This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

One or more Sophos services are missing or not running

Hi ,

in some computer we get the Error "One or more Sophos services are missing or not running" . The Windows is UptoDate. I found an Article about it but how can i find which third party application may interfere with Sophos services.

I reinstalled Sophos Endpoint Agent but the Services will disappear again.

Regards

Ahmed

This thread was automatically locked due to age.

Top Replies

M-ameen Ahmed Ahmed over 3 years ago in reply to intrusus +1

Hier is the newest logfile Started C:\Users\admin\AppData\Local\Temp\sfl-d4733000\Setup.exe 2020-11-23T13:13:18.7320780Z INFO : Stage 1 command-line options: 2020-11-23T13:13:18.7320780Z INFO : …

Parents

+1 M-ameen Ahmed Ahmed over 3 years ago

Thank You for quick Support,

both Sophos MCS Agent and Client are missing.

OS is Windows 10 1803

Regards

Ahmed
Cancel
Vote Up -1 Vote Down

Cancel
0 intrusus over 3 years ago in reply to M-ameen Ahmed Ahmed

Okay, could you please provide me the Cloud-Installer logfile? You can find it at %ProgramData%\Sophos\CloudInstaller\Logs\SophosCloudInstaller_<date>_<time>.log

Please provide the newest logfile if there is more than one.
Upload it to a cloud share or copy&paste it here by using the "Code feature" of the editor (Insert > Code).

Thanks!

Intrusus
Sophos Certified Engineer | Sophos Certified Technician

_{private lab:
XG firewall with SFOS 18.0.3 MR-3}^{Intercept X Advanced (for Server) with EDR EAP latest}
_{If a post solves your question use the 'Verify Answer' link}
Cancel
Vote Up 0 Vote Down

