosCloudInstaller_20201123_131318.log 2020-11-23T13:13:19.8520784Z INFO : Group: -- 2020-11-23T13:13:19.8540784Z INFO : Quiet: 0 2020-11-23T13:13:19.8550783Z INFO : Virtual appliance: 0 2020-11-23T13:13:19.8560782Z INFO : Proxy address: -- 2020-11-23T13:13:19.8580780Z INFO : Proxy user: -- 2020-11-23T13:13:19.8590768Z INFO : Overriding computer name: -- 2020-11-23T13:13:19.8600762Z INFO : Overriding computer description: -- 2020-11-23T13:13:19.8610766Z INFO : Overriding domain: -- 2020-11-23T13:13:19.8630789Z INFO : Disable proxy detection: 0 2020-11-23T13:13:19.8640788Z INFO : Customer Token Specified: e4917408-5a4e-4e07-9c95-1ffcecdfbe42 2020-11-23T13:13:19.8650768Z INFO : Products: all 2020-11-23T13:13:19.8660775Z INFO : Pipe write handle: 1952 2020-11-23T13:13:19.8670777Z INFO : MCS Certificates Folder: 0 2020-11-23T13:13:19.8680789Z INFO : MCS Customer Id: deb25ae9-bb31-d4e3-f849-655ffa84845b 2020-11-23T13:13:19.8690791Z INFO : User Id: -- 2020-11-23T13:13:19.8710795Z INFO : Local install source: -- 2020-11-23T13:13:19.8720791Z INFO : Name of SRV domain: -- 2020-11-23T13:13:19.8730790Z INFO : Partner Id: -- 2020-11-23T13:13:19.8740789Z INFO : Customer Estate Id: -- 2020-11-23T13:13:19.8750788Z INFO : Invoked as part of SEC migration: 0 2020-11-23T13:13:19.8760767Z INFO : Using experimental SDDS3: 0 2020-11-23T13:13:19.8770788Z INFO : --- 2020-11-23T13:13:19.8810784Z INFO : User name: admin 2020-11-23T13:13:19.8820789Z INFO : NameDnsDomain: DOMAIN.COM\\admin 2020-11-23T13:13:19.8830791Z INFO : dnsDomain: DOMAIN.COM 2020-11-23T13:13:24.2800836Z INFO : lpProfilePath: 2020-11-23T13:13:24.3400804Z INFO : User profile loaded 2020-11-23T13:13:24.3410812Z INFO : Net API buffer freed 2020-11-23T13:13:24.3420808Z INFO : Model::server value changed to: mcs-cloudstation-eu-central-1.prod.hydra.sophos.com 2020-11-23T13:13:24.3430810Z INFO : Model::messageRelays value changed to be size: 0 2020-11-23T13:13:24.3440811Z INFO : Model::group value changed to: 2020-11-23T13:13:24.3450808Z INFO : Model::parentPid value changed to: 13200 2020-11-23T13:13:24.3470806Z INFO : Model::products changed to: all 2020-11-23T13:13:24.3480818Z INFO : Model::customer token value changed to: e4917408-5a4e-4e07-9c95-1ffcecdfbe42 2020-11-23T13:13:24.3490809Z INFO : MCS Crts: C:\\Program Files (x86)\\Sophos\\CloudInstaller\\Management Certs\\sophosca1.crt,C:\\Program Files (x86)\\Sophos\\CloudInstaller\\Management Certs\\sophosca2.crt,C:\\Program Files (x86)\\Sophos\\CloudInstaller\\Management Certs\\sophosca3.crt,C:\\Program Files (x86)\\Sophos\\CloudInstaller\\Management Certs\\sophosca4.crt 2020-11-23T13:13:24.3500813Z INFO : MCS CRLs: C:\\Program Files (x86)\\Sophos\\CloudInstaller\\Management Certs\\sophosca1.crl,C:\\Program Files (x86)\\Sophos\\CloudInstaller\\Management Certs\\sophosca2.crl,C:\\Program Files (x86)\\Sophos\\CloudInstaller\\Management Certs\\sophosca3.crl,C:\\Program Files (x86)\\Sophos\\CloudInstaller\\Management Certs\\sophosca4.crl 2020-11-23T13:13:24.3520806Z INFO : Model:: MCS customer id value changed to: deb25ae9-bb31-d4e3-f849-655ffa84845b 2020-11-23T13:13:24.3530805Z INFO : Sophos Endpoint Defense is installed 2020-11-23T13:13:24.3540807Z INFO : Value 'SEDEnabled' under key '000002BC' is set to 1. 2020-11-23T13:13:24.3550806Z INFO : Value 'IgnoreSav' under key '000002BC' is set to 1. 2020-11-23T13:13:24.3560807Z INFO : Tamper protected by SED 2020-11-23T13:13:24.3580802Z INFO : Setting sdds3 download to: false 2020-11-23T13:13:24.3590807Z INFO : detectedMsiInstalledMcs.installed: 0 2020-11-23T13:13:24.3600806Z INFO : Not migrating from SEC endpoint. 2020-11-23T13:13:24.3660830Z INFO : Beginning command definition. 2020-11-23T13:13:24.3670810Z INFO : Adding command to remove Sophos 'Image File Execution Options' keys. 2020-11-23T13:13:24.3680825Z INFO : Adding command to wait for SAU update to complete. 2020-11-23T13:13:24.3690805Z INFO : Adding competitor detection command. 2020-11-23T13:13:24.3710806Z INFO : Adding command to register with Sophos cloud. 2020-11-23T13:13:24.3720796Z INFO : Adding command to download product suite. 2020-11-23T13:13:24.3730809Z INFO : Adding command to uninstall existing products. 2020-11-23T13:13:24.3730809Z INFO : Adding command to remove existing installation of Sophos AutoUpdate 2020-11-23T13:13:24.3740811Z INFO : Adding command to allow tamper protected reinstalls. 2020-11-23T13:13:24.3750807Z INFO : Adding commands to uninstall remaining existing products. 2020-11-23T13:13:24.3760812Z INFO : Adding command to remove existing installation of Sophos System Protection 2020-11-23T13:13:24.3770800Z INFO : Adding command to remove existing installation of Sophos Heartbeat 2020-11-23T13:13:24.3780798Z INFO : Adding command to remove existing installation of Sophos Network Access Control 2020-11-23T13:13:24.3790809Z INFO : Adding command to remove existing installation of Sophos Client Firewall 2020-11-23T13:13:24.3810806Z INFO : Adding command to remove existing installation of Sophos Patch 2020-11-23T13:13:24.3820830Z INFO : Adding command to remove existing installation of Sophos Clean 2020-11-23T13:13:24.3830810Z INFO : Adding command to retrieve policy. 2020-11-23T13:13:24.3840820Z INFO : Adding command to prepare for installation. 2020-11-23T13:13:24.3850833Z INFO : Adding command to install Sophos cloud. 2020-11-23T13:13:24.3860799Z INFO : Command definition complete. 2020-11-23T13:13:24.3990818Z INFO : Stage 1 version:1.9.100.0 2020-11-23T13:13:24.4010805Z INFO : Stage 2 version:1.10.305.0 2020-11-23T13:13:24.4031177Z INFO : OS version: 10.0.17134. 2020-11-23T13:13:24.4050826Z INFO : Service pack: 0.0. 2020-11-23T13:13:24.4071184Z INFO : System Language: 1033. 2020-11-23T13:13:24.4080834Z INFO : User Language: 1031. 2020-11-23T13:13:24.4101178Z INFO : 64 bit: yes. 2020-11-23T13:13:24.4110837Z INFO : FindMainWindow: pid=13200 2020-11-23T13:13:24.4131184Z INFO : Window is main control window of process 2020-11-23T13:13:24.4140806Z INFO : ::EnumWindows stopped early; window found 2020-11-23T13:13:24.4161180Z INFO : _bestHandle=0007037A 2020-11-23T13:13:24.8510810Z INFO : Running System Property Check: VerifyTrust ... 2020-11-23T13:13:24.9110803Z INFO : System Property Check: VerifyTrust - PASSED 2020-11-23T13:13:24.9640837Z INFO : Running System Property Check: HostnameLength ... 2020-11-23T13:13:24.9690835Z INFO : Initialized Winsock subsystem 2020-11-23T13:13:24.9850835Z INFO : Valid hostname length 2020-11-23T13:13:24.9870836Z INFO : System Property Check: HostnameLength - PASSED 2020-11-23T13:13:25.0400845Z INFO : Running System Property Check: GroupNameLength ... 2020-11-23T13:13:25.0430814Z INFO : System Property Check: GroupNameLength - PASSED 2020-11-23T13:13:25.0950849Z INFO : Running System Property Check: IsAdministrator ... 2020-11-23T13:13:25.0980816Z INFO : System Property Check: IsAdministrator - PASSED 2020-11-23T13:13:25.1520824Z INFO : Running System Property Check: JunctionPointsCheck ... 2020-11-23T13:13:25.3660819Z ERROR : RecursePath failed for 'C:\\ProgramData\\Sophos\\Sophos File Scanner\\SaviTemp\\6196'. FindFirstFile failed: 5 2020-11-23T13:13:25.3680814Z ERROR : RecursePath failed for 'C:\\ProgramData\\Sophos\\Sophos File Scanner\\SaviTemp\\6196'. Error: RecursePath failed 2020-11-23T13:13:25.3700810Z ERROR : RecursePath failed for 'C:\\ProgramData\\Sophos\\Sophos File Scanner\\SaviTemp\\6636'. FindFirstFile failed: 5 2020-11-23T13:13:25.3710822Z ERROR : RecursePath failed for 'C:\\ProgramData\\Sophos\\Sophos File Scanner\\SaviTemp\\6636'. Error: RecursePath failed 2020-11-23T13:13:25.4010825Z INFO : Scanned 7626 Sophos paths for junction points 2020-11-23T13:13:25.4030817Z INFO : System Property Check: JunctionPointsCheck - PASSED 2020-11-23T13:13:25.4550833Z INFO : Running System Property Check: PendingReboots ... 2020-11-23T13:13:25.4580819Z INFO : System Property Check: PendingReboots - PASSED 2020-11-23T13:13:25.5110853Z INFO : Running System Property Check: PrimaryDriveSpace ... 2020-11-23T13:13:25.5150824Z INFO : Enough space: 172157 Mb 2020-11-23T13:13:25.5170821Z INFO : System Property Check: PrimaryDriveSpace - PASSED 2020-11-23T13:13:25.5700855Z INFO : Running System Property Check: MsXml ... 2020-11-23T13:13:25.6020828Z INFO : System Property Check: MsXml - PASSED 2020-11-23T13:13:25.6550823Z INFO : Running System Property Check: NotFirewall ... 2020-11-23T13:13:25.6570854Z INFO : System Property Check: NotFirewall - PASSED 2020-11-23T13:13:25.7110821Z INFO : Running System Property Check: NotHitmanProAlertIncompatible ... 2020-11-23T13:13:25.7130858Z INFO : No incompatible version of HitmanPro.Alert is installed 2020-11-23T13:13:25.7160830Z INFO : System Property Check: NotHitmanProAlertIncompatible - PASSED 2020-11-23T13:13:25.7700827Z INFO : Running System Property Check: NotInvincea ... 2020-11-23T13:13:25.7720838Z INFO : System Property Check: NotInvincea - PASSED 2020-11-23T13:13:25.8260827Z INFO : Running System Property Check: NotMessageRelay ... 