Cancel

0 M-ameen Ahmed Ahmed over 3 years ago in reply to intrusus

Hier is the newest logfile

Started C:\Users\admin\AppData\Local\Temp\sfl-d4733000\Setup.exe
2020-11-23T13:13:18.7320780Z INFO : Stage 1 command-line options:
2020-11-23T13:13:18.7320780Z INFO : ---
2020-11-23T13:13:18.7330779Z INFO : Quiet mode on: 0
2020-11-23T13:13:18.7340759Z INFO : Automatic Proxy detection disabled: 0
2020-11-23T13:13:18.7350780Z INFO : No feedback mode on: 0
2020-11-23T13:13:18.7360779Z INFO : Dump feedback enabled: 0
2020-11-23T13:13:18.7370780Z INFO : Bypass competitor removal: 0
2020-11-23T13:13:18.7370780Z INFO : Using CRT catalog file path: --
2020-11-23T13:13:18.7380779Z INFO : Only register endpoint with Central: 0
2020-11-23T13:13:18.7390759Z INFO : Log messages between endpoint and Central: 0
2020-11-23T13:13:18.7400780Z INFO : Log command-line passed to executables: 0
2020-11-23T13:13:18.7410779Z INFO : Using custom server that hosts the installer stage2 filename : --
2020-11-23T13:13:18.7420781Z INFO : Using cloud group: --
2020-11-23T13:13:18.7420781Z INFO : Overriding computer name: --
2020-11-23T13:13:18.7440762Z INFO : Overriding computer description: --
2020-11-23T13:13:18.7450767Z INFO : Overriding domain name: --
2020-11-23T13:13:18.7460782Z INFO : Language will be set to: --
2020-11-23T13:13:18.7470781Z INFO : Using message relays: --
2020-11-23T13:13:18.7470781Z INFO : Proxy address: --
2020-11-23T13:13:18.7480780Z INFO : Proxy user name: --
2020-11-23T13:13:18.7490779Z INFO : Using custom customer token: --
2020-11-23T13:13:18.7500781Z INFO : Using specified products: --
2020-11-23T13:13:18.7500781Z INFO : Using certificates from the MCS app data folder.: 0
2020-11-23T13:13:18.7510780Z INFO : Using custom customer ID.: --
2020-11-23T13:13:18.7520779Z INFO : Using specified user ID.: --
2020-11-23T13:13:18.7530758Z INFO : Using local install source.: --
2020-11-23T13:13:18.7540779Z INFO : Using experimental SRV.: --
2020-11-23T13:13:18.7550778Z INFO : Invoked as part of SEC migration.: 0
2020-11-23T13:13:18.7560780Z INFO : ---
2020-11-23T13:13:18.8091124Z INFO : Sending HTTP 'POST' request to: api/download/stage2-details/e4917408-5a4e-4e07-9c95-1ffcecdfbe42
2020-11-23T13:13:18.8321126Z WARNING : WinHttpGetProxyForUrl returned: 12180
2020-11-23T13:13:18.8340769Z INFO : Attempting to connect using proxy '' of type 'Empty Proxy'.
2020-11-23T13:13:18.8610772Z INFO : Set security protocol: 00000800
2020-11-23T13:13:18.8630775Z INFO : Opening connection to api-cloudstation-eu-central-1.prod.hydra.sophos.com
2020-11-23T13:13:18.8650776Z INFO : Request content size: 30
2020-11-23T13:13:18.9610785Z INFO : Sending request
2020-11-23T13:13:18.9631126Z INFO : Request sent
2020-11-23T13:13:18.9820777Z INFO : Sending request
2020-11-23T13:13:18.9850777Z INFO : Request sent
2020-11-23T13:13:18.9860781Z INFO : Response status code: 200
2020-11-23T13:13:18.9880782Z INFO : Response data size: 178
2020-11-23T13:13:18.9900783Z INFO : trySendRequestThroughPotentialProxy returning response with status code: 200
2020-11-23T13:13:18.9950786Z INFO : Parsing message received for Stage 2 filename: '{"mcs_server":"mcs-cloudstation-eu-central-1.prod.hydra.sophos.com","stage2_filename":"stage2-1.10.305.0-f6402baa215a4de585ec6b7c5d5efd87f8c091137ed80c75c7ac1bd926376dc0.tar.gz"}'
2020-11-23T13:13:18.9970776Z INFO : Sending HTTP 'GET' request to: full/central/windows/business/installer/stage2-1.10.305.0-f6402baa215a4de585ec6b7c5d5efd87f8c091137ed80c75c7ac1bd926376dc0.tar.gz
2020-11-23T13:13:19.0020784Z WARNING : WinHttpGetProxyForUrl returned: 12180
2020-11-23T13:13:19.0040779Z INFO : Attempting to connect using proxy '' of type 'Empty Proxy'.
2020-11-23T13:13:19.0070782Z INFO : Set security protocol: 00000800
2020-11-23T13:13:19.0090780Z INFO : Opening connection to downloads.sophos.com
2020-11-23T13:13:19.0110786Z INFO : Request content size: 0
2020-11-23T13:13:19.0580779Z INFO : Sending request
2020-11-23T13:13:19.0610768Z INFO : Request sent
2020-11-23T13:13:19.1000775Z INFO : Response status code: 200
2020-11-23T13:13:19.1041122Z INFO : Response data size: 3197559
2020-11-23T13:13:19.1050789Z INFO : trySendRequestThroughPotentialProxy returning response with status code: 200
2020-11-23T13:13:19.1130778Z INFO : Extracting files:
2020-11-23T13:13:19.1150784Z INFO : integrity.dat
2020-11-23T13:13:19.1190769Z INFO : manifest.dat
2020-11-23T13:13:19.1220783Z INFO : scf.dat
2020-11-23T13:13:19.1250782Z INFO : sdds3-sync.exe
2020-11-23T13:13:19.2450783Z INFO : sof.dat
2020-11-23T13:13:19.2490785Z INFO : SophosSetup_Stage2.exe
2020-11-23T13:13:19.3830785Z INFO : su-setup32.exe
2020-11-23T13:13:19.4220784Z INFO : su-setup64.exe
2020-11-23T13:13:19.4700787Z INFO : SUL.dll
2020-11-23T13:13:19.5590781Z INFO : Management Certs/sophosca1.crl
2020-11-23T13:13:19.5620786Z INFO : Management Certs/sophosca1.crt
2020-11-23T13:13:19.5650786Z INFO : Management Certs/sophosca2.crl
2020-11-23T13:13:19.5680786Z INFO : Management Certs/sophosca2.crt
2020-11-23T13:13:19.5710788Z INFO : Management Certs/sophosca3.crl
2020-11-23T13:13:19.5740788Z INFO : Management Certs/sophosca3.crt
2020-11-23T13:13:19.5770768Z INFO : Management Certs/sophosca4.crl
2020-11-23T13:13:19.5800787Z INFO : Management Certs/sophosca4.crt
2020-11-23T13:13:19.5830787Z INFO : ManifestCerts/rootca.crl
2020-11-23T13:13:19.5860786Z INFO : ManifestCerts/rootca.crt
2020-11-23T13:13:19.5880784Z INFO : ManifestCerts/rootca384.crl
2020-11-23T13:13:19.5910787Z INFO : ManifestCerts/rootca384.crt
2020-11-23T13:13:19.5980777Z INFO : Checking manifest:C:\\Program Files (x86)\\Sophos\\CloudInstaller\\extract_cache\\manifest.dat
2020-11-23T13:13:19.6900773Z INFO : Running setup.
Started C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
2020-11-23T13:13:19.8371134Z INFO : Stage 2 command-line options:
2020-11-23T13:13:19.8380790Z INFO : ---
2020-11-23T13:13:19.8390781Z INFO : Parent PID: 13200
2020-11-23T13:13:19.8400788Z INFO : Server: mcs-cloudstation-eu-central-1.prod.hydra.sophos.com
2020-11-23T13:13:19.8410790Z INFO : Message relays: --
2020-11-23T13:13:19.8420786Z INFO : Suppressing feedback: 0
2020-11-23T13:13:19.8430818Z INFO : Dump feedback to disk: 0
2020-11-23T13:13:19.8450763Z INFO : Register only: 0
2020-11-23T13:13:19.8460790Z INFO : Trail logging: 0
2020-11-23T13:13:19.8470786Z INFO : Command-line logging: 0
2020-11-23T13:13:19.8480788Z INFO : Bypassing competitor removal: 0
2020-11-23T13:13:19.8500789Z INFO : CRT catalog: --
2020-11-23T13:13:19.8500789Z INFO : Language: --
2020-11-23T13:13:19.8510785Z INFO : Log files: C:\\ProgramData\\Sophos\\CloudInstaller\\Logs\\SophosCloudInstaller_20201123_131318.log
2020-11-23T13:13:19.8520784Z INFO : Group: --
2020-11-23T13:13:19.8540784Z INFO : Quiet: 0
2020-11-23T13:13:19.8550783Z INFO : Virtual appliance: 0
2020-11-23T13:13:19.8560782Z INFO : Proxy address: --
2020-11-23T13:13:19.8580780Z INFO : Proxy user: --
2020-11-23T13:13:19.8590768Z INFO : Overriding computer name: --
2020-11-23T13:13:19.8600762Z INFO : Overriding computer description: --
2020-11-23T13:13:19.8610766Z INFO : Overriding domain: --
2020-11-23T13:13:19.8630789Z INFO : Disable proxy detection: 0
2020-11-23T13:13:19.8640788Z INFO : Customer Token Specified: e4917408-5a4e-4e07-9c95-1ffcecdfbe42
2020-11-23T13:13:19.8650768Z INFO : Products: all
2020-11-23T13:13:19.8660775Z INFO : Pipe write handle: 1952
2020-11-23T13:13:19.8670777Z INFO : MCS Certificates Folder: 0
2020-11-23T13:13:19.8680789Z INFO : MCS Customer Id: deb25ae9-bb31-d4e3-f849-655ffa84845b
2020-11-23T13:13:19.8690791Z INFO : User Id: --
2020-11-23T13:13:19.8710795Z INFO : Local install source: --
2020-11-23T13:13:19.8720791Z INFO : Name of SRV domain: --
2020-11-23T13:13:19.8730790Z INFO : Partner Id: --
2020-11-23T13:13:19.8740789Z INFO : Customer Estate Id: --
2020-11-23T13:13:19.8750788Z INFO : Invoked as part of SEC migration: 0
2020-11-23T13:13:19.8760767Z INFO : Using experimental SDDS3: 0
2020-11-23T13:13:19.8770788Z INFO : ---
2020-11-23T13:13:19.8810784Z INFO : User name: admin
2020-11-23T13:13:19.8820789Z INFO : NameDnsDomain: DOMAIN.COM\\admin
2020-11-23T13:13:19.8830791Z INFO : dnsDomain: DOMAIN.COM
2020-11-23T13:13:24.2800836Z INFO : lpProfilePath: 
2020-11-23T13:13:24.3400804Z INFO : User profile loaded
2020-11-23T13:13:24.3410812Z INFO : Net API buffer freed
2020-11-23T13:13:24.3420808Z INFO : Model::server value changed to: mcs-cloudstation-eu-central-1.prod.hydra.sophos.com
2020-11-23T13:13:24.3430810Z INFO : Model::messageRelays value changed to be size: 0
2020-11-23T13:13:24.3440811Z INFO : Model::group value changed to: 
2020-11-23T13:13:24.3450808Z INFO : Model::parentPid value changed to: 13200
2020-11-23T13:13:24.3470806Z INFO : Model::products changed to: all
2020-11-23T13:13:24.3480818Z INFO : Model::customer token value changed to: e4917408-5a4e-4e07-9c95-1ffcecdfbe42
2020-11-23T13:13:24.3490809Z INFO : MCS Crts: C:\\Program Files (x86)\\Sophos\\CloudInstaller\\Management Certs\\sophosca1.crt,C:\\Program Files (x86)\\Sophos\\CloudInstaller\\Management Certs\\sophosca2.crt,C:\\Program Files (x86)\\Sophos\\CloudInstaller\\Management Certs\\sophosca3.crt,C:\\Program Files (x86)\\Sophos\\CloudInstaller\\Management Certs\\sophosca4.crt
2020-11-23T13:13:24.3500813Z INFO : MCS CRLs: C:\\Program Files (x86)\\Sophos\\CloudInstaller\\Management Certs\\sophosca1.crl,C:\\Program Files (x86)\\Sophos\\CloudInstaller\\Management Certs\\sophosca2.crl,C:\\Program Files (x86)\\Sophos\\CloudInstaller\\Management Certs\\sophosca3.crl,C:\\Program Files (x86)\\Sophos\\CloudInstaller\\Management Certs\\sophosca4.crl
2020-11-23T13:13:24.3520806Z INFO : Model:: MCS customer id value changed to: deb25ae9-bb31-d4e3-f849-655ffa84845b
2020-11-23T13:13:24.3530805Z INFO : Sophos Endpoint Defense is installed
2020-11-23T13:13:24.3540807Z INFO : Value 'SEDEnabled' under key '000002BC' is set to 1.
2020-11-23T13:13:24.3550806Z INFO : Value 'IgnoreSav' under key '000002BC' is set to 1.
2020-11-23T13:13:24.3560807Z INFO : Tamper protected by SED
2020-11-23T13:13:24.3580802Z INFO : Setting sdds3 download to: false
2020-11-23T13:13:24.3590807Z INFO : detectedMsiInstalledMcs.installed: 0
2020-11-23T13:13:24.3600806Z INFO : Not migrating from SEC endpoint.
2020-11-23T13:13:24.3660830Z INFO : Beginning command definition.
2020-11-23T13:13:24.3670810Z INFO : Adding command to remove Sophos 'Image File Execution Options' keys.
2020-11-23T13:13:24.3680825Z INFO : Adding command to wait for SAU update to complete.
2020-11-23T13:13:24.3690805Z INFO : Adding competitor detection command.
2020-11-23T13:13:24.3710806Z INFO : Adding command to register with Sophos cloud.
2020-11-23T13:13:24.3720796Z INFO : Adding command to download product suite.
2020-11-23T13:13:24.3730809Z INFO : Adding command to uninstall existing products.
2020-11-23T13:13:24.3730809Z INFO : Adding command to remove existing installation of Sophos AutoUpdate
2020-11-23T13:13:24.3740811Z INFO : Adding command to allow tamper protected reinstalls.
2020-11-23T13:13:24.3750807Z INFO : Adding commands to uninstall remaining existing products.
2020-11-23T13:13:24.3760812Z INFO : Adding command to remove existing installation of Sophos System Protection
2020-11-23T13:13:24.3770800Z INFO : Adding command to remove existing installation of Sophos Heartbeat
2020-11-23T13:13:24.3780798Z INFO : Adding command to remove existing installation of Sophos Network Access Control
2020-11-23T13:13:24.3790809Z INFO : Adding command to remove existing installation of Sophos Client Firewall
2020-11-23T13:13:24.3810806Z INFO : Adding command to remove existing installation of Sophos Patch
2020-11-23T13:13:24.3820830Z INFO : Adding command to remove existing installation of Sophos Clean
2020-11-23T13:13:24.3830810Z INFO : Adding command to retrieve policy.
2020-11-23T13:13:24.3840820Z INFO : Adding command to prepare for installation.
2020-11-23T13:13:24.3850833Z INFO : Adding command to install Sophos cloud.
2020-11-23T13:13:24.3860799Z INFO : Command definition complete.
2020-11-23T13:13:24.3990818Z INFO : Stage 1 version:1.9.100.0
2020-11-23T13:13:24.4010805Z INFO : Stage 2 version:1.10.305.0
2020-11-23T13:13:24.4031177Z INFO : OS version: 10.0.17134.
2020-11-23T13:13:24.4050826Z INFO : Service pack: 0.0.
2020-11-23T13:13:24.4071184Z INFO : System Language: 1033.
2020-11-23T13:13:24.4080834Z INFO : User Language: 1031.
2020-11-23T13:13:24.4101178Z INFO : 64 bit: yes.
2020-11-23T13:13:24.4110837Z INFO : FindMainWindow: pid=13200
2020-11-23T13:13:24.4131184Z INFO : Window is main control window of process
2020-11-23T13:13:24.4140806Z INFO : ::EnumWindows stopped early; window found
2020-11-23T13:13:24.4161180Z INFO : _bestHandle=0007037A
2020-11-23T13:13:24.8510810Z INFO : Running System Property Check: VerifyTrust ...
2020-11-23T13:13:24.9110803Z INFO : System Property Check: VerifyTrust - PASSED
2020-11-23T13:13:24.9640837Z INFO : Running System Property Check: HostnameLength ...
2020-11-23T13:13:24.9690835Z INFO : Initialized Winsock subsystem
2020-11-23T13:13:24.9850835Z INFO : Valid hostname length
2020-11-23T13:13:24.9870836Z INFO : System Property Check: HostnameLength - PASSED
2020-11-23T13:13:25.0400845Z INFO : Running System Property Check: GroupNameLength ...
2020-11-23T13:13:25.0430814Z INFO : System Property Check: GroupNameLength - PASSED
2020-11-23T13:13:25.0950849Z INFO : Running System Property Check: IsAdministrator ...
2020-11-23T13:13:25.0980816Z INFO : System Property Check: IsAdministrator - PASSED
2020-11-23T13:13:25.1520824Z INFO : Running System Property Check: JunctionPointsCheck ...
2020-11-23T13:13:25.3660819Z ERROR : RecursePath failed for 'C:\\ProgramData\\Sophos\\Sophos File Scanner\\SaviTemp\\6196'. FindFirstFile failed: 5
2020-11-23T13:13:25.3680814Z ERROR : RecursePath failed for 'C:\\ProgramData\\Sophos\\Sophos File Scanner\\SaviTemp\\6196'. Error: RecursePath failed
2020-11-23T13:13:25.3700810Z ERROR : RecursePath failed for 'C:\\ProgramData\\Sophos\\Sophos File Scanner\\SaviTemp\\6636'. FindFirstFile failed: 5
2020-11-23T13:13:25.3710822Z ERROR : RecursePath failed for 'C:\\ProgramData\\Sophos\\Sophos File Scanner\\SaviTemp\\6636'. Error: RecursePath failed
2020-11-23T13:13:25.4010825Z INFO : Scanned 7626 Sophos paths for junction points
2020-11-23T13:13:25.4030817Z INFO : System Property Check: JunctionPointsCheck - PASSED
2020-11-23T13:13:25.4550833Z INFO : Running System Property Check: PendingReboots ...
2020-11-23T13:13:25.4580819Z INFO : System Property Check: PendingReboots - PASSED
2020-11-23T13:13:25.5110853Z INFO : Running System Property Check: PrimaryDriveSpace ...
2020-11-23T13:13:25.5150824Z INFO : Enough space: 172157 Mb
2020-11-23T13:13:25.5170821Z INFO : System Property Check: PrimaryDriveSpace - PASSED
2020-11-23T13:13:25.5700855Z INFO : Running System Property Check: MsXml ...
2020-11-23T13:13:25.6020828Z INFO : System Property Check: MsXml - PASSED
2020-11-23T13:13:25.6550823Z INFO : Running System Property Check: NotFirewall ...
2020-11-23T13:13:25.6570854Z INFO : System Property Check: NotFirewall - PASSED
2020-11-23T13:13:25.7110821Z INFO : Running System Property Check: NotHitmanProAlertIncompatible ...
2020-11-23T13:13:25.7130858Z INFO : No incompatible version of HitmanPro.Alert is installed
2020-11-23T13:13:25.7160830Z INFO : System Property Check: NotHitmanProAlertIncompatible - PASSED
2020-11-23T13:13:25.7700827Z INFO : Running System Property Check: NotInvincea ...
2020-11-23T13:13:25.7720838Z INFO : System Property Check: NotInvincea - PASSED
2020-11-23T13:13:25.8260827Z INFO : Running System Property Check: NotMessageRelay ...
2020-11-23T13:13:25.8280828Z INFO : RMS is not installed on the endpoint
2020-11-23T13:13:25.8310822Z INFO : System Property Check: NotMessageRelay - PASSED
2020-11-23T13:13:25.8840862Z INFO : Running System Property Check: NotNac ...
2020-11-23T13:13:25.8870856Z INFO : System Property Check: NotNac - PASSED
2020-11-23T13:13:25.9410822Z INFO : Running System Property Check: NotPatch ...
2020-11-23T13:13:25.9430862Z INFO : System Property Check: NotPatch - PASSED
2020-11-23T13:13:25.9980827Z INFO : Running System Property Check: NotPureMessageDomino ...
2020-11-23T13:13:26.0011245Z INFO : System Property Check: NotPureMessageDomino - PASSED
2020-11-23T13:13:26.0550827Z INFO : Running System Property Check: NotPureMessageExchangeWithAntiSpam ...
2020-11-23T13:13:26.0570861Z INFO : System Property Check: NotPureMessageExchangeWithAntiSpam - PASSED
2020-11-23T13:13:26.1110827Z INFO : Running System Property Check: NotSharePoint ...
2020-11-23T13:13:26.1130861Z INFO : System Property Check: NotSharePoint - PASSED
2020-11-23T13:13:26.1670828Z INFO : Running System Property Check: NotSecServer ...
2020-11-23T13:13:26.1690862Z INFO : System Property Check: NotSecServer - PASSED
2020-11-23T13:13:26.2220865Z INFO : Running System Property Check: NotSum ...
2020-11-23T13:13:26.2250829Z INFO : System Property Check: NotSum - PASSED
2020-11-23T13:13:26.2780863Z INFO : Running System Property Check: NotBlockedByTamperProtection ...
2020-11-23T13:13:26.2810829Z INFO : AutoUpdate key present
2020-11-23T13:13:26.2840826Z INFO : No indication found of failed previous installation; endpoint not considered broken for TP bypass
2020-11-23T13:13:26.2860866Z WARNING : Cannot bypass tamper protection
2020-11-23T13:13:26.2890826Z ERROR : System Property Check: NotBlockedByTamperProtection - FAILED
2020-11-23T13:13:26.3420830Z INFO : Running System Property Check: RAMSize ...
2020-11-23T13:13:26.3440831Z INFO : System Property Check: RAMSize - PASSED
2020-11-23T13:13:26.3980836Z INFO : Running System Property Check: SupportedArchitecture ...
2020-11-23T13:13:26.4000831Z INFO : Running on x64
2020-11-23T13:13:26.4030831Z INFO : System Property Check: SupportedArchitecture - PASSED
2020-11-23T13:13:26.4550874Z INFO : Running System Property Check: SupportedOS ...
2020-11-23T13:13:26.4580832Z INFO : Running on workstation.
2020-11-23T13:13:26.4610832Z INFO : System Property Check: SupportedOS - PASSED
2020-11-23T13:13:26.5140833Z INFO : Running System Property Check: SupportedPatches ...
2020-11-23T13:13:26.5160831Z INFO : System Property Check: SupportedPatches - PASSED
2020-11-23T13:13:26.5690868Z INFO : Running System Property Check: ValidTempDirectory ...
2020-11-23T13:13:26.5720862Z INFO : Temp folder exists.
2020-11-23T13:13:26.5750831Z INFO : System Property Check: ValidTempDirectory - PASSED
2020-11-23T13:13:26.6290833Z INFO : Running System Property Check: ValidLocalInstallSourceDirectory ...
2020-11-23T13:13:26.6310831Z INFO : No local install source folder to validate.
2020-11-23T13:13:26.6340828Z INFO : System Property Check: ValidLocalInstallSourceDirectory - PASSED
2020-11-23T13:13:26.6860866Z INFO : Running System Property Check: ValidServer ...
2020-11-23T13:13:26.6890863Z INFO : System Property Check: ValidServer - PASSED
2020-11-23T13:13:26.7430835Z INFO : Running System Property Check: ValidDeploymentInfo ...
2020-11-23T13:13:26.7460862Z INFO : Current Time: 2020-11-23T13:13:26.744000
2020-11-23T13:13:26.7500825Z INFO : This computer is part of the domain DOMAIN
2020-11-23T13:13:26.7520865Z INFO : Domain Name: DOMAIN
2020-11-23T13:13:26.7550862Z INFO : Computer Name: DEW02077
2020-11-23T13:13:26.7570868Z INFO : Computer Description is not available. 
2020-11-23T13:13:26.7600829Z INFO : Operating System: WIN10
2020-11-23T13:13:26.7620871Z INFO : ProductType: 4
2020-11-23T13:13:26.7750830Z INFO : Last logged on user was: DOMAIN\\admin
2020-11-23T13:13:26.7770855Z INFO : Fully Qualified Domain Name: DEW02077.DOMAIN.com
2020-11-23T13:13:26.7790828Z INFO : Processor architecture: x64
2020-11-23T13:13:26.7810832Z INFO : OS Major Version: 10 and OS Minor Version: 0
2020-11-23T13:13:26.7830835Z INFO : Friendly OS Name: WIN10
2020-11-23T13:13:26.7850825Z INFO : Is server?: 0
2020-11-23T13:13:26.7890843Z INFO : Sending HTTP 'POST' request to: sophos/management/ep/install/deployment-info/3
2020-11-23T13:13:26.7960825Z WARNING : WinHttpGetProxyForUrl returned: 12180
2020-11-23T13:13:26.7980839Z INFO : Attempting to connect using proxy '' of type 'Empty Proxy'.
2020-11-23T13:13:26.8010828Z INFO : Set security protocol: 00000800
2020-11-23T13:13:26.8020841Z INFO : Opening connection to mcs-cloudstation-eu-central-1.prod.hydra.sophos.com
2020-11-23T13:13:26.8030829Z INFO : Sending request for connection confirmation through potential proxy
2020-11-23T13:13:26.8050827Z INFO : Request content size: 0
2020-11-23T13:13:26.9080834Z INFO : ValidateFileCertificateCheck: Validate certificate against file on WINHTTP_CALLBACK_STATUS_SENDING_REQUEST
2020-11-23T13:13:26.9260865Z INFO : Certificate check succeeded
2020-11-23T13:13:26.9290854Z INFO : ValidateFileCertificateCheck: Ignore WINHTTP_CALLBACK_STATUS_REQUEST_SENT
2020-11-23T13:13:27.2900867Z INFO : Response status code: 200
2020-11-23T13:13:27.2920868Z INFO : Response data size: 168
2020-11-23T13:13:27.2950865Z INFO : trySendRequestThroughPotentialProxy returning response with status code: 200
2020-11-23T13:13:27.2970871Z INFO : Request content size: 1747
2020-11-23T13:13:27.3010867Z INFO : ValidateFileCertificateCheck: Validate certificate against file on WINHTTP_CALLBACK_STATUS_SENDING_REQUEST
2020-11-23T13:13:27.3150833Z INFO : Certificate check succeeded
2020-11-23T13:13:27.3180835Z INFO : ValidateFileCertificateCheck: Ignore WINHTTP_CALLBACK_STATUS_REQUEST_SENT
2020-11-23T13:13:27.3330834Z INFO : ValidateFileCertificateCheck: Validate certificate against file on WINHTTP_CALLBACK_STATUS_SENDING_REQUEST
2020-11-23T13:13:27.3440839Z INFO : Certificate check succeeded
2020-11-23T13:13:27.3470833Z INFO : ValidateFileCertificateCheck: Ignore WINHTTP_CALLBACK_STATUS_REQUEST_SENT
2020-11-23T13:13:27.3490845Z INFO : Response status code: 200
2020-11-23T13:13:27.3500850Z INFO : Response data size: 213
2020-11-23T13:13:27.3520861Z INFO : Parsing message received for deployment token: {"dciFileName":"fc1b17ff8d17fff3669188bc027716d2","registrationToken":"2f36f61f43295f09e719f96050b6ab754d5dc53db01f2ea1f266aa73652f3727","products":[{"product":"INTERCEPT_ADVANCED","supported":true,"reasons":[]}]}
2020-11-23T13:13:27.3540848Z INFO : Model::token value changed to: 2f36f61f43295f09e719f96050b6ab754d5dc53db01f2ea1f266aa73652f3727
2020-11-23T13:13:27.3550850Z INFO : Licenses available: INTERCEPT_ADVANCED 
2020-11-23T13:13:27.4080873Z INFO : Running System Property Check: InstallationInProgress ...
2020-11-23T13:13:27.4110839Z INFO : System Property Check: InstallationInProgress - PASSED
2020-11-23T13:13:27.4650842Z INFO : Running System Property Check: SafeGuardEncryption ...
2020-11-23T13:13:27.4670837Z INFO : Entered installedProductCode, upgradeCode={BA2F47D3-1C17-40E7-8DE7-1CD733442B6C}
2020-11-23T13:13:27.4700842Z INFO : Product is installed
2020-11-23T13:13:27.4720876Z INFO : licensesContainFeature(DEVICE_ENCRYPTION): false
2020-11-23T13:13:27.4760836Z INFO : SafeGuard is not managed by Sophos Enterprise Console.
2020-11-23T13:13:27.4790836Z INFO : System Property Check: SafeGuardEncryption - PASSED
2020-11-23T13:13:35.5920908Z INFO : Data folder: C:\\ProgramData\\Sophos\\AutoUpdate\\data
2020-11-23T13:13:35.6060893Z INFO : Data folder: C:\\ProgramData\\Sophos\\AutoUpdate\\data
2020-11-23T13:13:35.6070898Z INFO : Sending HTTP 'PUT' request to: prod/2020-11-23T13:13:35Z-2020-11-23T13:13:35Z-63207ed0-96b6-50b2-bc9c-5aaf6bcf971a.json
2020-11-23T13:13:35.6100903Z WARNING : WinHttpGetProxyForUrl returned: 12180
2020-11-23T13:13:35.6110902Z INFO : Attempting to connect using proxy '' of type 'Empty Proxy'.
2020-11-23T13:13:35.6140902Z INFO : Set security protocol: 00000800
2020-11-23T13:13:35.6150901Z INFO : Opening connection to t1.sophosupd.com
2020-11-23T13:13:35.6160902Z INFO : Request content size: 2003
2020-11-23T13:13:35.6690928Z INFO : Sending request
2020-11-23T13:13:35.6710926Z INFO : Request sent
2020-11-23T13:13:36.2880927Z INFO : Sending request
2020-11-23T13:13:36.2901294Z INFO : Request sent
2020-11-23T13:13:36.2921300Z INFO : Response status code: 200
2020-11-23T13:13:36.2950928Z INFO : Response data size: 0
2020-11-23T13:13:36.2971142Z INFO : trySendRequestThroughPotentialProxy returning response with status code: 200
2020-11-23T13:13:36.2991301Z INFO : Telemetry Response: 
2020-11-23T13:13:36.3050929Z INFO : User profile unloaded
2020-11-23T13:13:36.3250928Z INFO : Cleaning up extracted files
2020-11-23T13:13:36.4130931Z ERROR : Exception: Setup program failed with code: 1