2020-11-23T13:13:25.8280828Z INFO : RMS is not installed on the endpoint 2020-11-23T13:13:25.8310822Z INFO : System Property Check: NotMessageRelay - PASSED 2020-11-23T13:13:25.8840862Z INFO : Running System Property Check: NotNac ... 2020-11-23T13:13:25.8870856Z INFO : System Property Check: NotNac - PASSED 2020-11-23T13:13:25.9410822Z INFO : Running System Property Check: NotPatch ... 2020-11-23T13:13:25.9430862Z INFO : System Property Check: NotPatch - PASSED 2020-11-23T13:13:25.9980827Z INFO : Running System Property Check: NotPureMessageDomino ... 2020-11-23T13:13:26.0011245Z INFO : System Property Check: NotPureMessageDomino - PASSED 2020-11-23T13:13:26.0550827Z INFO : Running System Property Check: NotPureMessageExchangeWithAntiSpam ... 2020-11-23T13:13:26.0570861Z INFO : System Property Check: NotPureMessageExchangeWithAntiSpam - PASSED 2020-11-23T13:13:26.1110827Z INFO : Running System Property Check: NotSharePoint ... 2020-11-23T13:13:26.1130861Z INFO : System Property Check: NotSharePoint - PASSED 2020-11-23T13:13:26.1670828Z INFO : Running System Property Check: NotSecServer ... 2020-11-23T13:13:26.1690862Z INFO : System Property Check: NotSecServer - PASSED 2020-11-23T13:13:26.2220865Z INFO : Running System Property Check: NotSum ... 2020-11-23T13:13:26.2250829Z INFO : System Property Check: NotSum - PASSED 2020-11-23T13:13:26.2780863Z INFO : Running System Property Check: NotBlockedByTamperProtection ... 2020-11-23T13:13:26.2810829Z INFO : AutoUpdate key present 2020-11-23T13:13:26.2840826Z INFO : No indication found of failed previous installation; endpoint not considered broken for TP bypass 2020-11-23T13:13:26.2860866Z WARNING : Cannot bypass tamper protection 2020-11-23T13:13:26.2890826Z ERROR : System Property Check: NotBlockedByTamperProtection - FAILED 2020-11-23T13:13:26.3420830Z INFO : Running System Property Check: RAMSize ... 2020-11-23T13:13:26.3440831Z INFO : System Property Check: RAMSize - PASSED 2020-11-23T13:13:26.3980836Z INFO : Running System Property Check: SupportedArchitecture ... 2020-11-23T13:13:26.4000831Z INFO : Running on x64 2020-11-23T13:13:26.4030831Z INFO : System Property Check: SupportedArchitecture - PASSED 2020-11-23T13:13:26.4550874Z INFO : Running System Property Check: SupportedOS ... 2020-11-23T13:13:26.4580832Z INFO : Running on workstation. 2020-11-23T13:13:26.4610832Z INFO : System Property Check: SupportedOS - PASSED 2020-11-23T13:13:26.5140833Z INFO : Running System Property Check: SupportedPatches ... 2020-11-23T13:13:26.5160831Z INFO : System Property Check: SupportedPatches - PASSED 2020-11-23T13:13:26.5690868Z INFO : Running System Property Check: ValidTempDirectory ... 2020-11-23T13:13:26.5720862Z INFO : Temp folder exists. 2020-11-23T13:13:26.5750831Z INFO : System Property Check: ValidTempDirectory - PASSED 2020-11-23T13:13:26.6290833Z INFO : Running System Property Check: ValidLocalInstallSourceDirectory ... 2020-11-23T13:13:26.6310831Z INFO : No local install source folder to validate. 2020-11-23T13:13:26.6340828Z INFO : System Property Check: ValidLocalInstallSourceDirectory - PASSED 2020-11-23T13:13:26.6860866Z INFO : Running System Property Check: ValidServer ... 2020-11-23T13:13:26.6890863Z INFO : System Property Check: ValidServer - PASSED 2020-11-23T13:13:26.7430835Z INFO : Running System Property Check: ValidDeploymentInfo ... 2020-11-23T13:13:26.7460862Z INFO : Current Time: 2020-11-23T13:13:26.744000 2020-11-23T13:13:26.7500825Z INFO : This computer is part of the domain DOMAIN 2020-11-23T13:13:26.7520865Z INFO : Domain Name: DOMAIN 2020-11-23T13:13:26.7550862Z INFO : Computer Name: DEW02077 2020-11-23T13:13:26.7570868Z INFO : Computer Description is not available. 2020-11-23T13:13:26.7600829Z INFO : Operating System: WIN10 2020-11-23T13:13:26.7620871Z INFO : ProductType: 4 2020-11-23T13:13:26.7750830Z INFO : Last logged on user was: DOMAIN\\admin 2020-11-23T13:13:26.7770855Z INFO : Fully Qualified Domain Name: DEW02077.DOMAIN.com 2020-11-23T13:13:26.7790828Z INFO : Processor architecture: x64 2020-11-23T13:13:26.7810832Z INFO : OS Major Version: 10 and OS Minor Version: 0 2020-11-23T13:13:26.7830835Z INFO : Friendly OS Name: WIN10 2020-11-23T13:13:26.7850825Z INFO : Is server?: 0 2020-11-23T13:13:26.7890843Z INFO : Sending HTTP 'POST' request to: sophos/management/ep/install/deployment-info/3 2020-11-23T13:13:26.7960825Z WARNING : WinHttpGetProxyForUrl returned: 12180 2020-11-23T13:13:26.7980839Z INFO : Attempting to connect using proxy '' of type 'Empty Proxy'. 2020-11-23T13:13:26.8010828Z INFO : Set security protocol: 00000800 2020-11-23T13:13:26.8020841Z INFO : Opening connection to mcs-cloudstation-eu-central-1.prod.hydra.sophos.com 2020-11-23T13:13:26.8030829Z INFO : Sending request for connection confirmation through potential proxy 2020-11-23T13:13:26.8050827Z INFO : Request content size: 0 2020-11-23T13:13:26.9080834Z INFO : ValidateFileCertificateCheck: Validate certificate against file on WINHTTP_CALLBACK_STATUS_SENDING_REQUEST 2020-11-23T13:13:26.9260865Z INFO : Certificate check succeeded 2020-11-23T13:13:26.9290854Z INFO : ValidateFileCertificateCheck: Ignore WINHTTP_CALLBACK_STATUS_REQUEST_SENT 2020-11-23T13:13:27.2900867Z INFO : Response status code: 200 2020-11-23T13:13:27.2920868Z INFO : Response data size: 168 2020-11-23T13:13:27.2950865Z INFO : trySendRequestThroughPotentialProxy returning response with status code: 200 2020-11-23T13:13:27.2970871Z INFO : Request content size: 1747 2020-11-23T13:13:27.3010867Z INFO : ValidateFileCertificateCheck: Validate certificate against file on WINHTTP_CALLBACK_STATUS_SENDING_REQUEST 2020-11-23T13:13:27.3150833Z INFO : Certificate check succeeded 2020-11-23T13:13:27.3180835Z INFO : ValidateFileCertificateCheck: Ignore WINHTTP_CALLBACK_STATUS_REQUEST_SENT 2020-11-23T13:13:27.3330834Z INFO : ValidateFileCertificateCheck: Validate certificate against file on WINHTTP_CALLBACK_STATUS_SENDING_REQUEST 2020-11-23T13:13:27.3440839Z INFO : Certificate check succeeded 2020-11-23T13:13:27.3470833Z INFO : ValidateFileCertificateCheck: Ignore WINHTTP_CALLBACK_STATUS_REQUEST_SENT 2020-11-23T13:13:27.3490845Z INFO : Response status code: 200 2020-11-23T13:13:27.3500850Z INFO : Response data size: 213 2020-11-23T13:13:27.3520861Z INFO : Parsing message received for deployment token: {"dciFileName":"fc1b17ff8d17fff3669188bc027716d2","registrationToken":"2f36f61f43295f09e719f96050b6ab754d5dc53db01f2ea1f266aa73652f3727","products":[{"product":"INTERCEPT_ADVANCED","supported":true,"reasons":[]}]} 2020-11-23T13:13:27.3540848Z INFO : Model::token value changed to: 2f36f61f43295f09e719f96050b6ab754d5dc53db01f2ea1f266aa73652f3727 2020-11-23T13:13:27.3550850Z INFO : Licenses available: INTERCEPT_ADVANCED 2020-11-23T13:13:27.4080873Z INFO : Running System Property Check: InstallationInProgress ... 2020-11-23T13:13:27.4110839Z INFO : System Property Check: InstallationInProgress - PASSED 2020-11-23T13:13:27.4650842Z INFO : Running System Property Check: SafeGuardEncryption ... 2020-11-23T13:13:27.4670837Z INFO : Entered installedProductCode, upgradeCode={BA2F47D3-1C17-40E7-8DE7-1CD733442B6C} 2020-11-23T13:13:27.4700842Z INFO : Product is installed 2020-11-23T13:13:27.4720876Z INFO : licensesContainFeature(DEVICE_ENCRYPTION): false 2020-11-23T13:13:27.4760836Z INFO : SafeGuard is not managed by Sophos Enterprise Console. 2020-11-23T13:13:27.4790836Z INFO : System Property Check: SafeGuardEncryption - PASSED 2020-11-23T13:13:35.5920908Z INFO : Data folder: C:\\ProgramData\\Sophos\\AutoUpdate\\data 2020-11-23T13:13:35.6060893Z INFO : Data folder: C:\\ProgramData\\Sophos\\AutoUpdate\\data 2020-11-23T13:13:35.6070898Z INFO : Sending HTTP 'PUT' request to: prod/2020-11-23T13:13:35Z-2020-11-23T13:13:35Z-63207ed0-96b6-50b2-bc9c-5aaf6bcf971a.json 2020-11-23T13:13:35.6100903Z WARNING : WinHttpGetProxyForUrl returned: 12180 2020-11-23T13:13:35.6110902Z INFO : Attempting to connect using proxy '' of type 'Empty Proxy'. 2020-11-23T13:13:35.6140902Z INFO : Set security protocol: 00000800 2020-11-23T13:13:35.6150901Z INFO : Opening connection to t1.sophosupd.com 2020-11-23T13:13:35.6160902Z INFO : Request content size: 2003 2020-11-23T13:13:35.6690928Z INFO : Sending request 2020-11-23T13:13:35.6710926Z INFO : Request sent 2020-11-23T13:13:36.2880927Z INFO : Sending request 2020-11-23T13:13:36.2901294Z INFO : Request sent 2020-11-23T13:13:36.2921300Z INFO : Response status code: 200 2020-11-23T13:13:36.2950928Z INFO : Response data size: 0 2020-11-23T13:13:36.2971142Z INFO : trySendRequestThroughPotentialProxy returning response with status code: 200 2020-11-23T13:13:36.2991301Z INFO : Telemetry Response: 2020-11-23T13:13:36.3050929Z INFO : User profile unloaded 2020-11-23T13:13:36.3250928Z INFO : Cleaning up extracted files 2020-11-23T13:13:36.4130931Z ERROR : Exception: Setup program failed with code: 1
Thanks
Hi Ahmed,
Thanks for providing the logfile. I know it's annoying when the product doesn't work as it should. I hope you are still motivated to work on the problem.
Please click on Update in the Endpoint (About > Update now). Reboot. Check the Endpoint Self Help (ESH) Tool again to see if it has installed the missing components.