Thanks

0 intrusus over 3 years ago in reply to M-ameen Ahmed Ahmed
Hi Ahmed,

Thanks for providing the logfile. I know it's annoying when the product doesn't work as it should. I hope you are still motivated to work on the problem.

Please click on Update in the Endpoint (About > Update now). Reboot. Check the Endpoint Self Help (ESH) Tool again to see if it has installed the missing components.

If that didn't work out:

share the logfile of the missing component. This means, please provide %TEMP%\Sophos Management Communications System Install Log <DATE>.log

Thank you!
Intrusus
Sophos Certified Engineer | Sophos Certified Technician

_{private lab:
XG firewall with SFOS 18.0.3 MR-3}^{Intercept X Advanced (for Server) with EDR EAP latest}
_{If a post solves your question use the 'Verify Answer' link}
Cancel
Vote Up 0 Vote Down

Cancel

0 M-ameen Ahmed Ahmed over 3 years ago in reply to intrusus

I upgraded Windows 10 1803 to 1909 and after that in reinstall Sophos Endpoint Agent, it seem both Sophos MSC Agent and Client Services work again after update and restart Windows something doesn't works correctlly please take a look of screen shot and logs file (Sophos Management Communications System Install Log).

2020-11-24T14:09:45.815Z [ 9068:15128] [v4.12.686.0] INFO  Begin product setup
2020-11-24T14:09:45.815Z [ 9068:15128] [v4.12.686.0] INFO  Begin install
2020-11-24T14:09:45.821Z [ 9068:15128] [v4.12.686.0] INFO  Config.xml found: true
2020-11-24T14:09:45.821Z [ 9068:15128] [v4.12.686.0] INFO  MCS already installed. Start update.
2020-11-24T14:09:45.821Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Tamper protection of the MCS_SCM component will be set to: OFF 
2020-11-24T14:09:45.824Z [ 9068:15128] [v4.12.686.0] INFO  Waiting for operation to succeed within 60000ms.
2020-11-24T14:09:45.824Z [ 9068:15128] [v4.12.686.0] INFO  Tamper protection of the MCS_SCM component has been set to: OFF 
2020-11-24T14:09:45.824Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Stop service step without disabling tamper protection for service: Sophos MCS Client
2020-11-24T14:09:45.825Z [ 9068:15128] [v4.12.686.0] INFO  PID of service: 6940
2020-11-24T14:09:45.825Z [ 9068:15128] [v4.12.686.0] INFO  PID of service: 6940
2020-11-24T14:09:45.825Z [ 9068:15128] [v4.12.686.0] INFO  Service process handle acquired
2020-11-24T14:09:45.826Z [ 9068:15128] [v4.12.686.0] INFO  StopCommand key was set
2020-11-24T14:09:45.826Z [ 9068:15128] [v4.12.686.0] INFO  Waiting 60000ms for service stop
2020-11-24T14:09:45.826Z [ 9068:15128] [v4.12.686.0] INFO  Waiting for operation to succeed within 60000ms.
2020-11-24T14:09:46.826Z [ 9068:15128] [v4.12.686.0] INFO  Retrying operation. Counter: 1
2020-11-24T14:09:46.827Z [ 9068:15128] [v4.12.686.0] INFO  Service has stopped.
2020-11-24T14:09:46.827Z [ 9068:15128] [v4.12.686.0] INFO  StopCommand key was removed
2020-11-24T14:09:46.827Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Stop service step without disabling tamper protection for service: Sophos MCS Agent
2020-11-24T14:09:46.830Z [ 9068:15128] [v4.12.686.0] INFO  PID of service: 11564
2020-11-24T14:09:46.831Z [ 9068:15128] [v4.12.686.0] INFO  PID of service: 11564
2020-11-24T14:09:46.831Z [ 9068:15128] [v4.12.686.0] INFO  Service process handle acquired
2020-11-24T14:09:46.832Z [ 9068:15128] [v4.12.686.0] INFO  StopCommand key was set
2020-11-24T14:09:46.832Z [ 9068:15128] [v4.12.686.0] INFO  Waiting 60000ms for service stop
2020-11-24T14:09:46.832Z [ 9068:15128] [v4.12.686.0] INFO  Waiting for operation to succeed within 60000ms.
2020-11-24T14:09:47.834Z [ 9068:15128] [v4.12.686.0] INFO  Retrying operation. Counter: 1
2020-11-24T14:09:47.834Z [ 9068:15128] [v4.12.686.0] INFO  Service has stopped.
2020-11-24T14:09:47.835Z [ 9068:15128] [v4.12.686.0] INFO  StopCommand key was removed
2020-11-24T14:09:47.835Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Delete service step: Sophos MCS Client
2020-11-24T14:09:47.835Z [ 9068:15128] [v4.12.686.0] INFO  Querying configuration of service: Sophos MCS Client
2020-11-24T14:09:47.838Z [ 9068:15128] [v4.12.686.0] INFO  Waiting 60000ms for service deletion
2020-11-24T14:09:47.838Z [ 9068:15128] [v4.12.686.0] INFO  Waiting for operation to succeed within 60000ms.
2020-11-24T14:09:47.840Z [ 9068:15128] [v4.12.686.0] INFO  Successfully deleted service: Sophos MCS Client
2020-11-24T14:09:47.840Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Delete service step: Sophos MCS Agent
2020-11-24T14:09:47.840Z [ 9068:15128] [v4.12.686.0] INFO  Querying configuration of service: Sophos MCS Agent
2020-11-24T14:09:47.843Z [ 9068:15128] [v4.12.686.0] INFO  Waiting 60000ms for service deletion
2020-11-24T14:09:47.843Z [ 9068:15128] [v4.12.686.0] INFO  Waiting for operation to succeed within 60000ms.
2020-11-24T14:09:47.844Z [ 9068:15128] [v4.12.686.0] INFO  Successfully deleted service: Sophos MCS Agent
2020-11-24T14:09:47.844Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Install service step: Sophos MCS Agent
2020-11-24T14:09:47.851Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Install service step: Sophos MCS Client
2020-11-24T14:09:47.858Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: MCS directory installer
2020-11-24T14:09:47.859Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Create directory C:\Program Files (x86)\Sophos\Management Communications System\Endpoint and all parent directories
2020-11-24T14:09:47.864Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;LS)(A;OICI;0x1200a9;;;BU)
2020-11-24T14:09:47.864Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FRFX;;;S-1-5-19)(A;CIOI;FRFX;;;S-1-5-32-545)
2020-11-24T14:09:47.878Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint and all parent directories
2020-11-24T14:09:47.879Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;LS)(A;OICI;FR;;;BU)
2020-11-24T14:09:47.879Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-19)(A;CIOI;FR;;;S-1-5-32-545)
2020-11-24T14:09:47.968Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CreateDirectory(C:\ProgramData\Sophos\Management Communications System\Endpoint\Trail)
2020-11-24T14:09:47.969Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;LS)
2020-11-24T14:09:47.969Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-19)
2020-11-24T14:09:47.969Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Create directory C:\ProgramData\Sophos\Remote Management System\3\Agent and all parent directories
2020-11-24T14:09:47.970Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CreateDirectory(C:\ProgramData\Sophos\Remote Management System\3\Agent\AdapterStorage)
2020-11-24T14:09:47.970Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)
2020-11-24T14:09:47.970Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)
2020-11-24T14:09:48.001Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Create directory C:\ProgramData\Sophos\Certificates\Management Communications System and all parent directories
2020-11-24T14:09:48.001Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FR;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)
2020-11-24T14:09:48.001Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FR;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)
2020-11-24T14:09:48.006Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Tamper protection will be updated for the main component, if rollback is triggered.
2020-11-24T14:09:48.006Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\integrity.dat, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\integrity.dat)
2020-11-24T14:09:48.011Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Components\MCS, 64)
2020-11-24T14:09:48.011Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Tamper protection will be updated for the main component.
2020-11-24T14:09:48.015Z [ 9068:15128] [v4.12.686.0] INFO  Waiting for operation to succeed within 60000ms.
2020-11-24T14:09:48.015Z [ 9068:15128] [v4.12.686.0] INFO  Tamper protection for the main component has been updated.
2020-11-24T14:09:48.015Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: MCS file installer
2020-11-24T14:09:48.015Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\scm_integrity.dat, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\scm_integrity.dat)
2020-11-24T14:09:48.018Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\NOTICE.txt, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\NOTICE.txt)
2020-11-24T14:09:48.023Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\McsAdapter.dll, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAdapter.dll)
2020-11-24T14:09:48.027Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\McsEvents.dll, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsEvents.dll)
2020-11-24T14:09:48.031Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\McsAgent.exe, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe)
2020-11-24T14:09:48.035Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\McsClient.exe, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe)
2020-11-24T14:09:48.040Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\scf.dat, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\scf.dat)
2020-11-24T14:09:48.043Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\sof.dat, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\sof.dat)
2020-11-24T14:09:48.046Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\Uninstall.exe, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\Uninstall.exe)
2020-11-24T14:09:48.051Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca1.crt, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca1.crt)
2020-11-24T14:09:48.055Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca1.crl, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca1.crl)
2020-11-24T14:09:48.058Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca2.crt, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca2.crt)
2020-11-24T14:09:48.061Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca2.crl, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca2.crl)
2020-11-24T14:09:48.064Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca3.crt, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca3.crt)
2020-11-24T14:09:48.067Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca3.crl, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca3.crl)
2020-11-24T14:09:48.070Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca4.crt, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca4.crt)
2020-11-24T14:09:48.073Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca4.crl, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca4.crl)
2020-11-24T14:09:48.076Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: MCS flags installer
2020-11-24T14:09:48.076Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CreateDirectory(C:\ProgramData\Sophos\Management Communications System\Endpoint\Flags)
2020-11-24T14:09:48.077Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: DeleteMatchingFiles(From C:\ProgramData\Sophos\Management Communications System\Endpoint\Flags containing '.*')
2020-11-24T14:09:48.077Z [ 9068:15128] [v4.12.686.0] INFO  Removing file (C:\ProgramData\Sophos\Management Communications System\Endpoint\Flags\cepng.json) => rollback backup (C:\Users\helpdesk\AppData\Local\Temp\0bee8517d8832a233c21b2b3c3ff1455e438ad42162bb49ed6bcface6d7a6ef9.tmp)
2020-11-24T14:09:48.079Z [ 9068:15128] [v4.12.686.0] INFO  Removing file (C:\ProgramData\Sophos\Management Communications System\Endpoint\Flags\cix.json) => rollback backup (C:\Users\helpdesk\AppData\Local\Temp\83e7e7bcc57a33e3f6d2722c644ef6ee0fb6a6873c1cbfa7dabf489799ef9c85.tmp)
2020-11-24T14:09:48.081Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Flags\cepng.json, C:\ProgramData\Sophos\Management Communications System\Endpoint\Flags\cepng.json)
2020-11-24T14:09:48.082Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Flags\cix.json, C:\ProgramData\Sophos\Management Communications System\Endpoint\Flags\cix.json)
2020-11-24T14:09:48.084Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Components\MCS_SCM, 64)
2020-11-24T14:09:48.084Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: MCS registry key Installer
2020-11-24T14:09:48.084Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CreateRegistryKey(HKLM\Software\Sophos\Remote Management System, 32)
2020-11-24T14:09:48.084Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;;KA;;;BA)(A;OICIIO;GA;;;BA)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)
2020-11-24T14:09:48.084Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;;KA;;;S-1-5-32-544)(A;OICIIO;GA;;;S-1-5-32-544)(A;;KA;;;S-1-5-18)(A;OICIIO;GA;;;S-1-5-18)
2020-11-24T14:09:48.084Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CreateRegistryKey(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters, 32)
2020-11-24T14:09:48.084Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;;KA;;;BA)(A;OICIIO;GA;;;BA)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)
2020-11-24T14:09:48.084Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;;KA;;;S-1-5-32-544)(A;OICIIO;GA;;;S-1-5-32-544)(A;;KA;;;S-1-5-18)(A;OICIIO;GA;;;S-1-5-18)
2020-11-24T14:09:48.086Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CreateRegistryKey(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters\MCS, 32)
2020-11-24T14:09:48.086Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters\MCS, 32, DllPath, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAdapter.dll)
2020-11-24T14:09:48.086Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CreateRegistryKey(HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sophos Management Communications System, 0)
2020-11-24T14:09:48.086Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sophos Management Communications System, 0, EventMessageFile, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsEvents.dll)
2020-11-24T14:09:48.086Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sophos Management Communications System, 0, ParameterMessageFile, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsEvents.dll)
2020-11-24T14:09:48.086Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sophos Management Communications System, 0, CategoryMessageFile, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsEvents.dll)
2020-11-24T14:09:48.086Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sophos Management Communications System, 0, CategoryCount, 2)
2020-11-24T14:09:48.086Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sophos Management Communications System, 0, TypesSupported, 7)
2020-11-24T14:09:48.086Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CreateRegistryKey(HKLM\Software\Sophos\Telemetry\Plugins\MCS, 32)
2020-11-24T14:09:48.086Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\Software\Sophos\Telemetry\Plugins\MCS, 32, File, C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\mcsAgentTelemetry.json)
2020-11-24T14:09:48.087Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CreateRegistryKey(HKLM\System\CurrentControlSet\Services\Sophos Endpoint Defense\EndpointFlags, 0)
2020-11-24T14:09:48.087Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: MCS Channels Installer

2020-11-24T14:09:48.087Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\APPWL\Incoming and all parent directories
2020-11-24T14:09:48.087Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749)
2020-11-24T14:09:48.087Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;CIOI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749)S:(ML;;NW;;;LW)
2020-11-24T14:09:48.088Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\APPWL\Staging and all parent directories
2020-11-24T14:09:48.088Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749)
2020-11-24T14:09:48.088Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;CIOI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749)S:(ML;;NW;;;LW)
2020-11-24T14:09:48.089Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CreateRegistryKey(HKLM\Software\Sophos\Management Communications System\Channels\APPWL, 32)
2020-11-24T14:09:48.090Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;;KA;;;BA)(A;OICIIO;GA;;;BA)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICIIO;GA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)
2020-11-24T14:09:48.090Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;;KA;;;S-1-5-32-544)(A;OICIIO;GA;;;S-1-5-32-544)(A;;KA;;;S-1-5-18)(A;OICIIO;GA;;;S-1-5-18)(A;;KA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICIIO;GA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)
2020-11-24T14:09:48.090Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\Software\Sophos\Management Communications System\Channels\APPWL, 32, presigned_uri, RegistryValue(7, 00000000)
2020-11-24T14:09:48.090Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\EDR\Incoming and all parent directories
2020-11-24T14:09:48.090Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749)
2020-11-24T14:09:48.090Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;CIOI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749)S:(ML;;NW;;;LW)
2020-11-24T14:09:48.091Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\EDR\Staging and all parent directories
2020-11-24T14:09:48.092Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749)
2020-11-24T14:09:48.092Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;CIOI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749)S:(ML;;NW;;;LW)
2020-11-24T14:09:48.093Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CreateRegistryKey(HKLM\Software\Sophos\Management Communications System\Channels\EDR, 32)
2020-11-24T14:09:48.093Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;;KA;;;BA)(A;OICIIO;GA;;;BA)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICIIO;GA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)
2020-11-24T14:09:48.093Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;;KA;;;S-1-5-32-544)(A;OICIIO;GA;;;S-1-5-32-544)(A;;KA;;;S-1-5-18)(A;OICIIO;GA;;;S-1-5-18)(A;;KA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICIIO;GA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)
2020-11-24T14:09:48.093Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\Software\Sophos\Management Communications System\Channels\EDR, 32, presigned_uri, RegistryValue(7, 00000000)
2020-11-24T14:09:48.093Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\FIM\Incoming and all parent directories
2020-11-24T14:09:48.094Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICI;FA;;;S-1-5-80-3425732772-3003596726-1695377706-1312571016-3579618460)
2020-11-24T14:09:48.094Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;CIOI;FA;;;S-1-5-80-3425732772-3003596726-1695377706-1312571016-3579618460)S:(ML;;NW;;;LW)
2020-11-24T14:09:48.095Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\FIM\Staging and all parent directories
2020-11-24T14:09:48.095Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICI;FA;;;S-1-5-80-3425732772-3003596726-1695377706-1312571016-3579618460)
2020-11-24T14:09:48.095Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;CIOI;FA;;;S-1-5-80-3425732772-3003596726-1695377706-1312571016-3579618460)S:(ML;;NW;;;LW)
2020-11-24T14:09:48.096Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CreateRegistryKey(HKLM\Software\Sophos\Management Communications System\Channels\FIM, 32)
2020-11-24T14:09:48.096Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;;KA;;;BA)(A;OICIIO;GA;;;BA)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICIIO;GA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)
2020-11-24T14:09:48.096Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;;KA;;;S-1-5-32-544)(A;OICIIO;GA;;;S-1-5-32-544)(A;;KA;;;S-1-5-18)(A;OICIIO;GA;;;S-1-5-18)(A;;KA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICIIO;GA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)
2020-11-24T14:09:48.096Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\Software\Sophos\Management Communications System\Channels\FIM, 32, presigned_uri, RegistryValue(7, 00000000)
2020-11-24T14:09:48.097Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\ForensicSnapshot\Incoming and all parent directories
2020-11-24T14:09:48.097Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749)
2020-11-24T14:09:48.097Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;CIOI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749)S:(ML;;NW;;;LW)
2020-11-24T14:09:48.098Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\ForensicSnapshot\Staging and all parent directories
2020-11-24T14:09:48.098Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749)
2020-11-24T14:09:48.098Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;CIOI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749)S:(ML;;NW;;;LW)
2020-11-24T14:09:48.099Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CreateRegistryKey(HKLM\Software\Sophos\Management Communications System\Channels\ForensicSnapshot, 32)
2020-11-24T14:09:48.100Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;;KA;;;BA)(A;OICIIO;GA;;;BA)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICIIO;GA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)
2020-11-24T14:09:48.100Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;;KA;;;S-1-5-32-544)(A;OICIIO;GA;;;S-1-5-32-544)(A;;KA;;;S-1-5-18)(A;OICIIO;GA;;;S-1-5-18)(A;;KA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICIIO;GA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)
2020-11-24T14:09:48.100Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\Software\Sophos\Management Communications System\Channels\ForensicSnapshot, 32, presigned_uri, RegistryValue(7, 00000000)
2020-11-24T14:09:48.100Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\RCA\Incoming and all parent directories
2020-11-24T14:09:48.100Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749)
2020-11-24T14:09:48.100Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;CIOI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749)S:(ML;;NW;;;LW)
2020-11-24T14:09:48.101Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\RCA\Staging and all parent directories
2020-11-24T14:09:48.102Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749)
2020-11-24T14:09:48.102Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;CIOI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749)S:(ML;;NW;;;LW)
2020-11-24T14:09:48.103Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CreateRegistryKey(HKLM\Software\Sophos\Management Communications System\Channels\RCA, 32)
2020-11-24T14:09:48.103Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;;KA;;;BA)(A;OICIIO;GA;;;BA)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICIIO;GA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)
2020-11-24T14:09:48.103Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;;KA;;;S-1-5-32-544)(A;OICIIO;GA;;;S-1-5-32-544)(A;;KA;;;S-1-5-18)(A;OICIIO;GA;;;S-1-5-18)(A;;KA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICIIO;GA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)
2020-11-24T14:09:48.103Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\Software\Sophos\Management Communications System\Channels\RCA, 32, presigned_uri, RegistryValue(7, 00000000)
2020-11-24T14:09:48.103Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\LiveQueryScheduled\Incoming and all parent directories
2020-11-24T14:09:48.104Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICI;FA;;;S-1-5-80-1521243867-1128773477-782615202-3742460476-2946181991)
2020-11-24T14:09:48.104Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;CIOI;FA;;;S-1-5-80-1521243867-1128773477-782615202-3742460476-2946181991)S:(ML;;NW;;;LW)
2020-11-24T14:09:48.105Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\LiveQueryScheduled\Staging and all parent directories
2020-11-24T14:09:48.105Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICI;FA;;;S-1-5-80-1521243867-1128773477-782615202-3742460476-2946181991)
2020-11-24T14:09:48.105Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;CIOI;FA;;;S-1-5-80-1521243867-1128773477-782615202-3742460476-2946181991)S:(ML;;NW;;;LW)
2020-11-24T14:09:48.106Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CreateRegistryKey(HKLM\Software\Sophos\Management Communications System\Channels\LiveQueryScheduled, 32)
2020-11-24T14:09:48.106Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;;KA;;;BA)(A;OICIIO;GA;;;BA)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICIIO;GA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)
2020-11-24T14:09:48.107Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;;KA;;;S-1-5-32-544)(A;OICIIO;GA;;;S-1-5-32-544)(A;;KA;;;S-1-5-18)(A;OICIIO;GA;;;S-1-5-18)(A;;KA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICIIO;GA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)
2020-11-24T14:09:48.107Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: MCS MCS Remapper Installer
2020-11-24T14:09:48.107Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Messages and all parent directories
2020-11-24T14:09:48.107Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;;FA;;;SY)(A;OICIIO;GA;;;SY)(A;;FA;;;BA)(A;OICIIO;GA;;;BA)
2020-11-24T14:09:48.107Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;CIOI;GA;;;S-1-5-18)(A;CIOI;GA;;;S-1-5-32-544)
2020-11-24T14:09:48.110Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Messages\Incoming and all parent directories
2020-11-24T14:09:48.111Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Messages\Staging and all parent directories
2020-11-24T14:09:48.111Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CreateRegistryKey(HKLM\Software\Sophos\Management, 64)
2020-11-24T14:09:48.112Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;;KA;;;SY)(A;OICIIO;FA;;;SY)(A;;KA;;;BA)(A;OICIIO;FA;;;BA)
2020-11-24T14:09:48.112Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-32-544)
2020-11-24T14:09:48.112Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CreateRegistryKey(HKLM\Software\Sophos\Management\Policy, 64)
2020-11-24T14:09:48.113Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;;KA;;;SY)(A;OICIIO;FA;;;SY)(A;;KA;;;BA)(A;OICIIO;FA;;;BA)
2020-11-24T14:09:48.113Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-32-544)
2020-11-24T14:09:48.113Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: MCS add remove program key installer
2020-11-24T14:09:48.114Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32)
2020-11-24T14:09:48.114Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, AuthorizedCDFPrefix, )
2020-11-24T14:09:48.114Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, Comments, Management Communications System)
2020-11-24T14:09:48.114Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, Contact, Sophos Technical Support)
2020-11-24T14:09:48.115Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, DisplayName, Sophos Management Communications System)
2020-11-24T14:09:48.115Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, DisplayVersion, 4.12.686.0)
2020-11-24T14:09:48.115Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, EstimatedSize, 5263)
2020-11-24T14:09:48.115Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, HelpLink, http://www.sophos.com/support)
2020-11-24T14:09:48.116Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, InstallDate, 20201124)
2020-11-24T14:09:48.116Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, InstallLocation, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint)
2020-11-24T14:09:48.116Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, InstallSource, C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep)
2020-11-24T14:09:48.116Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, Language, 1033)
2020-11-24T14:09:48.117Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, ModifyPath, )
2020-11-24T14:09:48.117Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, NoModify, 1)
2020-11-24T14:09:48.117Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, NoRepair, 1)
2020-11-24T14:09:48.117Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, Publisher, Sophos Limited)
2020-11-24T14:09:48.118Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, UninstallString, "C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\Uninstall.exe")
2020-11-24T14:09:48.118Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, URLInfoAbout, http://www.sophos.com)
2020-11-24T14:09:48.118Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, VersionMajor, 4)
2020-11-24T14:09:48.118Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, VersionMinor, 12)
2020-11-24T14:09:48.119Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, SystemComponent, 1)
2020-11-24T14:09:48.119Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Start tamper-protected service step: Sophos MCS Agent
2020-11-24T14:09:48.199Z [ 9068:15128] [v4.12.686.0] INFO  Waiting 60000ms for service to start.
2020-11-24T14:09:48.199Z [ 9068:15128] [v4.12.686.0] INFO  Waiting for operation to succeed within 60000ms.
2020-11-24T14:09:49.200Z [ 9068:15128] [v4.12.686.0] INFO  Retrying operation. Counter: 1
2020-11-24T14:09:49.200Z [ 9068:15128] [v4.12.686.0] INFO  The service is running.
2020-11-24T14:09:49.200Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Start tamper-protected service step: Sophos MCS Client
2020-11-24T14:09:49.313Z [ 9068:15128] [v4.12.686.0] INFO  Waiting 60000ms for service to start.
2020-11-24T14:09:49.313Z [ 9068:15128] [v4.12.686.0] INFO  Waiting for operation to succeed within 60000ms.
2020-11-24T14:09:50.314Z [ 9068:15128] [v4.12.686.0] INFO  Retrying operation. Counter: 1
2020-11-24T14:09:50.314Z [ 9068:15128] [v4.12.686.0] INFO  The service is running.
2020-11-24T14:09:50.314Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Tamper protection of the MCS_SCM component will be set to: ON 
2020-11-24T14:09:50.321Z [ 9068:15128] [v4.12.686.0] INFO  Waiting for operation to succeed within 60000ms.
2020-11-24T14:09:50.321Z [ 9068:15128] [v4.12.686.0] INFO  Tamper protection of the MCS_SCM component has been set to: ON 
2020-11-24T14:09:50.321Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: TriggerRollbackTestStep: No action at execution
2020-11-24T14:09:50.321Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Tamper protection of the MCS_SCM component will be set to: OFF 
2020-11-24T14:09:50.321Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Stop service step without disabling tamper protection for service: Sophos MCS Client
2020-11-24T14:09:50.322Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Stop service step without disabling tamper protection for service: Sophos MCS Agent
2020-11-24T14:09:50.322Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Delete service step: Sophos MCS Client
2020-11-24T14:09:50.322Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Delete service step: Sophos MCS Agent
2020-11-24T14:09:50.322Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Install service step: Sophos MCS Agent
2020-11-24T14:09:50.322Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Install service step: Sophos MCS Client
2020-11-24T14:09:50.322Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: MCS directory installer
2020-11-24T14:09:50.322Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Create directory C:\Program Files (x86)\Sophos\Management Communications System\Endpoint and all parent directories
2020-11-24T14:09:50.323Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint and all parent directories
2020-11-24T14:09:50.323Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CreateDirectory(C:\ProgramData\Sophos\Management Communications System\Endpoint\Trail)