If that didn't work out:
%TEMP%\Sophos Management Communications System Install Log <DATE>.log
Thank you!
I upgraded Windows 10 1803 to 1909 and after that in reinstall Sophos Endpoint Agent, it seem both Sophos MSC Agent and Client Services work again after update and restart Windows something doesn't works correctlly please take a look of screen shot and logs file (Sophos Management Communications System Install Log).
2020-11-24T14:09:45.815Z [ 9068:15128] [v4.12.686.0] INFO Begin product setup 2020-11-24T14:09:45.815Z [ 9068:15128] [v4.12.686.0] INFO Begin install 2020-11-24T14:09:45.821Z [ 9068:15128] [v4.12.686.0] INFO Config.xml found: true 2020-11-24T14:09:45.821Z [ 9068:15128] [v4.12.686.0] INFO MCS already installed. Start update. 2020-11-24T14:09:45.821Z [ 9068:15128] [v4.12.686.0] INFO Executing step: Tamper protection of the MCS_SCM component will be set to: OFF 2020-11-24T14:09:45.824Z [ 9068:15128] [v4.12.686.0] INFO Waiting for operation to succeed within 60000ms. 2020-11-24T14:09:45.824Z [ 9068:15128] [v4.12.686.0] INFO Tamper protection of the MCS_SCM component has been set to: OFF 2020-11-24T14:09:45.824Z [ 9068:15128] [v4.12.686.0] INFO Executing step: Stop service step without disabling tamper protection for service: Sophos MCS Client 2020-11-24T14:09:45.825Z [ 9068:15128] [v4.12.686.0] INFO PID of service: 6940 2020-11-24T14:09:45.825Z [ 9068:15128] [v4.12.686.0] INFO PID of service: 6940 2020-11-24T14:09:45.825Z [ 9068:15128] [v4.12.686.0] INFO Service process handle acquired 2020-11-24T14:09:45.826Z [ 9068:15128] [v4.12.686.0] INFO StopCommand key was set 2020-11-24T14:09:45.826Z [ 9068:15128] [v4.12.686.0] INFO Waiting 60000ms for service stop 2020-11-24T14:09:45.826Z [ 9068:15128] [v4.12.686.0] INFO Waiting for operation to succeed within 60000ms. 2020-11-24T14:09:46.826Z [ 9068:15128] [v4.12.686.0] INFO Retrying operation. Counter: 1 2020-11-24T14:09:46.827Z [ 9068:15128] [v4.12.686.0] INFO Service has stopped. 2020-11-24T14:09:46.827Z [ 9068:15128] [v4.12.686.0] INFO StopCommand key was removed 2020-11-24T14:09:46.827Z [ 9068:15128] [v4.12.686.0] INFO Executing step: Stop service step without disabling tamper protection for service: Sophos MCS Agent 2020-11-24T14:09:46.830Z [ 9068:15128] [v4.12.686.0] INFO PID of service: 11564 2020-11-24T14:09:46.831Z [ 9068:15128] [v4.12.686.0] INFO PID of service: 11564 2020-11-24T14:09:46.831Z [ 9068:15128] [v4.12.686.0] INFO Service process handle acquired 2020-11-24T14:09:46.832Z [ 9068:15128] [v4.12.686.0] INFO StopCommand key was set 2020-11-24T14:09:46.832Z [ 9068:15128] [v4.12.686.0] INFO Waiting 60000ms for service stop 2020-11-24T14:09:46.832Z [ 9068:15128] [v4.12.686.0] INFO Waiting for operation to succeed within 60000ms. 2020-11-24T14:09:47.834Z [ 9068:15128] [v4.12.686.0] INFO Retrying operation. Counter: 1 2020-11-24T14:09:47.834Z [ 9068:15128] [v4.12.686.0] INFO Service has stopped. 2020-11-24T14:09:47.835Z [ 9068:15128] [v4.12.686.0] INFO StopCommand key was removed 2020-11-24T14:09:47.835Z [ 9068:15128] [v4.12.686.0] INFO Executing step: Delete service step: Sophos MCS Client 2020-11-24T14:09:47.835Z [ 9068:15128] [v4.12.686.0] INFO Querying configuration of service: Sophos MCS Client 2020-11-24T14:09:47.838Z [ 9068:15128] [v4.12.686.0] INFO Waiting 60000ms for service deletion 2020-11-24T14:09:47.838Z [ 9068:15128] [v4.12.686.0] INFO Waiting for operation to succeed within 60000ms. 2020-11-24T14:09:47.840Z [ 9068:15128] [v4.12.686.0] INFO Successfully deleted service: Sophos MCS Client 2020-11-24T14:09:47.840Z [ 9068:15128] [v4.12.686.0] INFO Executing step: Delete service step: Sophos MCS Agent 2020-11-24T14:09:47.840Z [ 9068:15128] [v4.12.686.0] INFO Querying configuration of service: Sophos MCS Agent 2020-11-24T14:09:47.843Z [ 9068:15128] [v4.12.686.0] INFO Waiting 60000ms for service deletion 2020-11-24T14:09:47.843Z [ 9068:15128] [v4.12.686.0] INFO Waiting for operation to succeed within 60000ms. 2020-11-24T14:09:47.844Z [ 9068:15128] [v4.12.686.0] INFO Successfully deleted service: Sophos MCS Agent 2020-11-24T14:09:47.844Z [ 9068:15128] [v4.12.686.0] INFO Executing step: Install service step: Sophos MCS Agent 2020-11-24T14:09:47.851Z [ 9068:15128] [v4.12.686.0] INFO Executing step: Install service step: Sophos MCS Client 2020-11-24T14:09:47.858Z [ 9068:15128] [v4.12.686.0] INFO Executing step: MCS directory installer 2020-11-24T14:09:47.859Z [ 9068:15128] [v4.12.686.0] INFO Executing step: Create directory C:\Program Files (x86)\Sophos\Management Communications System\Endpoint and all parent directories 2020-11-24T14:09:47.864Z [ 9068:15128] [v4.12.686.0] INFO Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;LS)(A;OICI;0x1200a9;;;BU) 2020-11-24T14:09:47.864Z [ 9068:15128] [v4.12.686.0] INFO New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FRFX;;;S-1-5-19)(A;CIOI;FRFX;;;S-1-5-32-545) 2020-11-24T14:09:47.878Z [ 9068:15128] [v4.12.686.0] INFO Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint and all parent directories 2020-11-24T14:09:47.879Z [ 9068:15128] [v4.12.686.0] INFO Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;LS)(A;OICI;FR;;;BU) 2020-11-24T14:09:47.879Z [ 9068:15128] [v4.12.686.0] INFO New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-19)(A;CIOI;FR;;;S-1-5-32-545) 2020-11-24T14:09:47.968Z [ 9068:15128] [v4.12.686.0] INFO Executing step: CreateDirectory(C:\ProgramData\Sophos\Management Communications System\Endpoint\Trail) 2020-11-24T14:09:47.969Z [ 9068:15128] [v4.12.686.0] INFO Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;LS) 2020-11-24T14:09:47.969Z [ 9068:15128] [v4.12.686.0] INFO New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-19) 2020-11-24T14:09:47.969Z [ 9068:15128] [v4.12.686.0] INFO Executing step: Create directory C:\ProgramData\Sophos\Remote Management System\3\Agent and all parent directories 2020-11-24T14:09:47.970Z [ 9068:15128] [v4.12.686.0] INFO Executing step: CreateDirectory(C:\ProgramData\Sophos\Remote Management System\3\Agent\AdapterStorage) 2020-11-24T14:09:47.970Z [ 9068:15128] [v4.12.686.0] INFO Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY) 2020-11-24T14:09:47.970Z [ 9068:15128] [v4.12.686.0] INFO New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18) 2020-11-24T14:09:48.001Z [ 9068:15128] [v4.12.686.0] INFO Executing step: Create directory C:\ProgramData\Sophos\Certificates\Management Communications System and all parent directories 2020-11-24T14:09:48.001Z [ 9068:15128] [v4.12.686.0] INFO Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FR;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138) 2020-11-24T14:09:48.001Z [ 9068:15128] [v4.12.686.0] INFO New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FR;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138) 2020-11-24T14:09:48.006Z [ 9068:15128] [v4.12.686.0] INFO Executing step: Tamper protection will be updated for the main component, if rollback is triggered. 2020-11-24T14:09:48.006Z [ 9068:15128] [v4.12.686.0] INFO Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\integrity.dat, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\integrity.dat) 2020-11-24T14:09:48.011Z [ 9068:15128] [v4.12.686.0] INFO Executing step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Components\MCS, 64) 2020-11-24T14:09:48.011Z [ 9068:15128] [v4.12.686.0] INFO Executing step: Tamper protection will be updated for the main component. 2020-11-24T14:09:48.015Z [ 9068:15128] [v4.12.686.0] INFO Waiting for operation to succeed within 60000ms. 2020-11-24T14:09:48.015Z [ 9068:15128] [v4.12.686.0] INFO Tamper protection for the main component has been updated. 2020-11-24T14:09:48.015Z [ 9068:15128] [v4.12.686.0] INFO Executing step: MCS file installer 2020-11-24T14:09:48.015Z [ 9068:15128] [v4.12.686.0] INFO Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\scm_integrity.dat, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\scm_integrity.dat) 2020-11-24T14:09:48.018Z [ 9068:15128] [v4.12.686.0] INFO Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\NOTICE.txt, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\NOTICE.txt) 2020-11-24T14:09:48.023Z [ 9068:15128] [v4.12.686.0] INFO Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\McsAdapter.dll, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAdapter.dll) 2020-11-24T14:09:48.027Z [ 9068:15128] [v4.12.686.0] INFO Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\McsEvents.dll, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsEvents.dll) 2020-11-24T14:09:48.031Z [ 9068:15128] [v4.12.686.0] INFO Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\McsAgent.exe, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe) 2020-11-24T14:09:48.035Z [ 9068:15128] [v4.12.686.0] INFO Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\McsClient.exe, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe) 2020-11-24T14:09:48.040Z [ 9068:15128] [v4.12.686.0] INFO Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\scf.dat, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\scf.dat) 