2020-11-24T14:09:50.323Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Create directory C:\ProgramData\Sophos\Remote Management System\3\Agent and all parent directories
2020-11-24T14:09:50.323Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CreateDirectory(C:\ProgramData\Sophos\Remote Management System\3\Agent\AdapterStorage)
2020-11-24T14:09:50.323Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Create directory C:\ProgramData\Sophos\Certificates\Management Communications System and all parent directories
2020-11-24T14:09:50.323Z [ 9068:15128] [v4.12.686.0] INFO  MCS directory installer completed successfully.
2020-11-24T14:09:50.323Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Tamper protection will be updated for the main component, if rollback is triggered.
2020-11-24T14:09:50.324Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\integrity.dat, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\integrity.dat)
2020-11-24T14:09:50.348Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Components\MCS, 64)
2020-11-24T14:09:50.348Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Tamper protection will be updated for the main component.
2020-11-24T14:09:50.349Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: MCS file installer
2020-11-24T14:09:50.349Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\scm_integrity.dat, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\scm_integrity.dat)
2020-11-24T14:09:50.349Z [ 9068:15128] [v4.12.686.0] INFO  DeleteFile C:\Program Files (x86)\Sophos\Management Communications System\TMP\scm_integrity.dat1606226988-1: file already absent
2020-11-24T14:09:50.349Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\NOTICE.txt, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\NOTICE.txt)
2020-11-24T14:09:50.349Z [ 9068:15128] [v4.12.686.0] INFO  DeleteFile C:\Program Files (x86)\Sophos\Management Communications System\TMP\NOTICE.txt1606226988-1: file already absent
2020-11-24T14:09:50.349Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\McsAdapter.dll, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAdapter.dll)
2020-11-24T14:09:50.349Z [ 9068:15128] [v4.12.686.0] INFO  DeleteFile C:\Program Files (x86)\Sophos\Management Communications System\TMP\McsAdapter.dll1606226988-1: file already absent
2020-11-24T14:09:50.349Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\McsEvents.dll, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsEvents.dll)
2020-11-24T14:09:50.349Z [ 9068:15128] [v4.12.686.0] INFO  DeleteFile C:\Program Files (x86)\Sophos\Management Communications System\TMP\McsEvents.dll1606226988-1: file already absent
2020-11-24T14:09:50.349Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\McsAgent.exe, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe)
2020-11-24T14:09:50.350Z [ 9068:15128] [v4.12.686.0] INFO  DeleteFile C:\Program Files (x86)\Sophos\Management Communications System\TMP\McsAgent.exe1606226988-1: file already absent
2020-11-24T14:09:50.350Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\McsClient.exe, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe)
2020-11-24T14:09:50.350Z [ 9068:15128] [v4.12.686.0] INFO  DeleteFile C:\Program Files (x86)\Sophos\Management Communications System\TMP\McsClient.exe1606226988-1: file already absent
2020-11-24T14:09:50.350Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\scf.dat, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\scf.dat)
2020-11-24T14:09:50.350Z [ 9068:15128] [v4.12.686.0] INFO  DeleteFile C:\Program Files (x86)\Sophos\Management Communications System\TMP\scf.dat1606226988-1: file already absent
2020-11-24T14:09:50.350Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\sof.dat, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\sof.dat)
2020-11-24T14:09:50.350Z [ 9068:15128] [v4.12.686.0] INFO  DeleteFile C:\Program Files (x86)\Sophos\Management Communications System\TMP\sof.dat1606226988-1: file already absent
2020-11-24T14:09:50.350Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\Uninstall.exe, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\Uninstall.exe)
2020-11-24T14:09:50.350Z [ 9068:15128] [v4.12.686.0] INFO  DeleteFile C:\Program Files (x86)\Sophos\Management Communications System\TMP\Uninstall.exe1606226988-1: file already absent
2020-11-24T14:09:50.350Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca1.crt, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca1.crt)
2020-11-24T14:09:50.361Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca1.crl, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca1.crl)
2020-11-24T14:09:50.361Z [ 9068:15128] [v4.12.686.0] INFO  DeleteFile C:\ProgramData\Sophos\Certificates\Management Communications System\TMP\sophosca1.crl1606226988-1: file already absent
2020-11-24T14:09:50.361Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca2.crt, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca2.crt)
2020-11-24T14:09:50.362Z [ 9068:15128] [v4.12.686.0] INFO  DeleteFile C:\ProgramData\Sophos\Certificates\Management Communications System\TMP\sophosca2.crt1606226988-1: file already absent
2020-11-24T14:09:50.362Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca2.crl, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca2.crl)
2020-11-24T14:09:50.362Z [ 9068:15128] [v4.12.686.0] INFO  DeleteFile C:\ProgramData\Sophos\Certificates\Management Communications System\TMP\sophosca2.crl1606226988-1: file already absent
2020-11-24T14:09:50.362Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca3.crt, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca3.crt)
2020-11-24T14:09:50.363Z [ 9068:15128] [v4.12.686.0] INFO  DeleteFile C:\ProgramData\Sophos\Certificates\Management Communications System\TMP\sophosca3.crt1606226988-1: file already absent
2020-11-24T14:09:50.363Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca3.crl, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca3.crl)
2020-11-24T14:09:50.363Z [ 9068:15128] [v4.12.686.0] INFO  DeleteFile C:\ProgramData\Sophos\Certificates\Management Communications System\TMP\sophosca3.crl1606226988-1: file already absent
2020-11-24T14:09:50.364Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca4.crt, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca4.crt)
2020-11-24T14:09:50.364Z [ 9068:15128] [v4.12.686.0] INFO  DeleteFile C:\ProgramData\Sophos\Certificates\Management Communications System\TMP\sophosca4.crt1606226988-1: file already absent
2020-11-24T14:09:50.364Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca4.crl, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca4.crl)
2020-11-24T14:09:50.364Z [ 9068:15128] [v4.12.686.0] INFO  DeleteFile C:\ProgramData\Sophos\Certificates\Management Communications System\TMP\sophosca4.crl1606226988-1: file already absent
2020-11-24T14:09:50.365Z [ 9068:15128] [v4.12.686.0] INFO  MCS file installer completed successfully.
2020-11-24T14:09:50.365Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: MCS flags installer
2020-11-24T14:09:50.365Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CreateDirectory(C:\ProgramData\Sophos\Management Communications System\Endpoint\Flags)
2020-11-24T14:09:50.365Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: DeleteMatchingFiles(From C:\ProgramData\Sophos\Management Communications System\Endpoint\Flags containing '.*')
2020-11-24T14:09:50.366Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Flags\cepng.json, C:\ProgramData\Sophos\Management Communications System\Endpoint\Flags\cepng.json)
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Flags\cix.json, C:\ProgramData\Sophos\Management Communications System\Endpoint\Flags\cix.json)
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  MCS flags installer completed successfully.
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Components\MCS_SCM, 64)
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: MCS registry key Installer
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CreateRegistryKey(HKLM\Software\Sophos\Remote Management System, 32)
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CreateRegistryKey(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters, 32)
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CreateRegistryKey(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters\MCS, 32)
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters\MCS, 32, DllPath, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAdapter.dll)
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CreateRegistryKey(HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sophos Management Communications System, 0)
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sophos Management Communications System, 0, EventMessageFile, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsEvents.dll)
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sophos Management Communications System, 0, ParameterMessageFile, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsEvents.dll)
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sophos Management Communications System, 0, CategoryMessageFile, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsEvents.dll)
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sophos Management Communications System, 0, CategoryCount, 2)
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sophos Management Communications System, 0, TypesSupported, 7)
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CreateRegistryKey(HKLM\Software\Sophos\Telemetry\Plugins\MCS, 32)
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\Software\Sophos\Telemetry\Plugins\MCS, 32, File, C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\mcsAgentTelemetry.json)
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CreateRegistryKey(HKLM\System\CurrentControlSet\Services\Sophos Endpoint Defense\EndpointFlags, 0)
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  MCS registry key Installer completed successfully.
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: MCS Channels Installer
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\APPWL\Incoming and all parent directories
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\APPWL\Staging and all parent directories
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CreateRegistryKey(HKLM\Software\Sophos\Management Communications System\Channels\APPWL, 32)
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\Software\Sophos\Management Communications System\Channels\APPWL, 32, presigned_uri, RegistryValue(7, 00000000)
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\EDR\Incoming and all parent directories
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\EDR\Staging and all parent directories
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CreateRegistryKey(HKLM\Software\Sophos\Management Communications System\Channels\EDR, 32)
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\Software\Sophos\Management Communications System\Channels\EDR, 32, presigned_uri, RegistryValue(7, 00000000)
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\FIM\Incoming and all parent directories
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\FIM\Staging and all parent directories
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CreateRegistryKey(HKLM\Software\Sophos\Management Communications System\Channels\FIM, 32)
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\Software\Sophos\Management Communications System\Channels\FIM, 32, presigned_uri, RegistryValue(7, 00000000)
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\ForensicSnapshot\Incoming and all parent directories
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\ForensicSnapshot\Staging and all parent directories
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CreateRegistryKey(HKLM\Software\Sophos\Management Communications System\Channels\ForensicSnapshot, 32)
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\Software\Sophos\Management Communications System\Channels\ForensicSnapshot, 32, presigned_uri, RegistryValue(7, 00000000)
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\RCA\Incoming and all parent directories
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\RCA\Staging and all parent directories
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CreateRegistryKey(HKLM\Software\Sophos\Management Communications System\Channels\RCA, 32)
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\Software\Sophos\Management Communications System\Channels\RCA, 32, presigned_uri, RegistryValue(7, 00000000)
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\LiveQueryScheduled\Incoming and all parent directories
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\LiveQueryScheduled\Staging and all parent directories
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CreateRegistryKey(HKLM\Software\Sophos\Management Communications System\Channels\LiveQueryScheduled, 32)
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  MCS Channels Installer completed successfully.
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: MCS MCS Remapper Installer
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Messages and all parent directories
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Messages\Incoming and all parent directories
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Messages\Staging and all parent directories
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CreateRegistryKey(HKLM\Software\Sophos\Management, 64)
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CreateRegistryKey(HKLM\Software\Sophos\Management\Policy, 64)
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  MCS MCS Remapper Installer completed successfully.
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: MCS add remove program key installer
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32)
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, AuthorizedCDFPrefix, )
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, Comments, Management Communications System)
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, Contact, Sophos Technical Support)
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, DisplayName, Sophos Management Communications System)
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, DisplayVersion, 4.12.686.0)
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, EstimatedSize, 5263)
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, HelpLink, http://www.sophos.com/support)
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, InstallDate, 20201124)
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, InstallLocation, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint)
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, InstallSource, C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep)
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, Language, 1033)
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, ModifyPath, )
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, NoModify, 1)
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, NoRepair, 1)
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, Publisher, Sophos Limited)
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, UninstallString, "C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\Uninstall.exe")
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, URLInfoAbout, http://www.sophos.com)
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, VersionMajor, 4)
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, VersionMinor, 12)
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, SystemComponent, 1)
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  MCS add remove program key installer completed successfully.
2020-11-24T14:09:50.370Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Start tamper-protected service step: Sophos MCS Agent
2020-11-24T14:09:50.370Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Start tamper-protected service step: Sophos MCS Client
2020-11-24T14:09:50.370Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Tamper protection of the MCS_SCM component will be set to: ON 
2020-11-24T14:09:50.370Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: TriggerRollbackTestStep: No action at execution
2020-11-24T14:09:50.370Z [ 9068:15128] [v4.12.686.0] INFO  MCS overall installer completed successfully.
2020-11-24T14:09:50.370Z [ 9068:15128] [v4.12.686.0] INFO  Action was successful, reboot is not required
2020-11-24T14:09:50.370Z [ 9068:15128] [v4.12.686.0] INFO  End product setup

Thanks

Reply

0 M-ameen Ahmed Ahmed over 3 years ago in reply to intrusus

2020-11-24T14:09:45.815Z [ 9068:15128] [v4.12.686.0] INFO  Begin product setup
2020-11-24T14:09:45.815Z [ 9068:15128] [v4.12.686.0] INFO  Begin install
2020-11-24T14:09:45.821Z [ 9068:15128] [v4.12.686.0] INFO  Config.xml found: true
2020-11-24T14:09:45.821Z [ 9068:15128] [v4.12.686.0] INFO  MCS already installed. Start update.
2020-11-24T14:09:45.821Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Tamper protection of the MCS_SCM component will be set to: OFF 
2020-11-24T14:09:45.824Z [ 9068:15128] [v4.12.686.0] INFO  Waiting for operation to succeed within 60000ms.
2020-11-24T14:09:45.824Z [ 9068:15128] [v4.12.686.0] INFO  Tamper protection of the MCS_SCM component has been set to: OFF 
2020-11-24T14:09:45.824Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Stop service step without disabling tamper protection for service: Sophos MCS Client
2020-11-24T14:09:45.825Z [ 9068:15128] [v4.12.686.0] INFO  PID of service: 6940
2020-11-24T14:09:45.825Z [ 9068:15128] [v4.12.686.0] INFO  PID of service: 6940
2020-11-24T14:09:45.825Z [ 9068:15128] [v4.12.686.0] INFO  Service process handle acquired
2020-11-24T14:09:45.826Z [ 9068:15128] [v4.12.686.0] INFO  StopCommand key was set
2020-11-24T14:09:45.826Z [ 9068:15128] [v4.12.686.0] INFO  Waiting 60000ms for service stop
2020-11-24T14:09:45.826Z [ 9068:15128] [v4.12.686.0] INFO  Waiting for operation to succeed within 60000ms.
2020-11-24T14:09:46.826Z [ 9068:15128] [v4.12.686.0] INFO  Retrying operation. Counter: 1
2020-11-24T14:09:46.827Z [ 9068:15128] [v4.12.686.0] INFO  Service has stopped.
2020-11-24T14:09:46.827Z [ 9068:15128] [v4.12.686.0] INFO  StopCommand key was removed
2020-11-24T14:09:46.827Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Stop service step without disabling tamper protection for service: Sophos MCS Agent
2020-11-24T14:09:46.830Z [ 9068:15128] [v4.12.686.0] INFO  PID of service: 11564
2020-11-24T14:09:46.831Z [ 9068:15128] [v4.12.686.0] INFO  PID of service: 11564
2020-11-24T14:09:46.831Z [ 9068:15128] [v4.12.686.0] INFO  Service process handle acquired
2020-11-24T14:09:46.832Z [ 9068:15128] [v4.12.686.0] INFO  StopCommand key was set
2020-11-24T14:09:46.832Z [ 9068:15128] [v4.12.686.0] INFO  Waiting 60000ms for service stop
2020-11-24T14:09:46.832Z [ 9068:15128] [v4.12.686.0] INFO  Waiting for operation to succeed within 60000ms.
2020-11-24T14:09:47.834Z [ 9068:15128] [v4.12.686.0] INFO  Retrying operation. Counter: 1
2020-11-24T14:09:47.834Z [ 9068:15128] [v4.12.686.0] INFO  Service has stopped.
2020-11-24T14:09:47.835Z [ 9068:15128] [v4.12.686.0] INFO  StopCommand key was removed
2020-11-24T14:09:47.835Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Delete service step: Sophos MCS Client
2020-11-24T14:09:47.835Z [ 9068:15128] [v4.12.686.0] INFO  Querying configuration of service: Sophos MCS Client
2020-11-24T14:09:47.838Z [ 9068:15128] [v4.12.686.0] INFO  Waiting 60000ms for service deletion
2020-11-24T14:09:47.838Z [ 9068:15128] [v4.12.686.0] INFO  Waiting for operation to succeed within 60000ms.
2020-11-24T14:09:47.840Z [ 9068:15128] [v4.12.686.0] INFO  Successfully deleted service: Sophos MCS Client
2020-11-24T14:09:47.840Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Delete service step: Sophos MCS Agent
2020-11-24T14:09:47.840Z [ 9068:15128] [v4.12.686.0] INFO  Querying configuration of service: Sophos MCS Agent
2020-11-24T14:09:47.843Z [ 9068:15128] [v4.12.686.0] INFO  Waiting 60000ms for service deletion
2020-11-24T14:09:47.843Z [ 9068:15128] [v4.12.686.0] INFO  Waiting for operation to succeed within 60000ms.
2020-11-24T14:09:47.844Z [ 9068:15128] [v4.12.686.0] INFO  Successfully deleted service: Sophos MCS Agent
2020-11-24T14:09:47.844Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Install service step: Sophos MCS Agent
2020-11-24T14:09:47.851Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Install service step: Sophos MCS Client
2020-11-24T14:09:47.858Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: MCS directory installer
2020-11-24T14:09:47.859Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Create directory C:\Program Files (x86)\Sophos\Management Communications System\Endpoint and all parent directories
2020-11-24T14:09:47.864Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;LS)(A;OICI;0x1200a9;;;BU)
2020-11-24T14:09:47.864Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FRFX;;;S-1-5-19)(A;CIOI;FRFX;;;S-1-5-32-545)
2020-11-24T14:09:47.878Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint and all parent directories
2020-11-24T14:09:47.879Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;LS)(A;OICI;FR;;;BU)
2020-11-24T14:09:47.879Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-19)(A;CIOI;FR;;;S-1-5-32-545)
2020-11-24T14:09:47.968Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CreateDirectory(C:\ProgramData\Sophos\Management Communications System\Endpoint\Trail)
2020-11-24T14:09:47.969Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;LS)
2020-11-24T14:09:47.969Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-19)
2020-11-24T14:09:47.969Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Create directory C:\ProgramData\Sophos\Remote Management System\3\Agent and all parent directories
2020-11-24T14:09:47.970Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CreateDirectory(C:\ProgramData\Sophos\Remote Management System\3\Agent\AdapterStorage)
2020-11-24T14:09:47.970Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)
2020-11-24T14:09:47.970Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)
2020-11-24T14:09:48.001Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Create directory C:\ProgramData\Sophos\Certificates\Management Communications System and all parent directories
2020-11-24T14:09:48.001Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FR;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)
2020-11-24T14:09:48.001Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FR;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)
2020-11-24T14:09:48.006Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Tamper protection will be updated for the main component, if rollback is triggered.
2020-11-24T14:09:48.006Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\integrity.dat, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\integrity.dat)
2020-11-24T14:09:48.011Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Components\MCS, 64)
2020-11-24T14:09:48.011Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Tamper protection will be updated for the main component.
2020-11-24T14:09:48.015Z [ 9068:15128] [v4.12.686.0] INFO  Waiting for operation to succeed within 60000ms.
2020-11-24T14:09:48.015Z [ 9068:15128] [v4.12.686.0] INFO  Tamper protection for the main component has been updated.
2020-11-24T14:09:48.015Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: MCS file installer
2020-11-24T14:09:48.015Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\scm_integrity.dat, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\scm_integrity.dat)
2020-11-24T14:09:48.018Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\NOTICE.txt, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\NOTICE.txt)
2020-11-24T14:09:48.023Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\McsAdapter.dll, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAdapter.dll)
2020-11-24T14:09:48.027Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\McsEvents.dll, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsEvents.dll)
2020-11-24T14:09:48.031Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\McsAgent.exe, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe)
2020-11-24T14:09:48.035Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\McsClient.exe, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe)
2020-11-24T14:09:48.040Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\scf.dat, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\scf.dat)
2020-11-24T14:09:48.043Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\sof.dat, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\sof.dat)
2020-11-24T14:09:48.046Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\Uninstall.exe, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\Uninstall.exe)
2020-11-24T14:09:48.051Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca1.crt, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca1.crt)
2020-11-24T14:09:48.055Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca1.crl, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca1.crl)
2020-11-24T14:09:48.058Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca2.crt, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca2.crt)
2020-11-24T14:09:48.061Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca2.crl, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca2.crl)
2020-11-24T14:09:48.064Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca3.crt, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca3.crt)
2020-11-24T14:09:48.067Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca3.crl, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca3.crl)
2020-11-24T14:09:48.070Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca4.crt, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca4.crt)
2020-11-24T14:09:48.073Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca4.crl, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca4.crl)
2020-11-24T14:09:48.076Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: MCS flags installer
2020-11-24T14:09:48.076Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CreateDirectory(C:\ProgramData\Sophos\Management Communications System\Endpoint\Flags)
2020-11-24T14:09:48.077Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: DeleteMatchingFiles(From C:\ProgramData\Sophos\Management Communications System\Endpoint\Flags containing '.*')
2020-11-24T14:09:48.077Z [ 9068:15128] [v4.12.686.0] INFO  Removing file (C:\ProgramData\Sophos\Management Communications System\Endpoint\Flags\cepng.json) => rollback backup (C:\Users\helpdesk\AppData\Local\Temp\0bee8517d8832a233c21b2b3c3ff1455e438ad42162bb49ed6bcface6d7a6ef9.tmp)
2020-11-24T14:09:48.079Z [ 9068:15128] [v4.12.686.0] INFO  Removing file (C:\ProgramData\Sophos\Management Communications System\Endpoint\Flags\cix.json) => rollback backup (C:\Users\helpdesk\AppData\Local\Temp\83e7e7bcc57a33e3f6d2722c644ef6ee0fb6a6873c1cbfa7dabf489799ef9c85.tmp)
2020-11-24T14:09:48.081Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Flags\cepng.json, C:\ProgramData\Sophos\Management Communications System\Endpoint\Flags\cepng.json)
2020-11-24T14:09:48.082Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Flags\cix.json, C:\ProgramData\Sophos\Management Communications System\Endpoint\Flags\cix.json)
2020-11-24T14:09:48.084Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Components\MCS_SCM, 64)
2020-11-24T14:09:48.084Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: MCS registry key Installer
2020-11-24T14:09:48.084Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CreateRegistryKey(HKLM\Software\Sophos\Remote Management System, 32)
2020-11-24T14:09:48.084Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;;KA;;;BA)(A;OICIIO;GA;;;BA)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)
2020-11-24T14:09:48.084Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;;KA;;;S-1-5-32-544)(A;OICIIO;GA;;;S-1-5-32-544)(A;;KA;;;S-1-5-18)(A;OICIIO;GA;;;S-1-5-18)
2020-11-24T14:09:48.084Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CreateRegistryKey(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters, 32)
2020-11-24T14:09:48.084Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;;KA;;;BA)(A;OICIIO;GA;;;BA)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)
2020-11-24T14:09:48.084Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;;KA;;;S-1-5-32-544)(A;OICIIO;GA;;;S-1-5-32-544)(A;;KA;;;S-1-5-18)(A;OICIIO;GA;;;S-1-5-18)
2020-11-24T14:09:48.086Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CreateRegistryKey(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters\MCS, 32)
2020-11-24T14:09:48.086Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters\MCS, 32, DllPath, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAdapter.dll)
2020-11-24T14:09:48.086Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CreateRegistryKey(HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sophos Management Communications System, 0)
2020-11-24T14:09:48.086Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sophos Management Communications System, 0, EventMessageFile, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsEvents.dll)
2020-11-24T14:09:48.086Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sophos Management Communications System, 0, ParameterMessageFile, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsEvents.dll)
2020-11-24T14:09:48.086Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sophos Management Communications System, 0, CategoryMessageFile, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsEvents.dll)
2020-11-24T14:09:48.086Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sophos Management Communications System, 0, CategoryCount, 2)
2020-11-24T14:09:48.086Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sophos Management Communications System, 0, TypesSupported, 7)
2020-11-24T14:09:48.086Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CreateRegistryKey(HKLM\Software\Sophos\Telemetry\Plugins\MCS, 32)
2020-11-24T14:09:48.086Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\Software\Sophos\Telemetry\Plugins\MCS, 32, File, C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\mcsAgentTelemetry.json)
2020-11-24T14:09:48.087Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CreateRegistryKey(HKLM\System\CurrentControlSet\Services\Sophos Endpoint Defense\EndpointFlags, 0)
2020-11-24T14:09:48.087Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: MCS Channels Installer