2020-11-24T14:09:48.043Z [ 9068:15128] [v4.12.686.0] INFO Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\sof.dat, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\sof.dat) 2020-11-24T14:09:48.046Z [ 9068:15128] [v4.12.686.0] INFO Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\Uninstall.exe, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\Uninstall.exe) 2020-11-24T14:09:48.051Z [ 9068:15128] [v4.12.686.0] INFO Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca1.crt, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca1.crt) 2020-11-24T14:09:48.055Z [ 9068:15128] [v4.12.686.0] INFO Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca1.crl, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca1.crl) 2020-11-24T14:09:48.058Z [ 9068:15128] [v4.12.686.0] INFO Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca2.crt, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca2.crt) 2020-11-24T14:09:48.061Z [ 9068:15128] [v4.12.686.0] INFO Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca2.crl, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca2.crl) 2020-11-24T14:09:48.064Z [ 9068:15128] [v4.12.686.0] INFO Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca3.crt, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca3.crt) 2020-11-24T14:09:48.067Z [ 9068:15128] [v4.12.686.0] INFO Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca3.crl, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca3.crl) 2020-11-24T14:09:48.070Z [ 9068:15128] [v4.12.686.0] INFO Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca4.crt, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca4.crt) 2020-11-24T14:09:48.073Z [ 9068:15128] [v4.12.686.0] INFO Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca4.crl, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca4.crl) 2020-11-24T14:09:48.076Z [ 9068:15128] [v4.12.686.0] INFO Executing step: MCS flags installer 2020-11-24T14:09:48.076Z [ 9068:15128] [v4.12.686.0] INFO Executing step: CreateDirectory(C:\ProgramData\Sophos\Management Communications System\Endpoint\Flags) 2020-11-24T14:09:48.077Z [ 9068:15128] [v4.12.686.0] INFO Executing step: DeleteMatchingFiles(From C:\ProgramData\Sophos\Management Communications System\Endpoint\Flags containing '.*') 2020-11-24T14:09:48.077Z [ 9068:15128] [v4.12.686.0] INFO Removing file (C:\ProgramData\Sophos\Management Communications System\Endpoint\Flags\cepng.json) => rollback backup (C:\Users\helpdesk\AppData\Local\Temp\0bee8517d8832a233c21b2b3c3ff1455e438ad42162bb49ed6bcface6d7a6ef9.tmp) 2020-11-24T14:09:48.079Z [ 9068:15128] [v4.12.686.0] INFO Removing file (C:\ProgramData\Sophos\Management Communications System\Endpoint\Flags\cix.json) => rollback backup (C:\Users\helpdesk\AppData\Local\Temp\83e7e7bcc57a33e3f6d2722c644ef6ee0fb6a6873c1cbfa7dabf489799ef9c85.tmp) 2020-11-24T14:09:48.081Z [ 9068:15128] [v4.12.686.0] INFO Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Flags\cepng.json, C:\ProgramData\Sophos\Management Communications System\Endpoint\Flags\cepng.json) 2020-11-24T14:09:48.082Z [ 9068:15128] [v4.12.686.0] INFO Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Flags\cix.json, C:\ProgramData\Sophos\Management Communications System\Endpoint\Flags\cix.json) 2020-11-24T14:09:48.084Z [ 9068:15128] [v4.12.686.0] INFO Executing step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Components\MCS_SCM, 64) 2020-11-24T14:09:48.084Z [ 9068:15128] [v4.12.686.0] INFO Executing step: MCS registry key Installer 2020-11-24T14:09:48.084Z [ 9068:15128] [v4.12.686.0] INFO Executing step: CreateRegistryKey(HKLM\Software\Sophos\Remote Management System, 32) 2020-11-24T14:09:48.084Z [ 9068:15128] [v4.12.686.0] INFO Existing security permissions before resetting permissions: D:PAI(A;;KA;;;BA)(A;OICIIO;GA;;;BA)(A;;KA;;;SY)(A;OICIIO;GA;;;SY) 2020-11-24T14:09:48.084Z [ 9068:15128] [v4.12.686.0] INFO New security permissions: D:PAI(A;;KA;;;S-1-5-32-544)(A;OICIIO;GA;;;S-1-5-32-544)(A;;KA;;;S-1-5-18)(A;OICIIO;GA;;;S-1-5-18) 2020-11-24T14:09:48.084Z [ 9068:15128] [v4.12.686.0] INFO Executing step: CreateRegistryKey(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters, 32) 2020-11-24T14:09:48.084Z [ 9068:15128] [v4.12.686.0] INFO Existing security permissions before resetting permissions: D:PAI(A;;KA;;;BA)(A;OICIIO;GA;;;BA)(A;;KA;;;SY)(A;OICIIO;GA;;;SY) 2020-11-24T14:09:48.084Z [ 9068:15128] [v4.12.686.0] INFO New security permissions: D:PAI(A;;KA;;;S-1-5-32-544)(A;OICIIO;GA;;;S-1-5-32-544)(A;;KA;;;S-1-5-18)(A;OICIIO;GA;;;S-1-5-18) 2020-11-24T14:09:48.086Z [ 9068:15128] [v4.12.686.0] INFO Executing step: CreateRegistryKey(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters\MCS, 32) 2020-11-24T14:09:48.086Z [ 9068:15128] [v4.12.686.0] INFO Executing step: SetRegistryValue(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters\MCS, 32, DllPath, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAdapter.dll) 2020-11-24T14:09:48.086Z [ 9068:15128] [v4.12.686.0] INFO Executing step: CreateRegistryKey(HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sophos Management Communications System, 0) 2020-11-24T14:09:48.086Z [ 9068:15128] [v4.12.686.0] INFO Executing step: SetRegistryValue(HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sophos Management Communications System, 0, EventMessageFile, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsEvents.dll) 2020-11-24T14:09:48.086Z [ 9068:15128] [v4.12.686.0] INFO Executing step: SetRegistryValue(HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sophos Management Communications System, 0, ParameterMessageFile, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsEvents.dll) 2020-11-24T14:09:48.086Z [ 9068:15128] [v4.12.686.0] INFO Executing step: SetRegistryValue(HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sophos Management Communications System, 0, CategoryMessageFile, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsEvents.dll) 2020-11-24T14:09:48.086Z [ 9068:15128] [v4.12.686.0] INFO Executing step: SetRegistryValue(HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sophos Management Communications System, 0, CategoryCount, 2) 2020-11-24T14:09:48.086Z [ 9068:15128] [v4.12.686.0] INFO Executing step: SetRegistryValue(HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sophos Management Communications System, 0, TypesSupported, 7) 2020-11-24T14:09:48.086Z [ 9068:15128] [v4.12.686.0] INFO Executing step: CreateRegistryKey(HKLM\Software\Sophos\Telemetry\Plugins\MCS, 32) 2020-11-24T14:09:48.086Z [ 9068:15128] [v4.12.686.0] INFO Executing step: SetRegistryValue(HKLM\Software\Sophos\Telemetry\Plugins\MCS, 32, File, C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\mcsAgentTelemetry.json) 2020-11-24T14:09:48.087Z [ 9068:15128] [v4.12.686.0] INFO Executing step: CreateRegistryKey(HKLM\System\CurrentControlSet\Services\Sophos Endpoint Defense\EndpointFlags, 0) 2020-11-24T14:09:48.087Z [ 9068:15128] [v4.12.686.0] INFO Executing step: MCS Channels Installer
2020-11-24T14:09:48.087Z [ 9068:15128] [v4.12.686.0] INFO Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\APPWL\Incoming and all parent directories 2020-11-24T14:09:48.087Z [ 9068:15128] [v4.12.686.0] INFO Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749) 2020-11-24T14:09:48.087Z [ 9068:15128] [v4.12.686.0] INFO New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;CIOI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749)S:(ML;;NW;;;LW) 2020-11-24T14:09:48.088Z [ 9068:15128] [v4.12.686.0] INFO Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\APPWL\Staging and all parent directories 2020-11-24T14:09:48.088Z [ 9068:15128] [v4.12.686.0] INFO Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749) 2020-11-24T14:09:48.088Z [ 9068:15128] [v4.12.686.0] INFO New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;CIOI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749)S:(ML;;NW;;;LW) 2020-11-24T14:09:48.089Z [ 9068:15128] [v4.12.686.0] INFO Executing step: CreateRegistryKey(HKLM\Software\Sophos\Management Communications System\Channels\APPWL, 32) 2020-11-24T14:09:48.090Z [ 9068:15128] [v4.12.686.0] INFO Existing security permissions before resetting permissions: D:PAI(A;;KA;;;BA)(A;OICIIO;GA;;;BA)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICIIO;GA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138) 2020-11-24T14:09:48.090Z [ 9068:15128] [v4.12.686.0] INFO New security permissions: D:PAI(A;;KA;;;S-1-5-32-544)(A;OICIIO;GA;;;S-1-5-32-544)(A;;KA;;;S-1-5-18)(A;OICIIO;GA;;;S-1-5-18)(A;;KA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICIIO;GA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138) 2020-11-24T14:09:48.090Z [ 9068:15128] [v4.12.686.0] INFO Executing step: SetRegistryValue(HKLM\Software\Sophos\Management Communications System\Channels\APPWL, 32, presigned_uri, RegistryValue(7, 00000000) 2020-11-24T14:09:48.090Z [ 9068:15128] [v4.12.686.0] INFO Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\EDR\Incoming and all parent directories 2020-11-24T14:09:48.090Z [ 9068:15128] [v4.12.686.0] INFO Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749) 2020-11-24T14:09:48.090Z [ 9068:15128] [v4.12.686.0] INFO New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;CIOI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749)S:(ML;;NW;;;LW) 2020-11-24T14:09:48.091Z [ 9068:15128] [v4.12.686.0] INFO Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\EDR\Staging and all parent directories 2020-11-24T14:09:48.092Z [ 9068:15128] [v4.12.686.0] INFO Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749) 2020-11-24T14:09:48.092Z [ 9068:15128] [v4.12.686.0] INFO New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;CIOI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749)S:(ML;;NW;;;LW) 2020-11-24T14:09:48.093Z [ 9068:15128] [v4.12.686.0] INFO Executing step: CreateRegistryKey(HKLM\Software\Sophos\Management Communications System\Channels\EDR, 32) 2020-11-24T14:09:48.093Z [ 9068:15128] [v4.12.686.0] INFO Existing security permissions before resetting permissions: D:PAI(A;;KA;;;BA)(A;OICIIO;GA;;;BA)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICIIO;GA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138) 2020-11-24T14:09:48.093Z [ 9068:15128] [v4.12.686.0] INFO New security permissions: D:PAI(A;;KA;;;S-1-5-32-544)(A;OICIIO;GA;;;S-1-5-32-544)(A;;KA;;;S-1-5-18)(A;OICIIO;GA;;;S-1-5-18)(A;;KA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICIIO;GA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138) 2020-11-24T14:09:48.093Z [ 9068:15128] [v4.12.686.0] INFO Executing step: SetRegistryValue(HKLM\Software\Sophos\Management Communications System\Channels\EDR, 32, presigned_uri, RegistryValue(7, 00000000) 2020-11-24T14:09:48.093Z [ 9068:15128] [v4.12.686.0] INFO Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\FIM\Incoming and all parent directories 2020-11-24T14:09:48.094Z [ 9068:15128] [v4.12.686.0] INFO Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICI;FA;;;S-1-5-80-3425732772-3003596726-1695377706-1312571016-3579618460) 2020-11-24T14:09:48.094Z [ 9068:15128] [v4.12.686.0] INFO New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;CIOI;FA;;;S-1-5-80-3425732772-3003596726-1695377706-1312571016-3579618460)S:(ML;;NW;;;LW) 2020-11-24T14:09:48.095Z [ 9068:15128] [v4.12.686.0] INFO Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\FIM\Staging and all parent directories 2020-11-24T14:09:48.095Z [ 9068:15128] [v4.12.686.0] INFO Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICI;FA;;;S-1-5-80-3425732772-3003596726-1695377706-1312571016-3579618460) 2020-11-24T14:09:48.095Z [ 9068:15128] [v4.12.686.0] INFO New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;CIOI;FA;;;S-1-5-80-3425732772-3003596726-1695377706-1312571016-3579618460)S:(ML;;NW;;;LW) 2020-11-24T14:09:48.096Z [ 9068:15128] [v4.12.686.0] INFO Executing step: CreateRegistryKey(HKLM\Software\Sophos\Management Communications System\Channels\FIM, 32) 2020-11-24T14:09:48.096Z [ 9068:15128] [v4.12.686.0] INFO Existing security permissions before resetting permissions: D:PAI(A;;KA;;;BA)(A;OICIIO;GA;;;BA)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICIIO;GA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138) 2020-11-24T14:09:48.096Z [ 9068:15128] [v4.12.686.0] INFO New security permissions: D:PAI(A;;KA;;;S-1-5-32-544)(A;OICIIO;GA;;;S-1-5-32-544)(A;;KA;;;S-1-5-18)(A;OICIIO;GA;;;S-1-5-18)(A;;KA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICIIO;GA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138) 2020-11-24T14:09:48.096Z [ 9068:15128] [v4.12.686.0] INFO Executing step: SetRegistryValue(HKLM\Software\Sophos\Management Communications System\Channels\FIM, 32, presigned_uri, RegistryValue(7, 00000000) 2020-11-24T14:09:48.097Z [ 9068:15128] [v4.12.686.0] INFO Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\ForensicSnapshot\Incoming and all parent directories 2020-11-24T14:09:48.097Z [ 9068:15128] [v4.12.686.0] INFO Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749) 2020-11-24T14:09:48.097Z [ 9068:15128] [v4.12.686.0] INFO New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;CIOI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749)S:(ML;;NW;;;LW) 2020-11-24T14:09:48.098Z [ 9068:15128] [v4.12.686.0] INFO Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\ForensicSnapshot\Staging and all parent directories 2020-11-24T14:09:48.098Z [ 9068:15128] [v4.12.686.0] INFO Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749) 2020-11-24T14:09:48.098Z [ 9068:15128] [v4.12.686.0] INFO New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;CIOI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749)S:(ML;;NW;;;LW) 2020-11-24T14:09:48.099Z [ 9068:15128] [v4.12.686.0] INFO Executing step: CreateRegistryKey(HKLM\Software\Sophos\Management Communications System\Channels\ForensicSnapshot, 32) 2020-11-24T14:09:48.100Z [ 9068:15128] [v4.12.686.0] INFO Existing security permissions before resetting permissions: D:PAI(A;;KA;;;BA)(A;OICIIO;GA;;;BA)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICIIO;GA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138) 2020-11-24T14:09:48.100Z [ 9068:15128] [v4.12.686.0] INFO New security permissions: D:PAI(A;;KA;;;S-1-5-32-544)(A;OICIIO;GA;;;S-1-5-32-544)(A;;KA;;;S-1-5-18)(A;OICIIO;GA;;;S-1-5-18)(A;;KA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICIIO;GA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138) 2020-11-24T14:09:48.100Z [ 9068:15128] [v4.12.686.0] INFO Executing step: SetRegistryValue(HKLM\Software\Sophos\Management Communications System\Channels\ForensicSnapshot, 32, presigned_uri, RegistryValue(7, 00000000) 2020-11-24T14:09:48.100Z [ 9068:15128] [v4.12.686.0] INFO Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\RCA\Incoming and all parent directories 2020-11-24T14:09:48.100Z [ 9068:15128] [v4.12.686.0] INFO Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749) 2020-11-24T14:09:48.100Z [ 9068:15128] [v4.12.686.0] INFO New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;CIOI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749)S:(ML;;NW;;;LW) 2020-11-24T14:09:48.101Z [ 9068:15128] [v4.12.686.0] INFO Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\RCA\Staging and all parent directories 2020-11-24T14:09:48.102Z [ 9068:15128] [v4.12.686.0] INFO Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749) 2020-11-24T14:09:48.102Z [ 9068:15128] [v4.12.686.0] INFO New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;CIOI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749)S:(ML;;NW;;;LW) 2020-11-24T14:09:48.103Z [ 9068:15128] [v4.12.686.0] INFO Executing step: CreateRegistryKey(HKLM\Software\Sophos\Management Communications System\Channels\RCA, 32) 2020-11-24T14:09:48.103Z [ 9068:15128] [v4.12.686.0] INFO Existing security permissions before resetting permissions: D:PAI(A;;KA;;;BA)(A;OICIIO;GA;;;BA)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICIIO;GA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138) 2020-11-24T14:09:48.103Z [ 9068:15128] [v4.12.686.0] INFO New security permissions: D:PAI(A;;KA;;;S-1-5-32-544)(A;OICIIO;GA;;;S-1-5-32-544)(A;;KA;;;S-1-5-18)(A;OICIIO;GA;;;S-1-5-18)(A;;KA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICIIO;GA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138) 2020-11-24T14:09:48.103Z [ 9068:15128] [v4.12.686.0] INFO Executing step: SetRegistryValue(HKLM\Software\Sophos\Management Communications System\Channels\RCA, 32, presigned_uri, RegistryValue(7, 00000000) 2020-11-24T14:09:48.103Z [ 9068:15128] [v4.12.686.0] INFO Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\LiveQueryScheduled\Incoming and all parent directories 2020-11-24T14:09:48.104Z [ 9068:15128] [v4.12.686.0] INFO Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICI;FA;;;S-1-5-80-1521243867-1128773477-782615202-3742460476-2946181991) 2020-11-24T14:09:48.104Z [ 9068:15128] [v4.12.686.0] INFO New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;CIOI;FA;;;S-1-5-80-1521243867-1128773477-782615202-3742460476-2946181991)S:(ML;;NW;;;LW) 2020-11-24T14:09:48.105Z [ 9068:15128] [v4.12.686.0] INFO Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\LiveQueryScheduled\Staging and all parent directories 2020-11-24T14:09:48.105Z [ 9068:15128] [v4.12.686.0] INFO Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICI;FA;;;S-1-5-80-1521243867-1128773477-782615202-3742460476-2946181991) 2020-11-24T14:09:48.105Z [ 9068:15128] [v4.12.686.0] INFO New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;CIOI;FA;;;S-1-5-80-1521243867-1128773477-782615202-3742460476-2946181991)S:(ML;;NW;;;LW) 2020-11-24T14:09:48.106Z [ 9068:15128] [v4.12.686.0] INFO Executing step: CreateRegistryKey(HKLM\Software\Sophos\Management Communications System\Channels\LiveQueryScheduled, 32) 2020-11-24T14:09:48.106Z [ 9068:15128] [v4.12.686.0] INFO Existing security permissions before resetting permissions: D:PAI(A;;KA;;;BA)(A;OICIIO;GA;;;BA)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICIIO;GA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138) 2020-11-24T14:09:48.107Z [ 9068:15128] [v4.12.686.0] INFO New security permissions: D:PAI(A;;KA;;;S-1-5-32-544)(A;OICIIO;GA;;;S-1-5-32-544)(A;;KA;;;S-1-5-18)(A;OICIIO;GA;;;S-1-5-18)(A;;KA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICIIO;GA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138) 2020-11-24T14:09:48.107Z [ 9068:15128] [v4.12.686.0] INFO Executing step: MCS MCS Remapper Installer 2020-11-24T14:09:48.107Z [ 9068:15128] [v4.12.686.0] INFO Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Messages and all parent directories 2020-11-24T14:09:48.107Z [ 9068:15128] [v4.12.686.0] INFO Existing security permissions before resetting permissions: D:PAI(A;;FA;;;SY)(A;OICIIO;GA;;;SY)(A;;FA;;;BA)(A;OICIIO;GA;;;BA) 2020-11-24T14:09:48.107Z [ 9068:15128] [v4.12.686.0] INFO New security permissions: D:PAI(A;CIOI;GA;;;S-1-5-18)(A;CIOI;GA;;;S-1-5-32-544) 2020-11-24T14:09:48.110Z [ 9068:15128] [v4.12.686.0] INFO Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Messages\Incoming and all parent directories 2020-11-24T14:09:48.111Z [ 9068:15128] [v4.12.686.0] INFO Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Messages\Staging and all parent directories 2020-11-24T14:09:48.111Z [ 9068:15128] [v4.12.686.0] INFO Executing step: CreateRegistryKey(HKLM\Software\Sophos\Management, 64) 2020-11-24T14:09:48.112Z [ 9068:15128] [v4.12.686.0] INFO Existing security permissions before resetting permissions: D:PAI(A;;KA;;;SY)(A;OICIIO;FA;;;SY)(A;;KA;;;BA)(A;OICIIO;FA;;;BA) 2020-11-24T14:09:48.112Z [ 9068:15128] [v4.12.686.0] INFO New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-32-544) 2020-11-24T14:09:48.112Z [ 9068:15128] [v4.12.686.0] INFO Executing step: CreateRegistryKey(HKLM\Software\Sophos\Management\Policy, 64) 2020-11-24T14:09:48.113Z [ 9068:15128] [v4.12.686.0] INFO Existing security permissions before resetting permissions: D:PAI(A;;KA;;;SY)(A;OICIIO;FA;;;SY)(A;;KA;;;BA)(A;OICIIO;FA;;;BA) 2020-11-24T14:09:48.113Z [ 9068:15128] [v4.12.686.0] INFO New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-32-544) 2020-11-24T14:09:48.113Z [ 9068:15128] [v4.12.686.0] INFO Executing step: MCS add remove program key installer 2020-11-24T14:09:48.114Z [ 9068:15128] [v4.12.686.0] INFO Executing step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32) 2020-11-24T14:09:48.114Z [ 9068:15128] [v4.12.686.0] INFO Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, AuthorizedCDFPrefix, ) 2020-11-24T14:09:48.114Z [ 9068:15128] [v4.12.686.0] INFO Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, Comments, Management Communications System) 2020-11-24T14:09:48.114Z [ 9068:15128] [v4.12.686.0] INFO Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, Contact, Sophos Technical Support) 2020-11-24T14:09:48.115Z [ 9068:15128] [v4.12.686.0] INFO Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, DisplayName, Sophos Management Communications System) 2020-11-24T14:09:48.115Z [ 9068:15128] [v4.12.686.0] INFO Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, DisplayVersion, 4.12.686.0) 2020-11-24T14:09:48.115Z [ 9068:15128] [v4.12.686.0] INFO Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, EstimatedSize, 5263) 2020-11-24T14:09:48.115Z [ 9068:15128] [v4.12.686.0] INFO Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, HelpLink, http://www.sophos.com/support) 2020-11-24T14:09:48.116Z [ 9068:15128] [v4.12.686.0] INFO Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, InstallDate, 20201124) 2020-11-24T14:09:48.116Z [ 9068:15128] [v4.12.686.0] INFO Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, InstallLocation, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint) 2020-11-24T14:09:48.116Z [ 9068:15128] [v4.12.686.0] INFO Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, InstallSource, C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep) 2020-11-24T14:09:48.116Z [ 9068:15128] [v4.12.686.0] INFO Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, Language, 1033) 2020-11-24T14:09:48.117Z [ 9068:15128] [v4.12.686.0] INFO Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, ModifyPath, ) 2020-11-24T14:09:48.117Z [ 9068:15128] [v4.12.686.0] INFO Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, NoModify, 1) 2020-11-24T14:09:48.117Z [ 9068:15128] [v4.12.686.0] INFO Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, NoRepair, 1) 2020-11-24T14:09:48.117Z [ 9068:15128] [v4.12.686.0] INFO Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, Publisher, Sophos Limited) 2020-11-24T14:09:48.118Z [ 9068:15128] [v4.12.686.0] INFO Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, UninstallString, "C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\Uninstall.exe") 2020-11-24T14:09:48.118Z [ 9068:15128] [v4.12.686.0] INFO Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, URLInfoAbout, http://www.sophos.com) 2020-11-24T14:09:48.118Z [ 9068:15128] [v4.12.686.0] INFO Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, VersionMajor, 4) 2020-11-24T14:09:48.118Z [ 9068:15128] [v4.12.686.0] INFO Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, VersionMinor, 12) 2020-11-24T14:09:48.119Z [ 9068:15128] [v4.12.686.0] INFO Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, SystemComponent, 1) 2020-11-24T14:09:48.119Z [ 9068:15128] [v4.12.686.0] INFO Executing step: Start tamper-protected service step: Sophos MCS Agent 2020-11-24T14:09:48.199Z [ 9068:15128] [v4.12.686.0] INFO Waiting 60000ms for service to start. 2020-11-24T14:09:48.199Z [ 9068:15128] [v4.12.686.0] INFO Waiting for operation to succeed within 60000ms. 2020-11-24T14:09:49.200Z [ 9068:15128] [v4.12.686.0] INFO Retrying operation. Counter: 1 2020-11-24T14:09:49.200Z [ 9068:15128] [v4.12.686.0] INFO The service is running. 2020-11-24T14:09:49.200Z [ 9068:15128] [v4.12.686.0] INFO Executing step: Start tamper-protected service step: Sophos MCS Client 2020-11-24T14:09:49.313Z [ 9068:15128] [v4.12.686.0] INFO Waiting 60000ms for service to start. 2020-11-24T14:09:49.313Z [ 9068:15128] [v4.12.686.0] INFO Waiting for operation to succeed within 60000ms. 2020-11-24T14:09:50.314Z [ 9068:15128] [v4.12.686.0] INFO Retrying operation. Counter: 1 2020-11-24T14:09:50.314Z [ 9068:15128] [v4.12.686.0] INFO The service is running. 2020-11-24T14:09:50.314Z [ 9068:15128] [v4.12.686.0] INFO Executing step: Tamper protection of the MCS_SCM component will be set to: ON 2020-11-24T14:09:50.321Z [ 9068:15128] [v4.12.686.0] INFO Waiting for operation to succeed within 60000ms. 2020-11-24T14:09:50.321Z [ 9068:15128] [v4.12.686.0] INFO Tamper protection of the MCS_SCM component has been set to: ON 2020-11-24T14:09:50.321Z [ 9068:15128] [v4.12.686.0] INFO Executing step: TriggerRollbackTestStep: No action at execution 2020-11-24T14:09:50.321Z [ 9068:15128] [v4.12.686.0] INFO Commit step: Tamper protection of the MCS_SCM component will be set to: OFF 2020-11-24T14:09:50.321Z [ 9068:15128] [v4.12.686.0] INFO Commit step: Stop service step without disabling tamper protection for service: Sophos MCS Client 2020-11-24T14:09:50.322Z [ 9068:15128] [v4.12.686.0] INFO Commit step: Stop service step without disabling tamper protection for service: Sophos MCS Agent 2020-11-24T14:09:50.322Z [ 9068:15128] [v4.12.686.0] INFO Commit step: Delete service step: Sophos MCS Client 2020-11-24T14:09:50.322Z [ 9068:15128] [v4.12.686.0] INFO Commit step: Delete service step: Sophos MCS Agent 2020-11-24T14:09:50.322Z [ 9068:15128] [v4.12.686.0] INFO Commit step: Install service step: Sophos MCS Agent 2020-11-24T14:09:50.322Z [ 9068:15128] [v4.12.686.0] INFO Commit step: Install service step: Sophos MCS Client 2020-11-24T14:09:50.322Z [ 9068:15128] [v4.12.686.0] INFO Commit step: MCS directory installer 2020-11-24T14:09:50.322Z [ 9068:15128] [v4.12.686.0] INFO Commit step: Create directory C:\Program Files (x86)\Sophos\Management Communications System\Endpoint and all parent directories 2020-11-24T14:09:50.323Z [ 9068:15128] [v4.12.686.0] INFO Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint and all parent directories 2020-11-24T14:09:50.323Z [ 9068:15128] [v4.12.686.0] INFO Commit step: CreateDirectory(C:\ProgramData\Sophos\Management Communications System\Endpoint\Trail) 2020-11-24T14:09:50.323Z [ 9068:15128] [v4.12.686.0] INFO Commit step: Create directory C:\ProgramData\Sophos\Remote Management System\3\Agent and all parent directories 2020-11-24T14:09:50.323Z [ 9068:15128] [v4.12.686.0] INFO Commit step: CreateDirectory(C:\ProgramData\Sophos\Remote Management System\3\Agent\AdapterStorage) 2020-11-24T14:09:50.323Z [ 9068:15128] [v4.12.686.0] INFO Commit step: Create directory C:\ProgramData\Sophos\Certificates\Management Communications System and all parent directories 2020-11-24T14:09:50.323Z [ 9068:15128] [v4.12.686.0] INFO MCS directory installer completed successfully. 2020-11-24T14:09:50.323Z [ 9068:15128] [v4.12.686.0] INFO Commit step: Tamper protection will be updated for the main component, if rollback is triggered. 2020-11-24T14:09:50.324Z [ 9068:15128] [v4.12.686.0] INFO Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\integrity.dat, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\integrity.dat) 2020-11-24T14:09:50.348Z [ 9068:15128] [v4.12.686.0] INFO Commit step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Components\MCS, 64) 2020-11-24T14:09:50.348Z [ 9068:15128] [v4.12.686.0] INFO Commit step: Tamper protection will be updated for the main component. 2020-11-24T14:09:50.349Z [ 9068:15128] [v4.12.686.0] INFO Commit step: MCS file installer 2020-11-24T14:09:50.349Z [ 9068:15128] [v4.12.686.0] INFO Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\scm_integrity.dat, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\scm_integrity.dat) 2020-11-24T14:09:50.349Z [ 9068:15128] [v4.12.686.0] INFO DeleteFile C:\Program Files (x86)\Sophos\Management Communications System\TMP\scm_integrity.dat1606226988-1: file already absent 2020-11-24T14:09:50.349Z [ 9068:15128] [v4.12.686.0] INFO Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\NOTICE.txt, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\NOTICE.txt) 2020-11-24T14:09:50.349Z [ 9068:15128] [v4.12.686.0] INFO DeleteFile C:\Program Files (x86)\Sophos\Management Communications System\TMP\NOTICE.txt1606226988-1: file already absent 2020-11-24T14:09:50.349Z [ 9068:15128] [v4.12.686.0] INFO Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\McsAdapter.dll, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAdapter.dll) 2020-11-24T14:09:50.349Z [ 9068:15128] [v4.12.686.0] INFO DeleteFile C:\Program Files (x86)\Sophos\Management Communications System\TMP\McsAdapter.dll1606226988-1: file already absent 2020-11-24T14:09:50.349Z [ 9068:15128] [v4.12.686.0] INFO Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\McsEvents.dll, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsEvents.dll) 2020-11-24T14:09:50.349Z [ 9068:15128] [v4.12.686.0] INFO DeleteFile C:\Program Files (x86)\Sophos\Management Communications System\TMP\McsEvents.dll1606226988-1: file already absent 2020-11-24T14:09:50.349Z [ 9068:15128] [v4.12.686.0] INFO Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\McsAgent.exe, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe) 2020-11-24T14:09:50.350Z [ 9068:15128] [v4.12.686.0] INFO DeleteFile C:\Program Files (x86)\Sophos\Management Communications System\TMP\McsAgent.exe1606226988-1: file already absent 2020-11-24T14:09:50.350Z [ 9068:15128] [v4.12.686.0] INFO Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\McsClient.exe, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe) 2020-11-24T14:09:50.350Z [ 9068:15128] [v4.12.686.0] INFO DeleteFile C:\Program Files (x86)\Sophos\Management Communications System\TMP\McsClient.exe1606226988-1: file already absent 2020-11-24T14:09:50.350Z [ 9068:15128] [v4.12.686.0] INFO Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\scf.dat, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\scf.dat) 2020-11-24T14:09:50.350Z [ 9068:15128] [v4.12.686.0] INFO DeleteFile C:\Program Files (x86)\Sophos\Management Communications System\TMP\scf.dat1606226988-1: file already absent 2020-11-24T14:09:50.350Z [ 9068:15128] [v4.12.686.0] INFO Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\sof.dat, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\sof.dat) 2020-11-24T14:09:50.350Z [ 9068:15128] [v4.12.686.0] INFO DeleteFile C:\Program Files (x86)\Sophos\Management Communications System\TMP\sof.dat1606226988-1: file already absent 2020-11-24T14:09:50.350Z [ 9068:15128] [v4.12.686.0] INFO Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\Uninstall.exe, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\Uninstall.exe) 2020-11-24T14:09:50.350Z [ 9068:15128] [v4.12.686.0] INFO DeleteFile C:\Program Files (x86)\Sophos\Management Communications System\TMP\Uninstall.exe1606226988-1: file already absent 2020-11-24T14:09:50.350Z [ 9068:15128] [v4.12.686.0] INFO Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca1.crt, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca1.crt) 2020-11-24T14:09:50.361Z [ 9068:15128] [v4.12.686.0] INFO Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca1.crl, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca1.crl) 2020-11-24T14:09:50.361Z [ 9068:15128] [v4.12.686.0] INFO DeleteFile C:\ProgramData\Sophos\Certificates\Management Communications System\TMP\sophosca1.crl1606226988-1: file already absent 2020-11-24T14:09:50.361Z [ 9068:15128] [v4.12.686.0] INFO Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca2.crt, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca2.crt) 2020-11-24T14:09:50.362Z [ 9068:15128] [v4.12.686.0] INFO DeleteFile C:\ProgramData\Sophos\Certificates\Management Communications System\TMP\sophosca2.crt1606226988-1: file already absent 2020-11-24T14:09:50.362Z [ 9068:15128] [v4.12.686.0] INFO Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca2.crl, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca2.crl) 2020-11-24T14:09:50.362Z [ 9068:15128] [v4.12.686.0] INFO DeleteFile C:\ProgramData\Sophos\Certificates\Management Communications System\TMP\sophosca2.crl1606226988-1: file already absent 2020-11-24T14:09:50.362Z [ 9068:15128] [v4.12.686.0] INFO Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca3.crt, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca3.crt) 2020-11-24T14:09:50.363Z [ 9068:15128] [v4.12.686.0] INFO DeleteFile C:\ProgramData\Sophos\Certificates\Management Communications System\TMP\sophosca3.crt1606226988-1: file already absent 2020-11-24T14:09:50.363Z [ 9068:15128] [v4.12.686.0] INFO Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca3.crl, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca3.crl) 2020-11-24T14:09:50.363Z [ 9068:15128] [v4.12.686.0] INFO DeleteFile C:\ProgramData\Sophos\Certificates\Management Communications System\TMP\sophosca3.crl1606226988-1: file already absent 2020-11-24T14:09:50.364Z [ 9068:15128] [v4.12.686.0] INFO Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca4.crt, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca4.crt) 2020-11-24T14:09:50.364Z [ 9068:15128] [v4.12.686.0] INFO DeleteFile C:\ProgramData\Sophos\Certificates\Management Communications System\TMP\sophosca4.crt1606226988-1: file already absent 2020-11-24T14:09:50.364Z [ 9068:15128] [v4.12.686.0] INFO Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca4.crl, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca4.crl) 2020-11-24T14:09:50.364Z [ 9068:15128] [v4.12.686.0] INFO DeleteFile C:\ProgramData\Sophos\Certificates\Management Communications System\TMP\sophosca4.crl1606226988-1: file already absent 2020-11-24T14:09:50.365Z [ 9068:15128] [v4.12.686.0] INFO MCS file installer completed successfully. 2020-11-24T14:09:50.365Z [ 9068:15128] [v4.12.686.0] INFO Commit step: MCS flags installer 2020-11-24T14:09:50.365Z [ 9068:15128] [v4.12.686.0] INFO Commit step: CreateDirectory(C:\ProgramData\Sophos\Management Communications System\Endpoint\Flags) 2020-11-24T14:09:50.365Z [ 9068:15128] [v4.12.686.0] INFO Commit step: DeleteMatchingFiles(From C:\ProgramData\Sophos\Management Communications System\Endpoint\Flags containing '.*') 2020-11-24T14:09:50.366Z [ 9068:15128] [v4.12.686.0] INFO Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Flags\cepng.json, C:\ProgramData\Sophos\Management Communications System\Endpoint\Flags\cepng.json) 2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Flags\cix.json, C:\ProgramData\Sophos\Management Communications System\Endpoint\Flags\cix.json) 2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO MCS flags installer completed successfully. 2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO Commit step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Components\MCS_SCM, 64) 2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO Commit step: MCS registry key Installer 2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO Commit step: CreateRegistryKey(HKLM\Software\Sophos\Remote Management System, 32) 2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO Commit step: CreateRegistryKey(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters, 32) 2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO Commit step: CreateRegistryKey(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters\MCS, 32) 2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO Commit step: SetRegistryValue(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters\MCS, 32, DllPath, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAdapter.dll) 2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO Commit step: CreateRegistryKey(HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sophos Management Communications System, 0) 2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO Commit step: SetRegistryValue(HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sophos Management Communications System, 0, EventMessageFile, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsEvents.dll) 2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO Commit step: SetRegistryValue(HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sophos Management Communications System, 0, ParameterMessageFile, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsEvents.dll) 2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO Commit step: SetRegistryValue(HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sophos Management Communications System, 0, CategoryMessageFile, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsEvents.dll) 2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO Commit step: SetRegistryValue(HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sophos Management Communications System, 0, CategoryCount, 2) 2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO Commit step: SetRegistryValue(HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sophos Management Communications System, 0, TypesSupported, 7) 2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO Commit step: CreateRegistryKey(HKLM\Software\Sophos\Telemetry\Plugins\MCS, 32) 2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO Commit step: SetRegistryValue(HKLM\Software\Sophos\Telemetry\Plugins\MCS, 32, File, C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\mcsAgentTelemetry.json) 2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO Commit step: CreateRegistryKey(HKLM\System\CurrentControlSet\Services\Sophos Endpoint Defense\EndpointFlags, 0) 2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO MCS registry key Installer completed successfully. 2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO Commit step: MCS Channels Installer 2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\APPWL\Incoming and all parent directories 2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\APPWL\Staging and all parent directories 2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO Commit step: CreateRegistryKey(HKLM\Software\Sophos\Management Communications System\Channels\APPWL, 32) 2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO Commit step: SetRegistryValue(HKLM\Software\Sophos\Management Communications System\Channels\APPWL, 32, presigned_uri, RegistryValue(7, 00000000) 2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\EDR\Incoming and all parent directories 2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\EDR\Staging and all parent directories 2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO Commit step: CreateRegistryKey(HKLM\Software\Sophos\Management Communications System\Channels\EDR, 32) 2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO Commit step: SetRegistryValue(HKLM\Software\Sophos\Management Communications System\Channels\EDR, 32, presigned_uri, RegistryValue(7, 00000000) 2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\FIM\Incoming and all parent directories 2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\FIM\Staging and all parent directories 2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO Commit step: CreateRegistryKey(HKLM\Software\Sophos\Management Communications System\Channels\FIM, 32) 2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO Commit step: SetRegistryValue(HKLM\Software\Sophos\Management Communications System\Channels\FIM, 32, presigned_uri, RegistryValue(7, 00000000) 2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\ForensicSnapshot\Incoming and all parent directories 2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\ForensicSnapshot\Staging and all parent directories 2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO Commit step: CreateRegistryKey(HKLM\Software\Sophos\Management Communications System\Channels\ForensicSnapshot, 32) 2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO Commit step: SetRegistryValue(HKLM\Software\Sophos\Management Communications System\Channels\ForensicSnapshot, 32, presigned_uri, RegistryValue(7, 00000000) 2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\RCA\Incoming and all parent directories 2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\RCA\Staging and all parent directories 2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO Commit step: CreateRegistryKey(HKLM\Software\Sophos\Management Communications System\Channels\RCA, 32) 2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO Commit step: SetRegistryValue(HKLM\Software\Sophos\Management Communications System\Channels\RCA, 32, presigned_uri, RegistryValue(7, 00000000) 2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\LiveQueryScheduled\Incoming and all parent directories 2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\LiveQueryScheduled\Staging and all parent directories 2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO Commit step: CreateRegistryKey(HKLM\Software\Sophos\Management Communications System\Channels\LiveQueryScheduled, 32) 2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO MCS Channels Installer completed successfully. 2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO Commit step: MCS MCS Remapper Installer 2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Messages and all parent directories 2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Messages\Incoming and all parent directories 2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Messages\Staging and all parent directories 2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO Commit step: CreateRegistryKey(HKLM\Software\Sophos\Management, 64) 2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO Commit step: CreateRegistryKey(HKLM\Software\Sophos\Management\Policy, 64) 2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO MCS MCS Remapper Installer completed successfully. 2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO Commit step: MCS add remove program key installer 2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO Commit step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32) 2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, AuthorizedCDFPrefix, ) 2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, Comments, Management Communications System) 2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, Contact, Sophos Technical Support) 2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, DisplayName, Sophos Management Communications System) 2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, DisplayVersion, 4.12.686.0) 2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, EstimatedSize, 5263) 2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, HelpLink, http://www.sophos.com/support) 2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, InstallDate, 20201124) 2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, InstallLocation, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint) 2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, InstallSource, C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep) 2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, Language, 1033) 2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, ModifyPath, ) 2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, NoModify, 1) 2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, NoRepair, 1) 2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, Publisher, Sophos Limited) 2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, UninstallString, "C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\Uninstall.exe") 2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, URLInfoAbout, http://www.sophos.com) 2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, VersionMajor, 4) 2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, VersionMinor, 12) 2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, SystemComponent, 1) 2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO MCS add remove program key installer completed successfully. 2020-11-24T14:09:50.370Z [ 9068:15128] [v4.12.686.0] INFO Commit step: Start tamper-protected service step: Sophos MCS Agent 2020-11-24T14:09:50.370Z [ 9068:15128] [v4.12.686.0] INFO Commit step: Start tamper-protected service step: Sophos MCS Client 2020-11-24T14:09:50.370Z [ 9068:15128] [v4.12.686.0] INFO Commit step: Tamper protection of the MCS_SCM component will be set to: ON 2020-11-24T14:09:50.370Z [ 9068:15128] [v4.12.686.0] INFO Commit step: TriggerRollbackTestStep: No action at execution 2020-11-24T14:09:50.370Z [ 9068:15128] [v4.12.686.0] INFO MCS overall installer completed successfully. 2020-11-24T14:09:50.370Z [ 9068:15128] [v4.12.686.0] INFO Action was successful, reboot is not required 2020-11-24T14:09:50.370Z [ 9068:15128] [v4.12.686.0] INFO End product setup
Hi,
M-ameen Ahmed Ahmed said:it seem both Sophos MSC Agent and Client Services work again after update
So the problem solved itself after the windows update, glad to hear!
It seems that Sophos found Malware and/or potentially unwanted Applications. Please check the device on Sophos Central so that you can deal with the Threat Case. If you need help with cleanup, or Intercept X was unable to perform automatic cleanup, please open a new thread in this group or submit a case to Sophos support. We try to solve only one problem per thread in the community to keep things organized.
Thank You very much . Now every thing work again.