2020-11-24T14:09:48.087Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\APPWL\Incoming and all parent directories
2020-11-24T14:09:48.087Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749)
2020-11-24T14:09:48.087Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;CIOI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749)S:(ML;;NW;;;LW)
2020-11-24T14:09:48.088Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\APPWL\Staging and all parent directories
2020-11-24T14:09:48.088Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749)
2020-11-24T14:09:48.088Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;CIOI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749)S:(ML;;NW;;;LW)
2020-11-24T14:09:48.089Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CreateRegistryKey(HKLM\Software\Sophos\Management Communications System\Channels\APPWL, 32)
2020-11-24T14:09:48.090Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;;KA;;;BA)(A;OICIIO;GA;;;BA)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICIIO;GA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)
2020-11-24T14:09:48.090Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;;KA;;;S-1-5-32-544)(A;OICIIO;GA;;;S-1-5-32-544)(A;;KA;;;S-1-5-18)(A;OICIIO;GA;;;S-1-5-18)(A;;KA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICIIO;GA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)
2020-11-24T14:09:48.090Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\Software\Sophos\Management Communications System\Channels\APPWL, 32, presigned_uri, RegistryValue(7, 00000000)
2020-11-24T14:09:48.090Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\EDR\Incoming and all parent directories
2020-11-24T14:09:48.090Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749)
2020-11-24T14:09:48.090Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;CIOI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749)S:(ML;;NW;;;LW)
2020-11-24T14:09:48.091Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\EDR\Staging and all parent directories
2020-11-24T14:09:48.092Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749)
2020-11-24T14:09:48.092Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;CIOI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749)S:(ML;;NW;;;LW)
2020-11-24T14:09:48.093Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CreateRegistryKey(HKLM\Software\Sophos\Management Communications System\Channels\EDR, 32)
2020-11-24T14:09:48.093Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;;KA;;;BA)(A;OICIIO;GA;;;BA)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICIIO;GA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)
2020-11-24T14:09:48.093Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;;KA;;;S-1-5-32-544)(A;OICIIO;GA;;;S-1-5-32-544)(A;;KA;;;S-1-5-18)(A;OICIIO;GA;;;S-1-5-18)(A;;KA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICIIO;GA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)
2020-11-24T14:09:48.093Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\Software\Sophos\Management Communications System\Channels\EDR, 32, presigned_uri, RegistryValue(7, 00000000)
2020-11-24T14:09:48.093Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\FIM\Incoming and all parent directories
2020-11-24T14:09:48.094Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICI;FA;;;S-1-5-80-3425732772-3003596726-1695377706-1312571016-3579618460)
2020-11-24T14:09:48.094Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;CIOI;FA;;;S-1-5-80-3425732772-3003596726-1695377706-1312571016-3579618460)S:(ML;;NW;;;LW)
2020-11-24T14:09:48.095Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\FIM\Staging and all parent directories
2020-11-24T14:09:48.095Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICI;FA;;;S-1-5-80-3425732772-3003596726-1695377706-1312571016-3579618460)
2020-11-24T14:09:48.095Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;CIOI;FA;;;S-1-5-80-3425732772-3003596726-1695377706-1312571016-3579618460)S:(ML;;NW;;;LW)
2020-11-24T14:09:48.096Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CreateRegistryKey(HKLM\Software\Sophos\Management Communications System\Channels\FIM, 32)
2020-11-24T14:09:48.096Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;;KA;;;BA)(A;OICIIO;GA;;;BA)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICIIO;GA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)
2020-11-24T14:09:48.096Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;;KA;;;S-1-5-32-544)(A;OICIIO;GA;;;S-1-5-32-544)(A;;KA;;;S-1-5-18)(A;OICIIO;GA;;;S-1-5-18)(A;;KA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICIIO;GA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)
2020-11-24T14:09:48.096Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\Software\Sophos\Management Communications System\Channels\FIM, 32, presigned_uri, RegistryValue(7, 00000000)
2020-11-24T14:09:48.097Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\ForensicSnapshot\Incoming and all parent directories
2020-11-24T14:09:48.097Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749)
2020-11-24T14:09:48.097Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;CIOI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749)S:(ML;;NW;;;LW)
2020-11-24T14:09:48.098Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\ForensicSnapshot\Staging and all parent directories
2020-11-24T14:09:48.098Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749)
2020-11-24T14:09:48.098Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;CIOI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749)S:(ML;;NW;;;LW)
2020-11-24T14:09:48.099Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CreateRegistryKey(HKLM\Software\Sophos\Management Communications System\Channels\ForensicSnapshot, 32)
2020-11-24T14:09:48.100Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;;KA;;;BA)(A;OICIIO;GA;;;BA)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICIIO;GA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)
2020-11-24T14:09:48.100Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;;KA;;;S-1-5-32-544)(A;OICIIO;GA;;;S-1-5-32-544)(A;;KA;;;S-1-5-18)(A;OICIIO;GA;;;S-1-5-18)(A;;KA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICIIO;GA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)
2020-11-24T14:09:48.100Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\Software\Sophos\Management Communications System\Channels\ForensicSnapshot, 32, presigned_uri, RegistryValue(7, 00000000)
2020-11-24T14:09:48.100Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\RCA\Incoming and all parent directories
2020-11-24T14:09:48.100Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749)
2020-11-24T14:09:48.100Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;CIOI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749)S:(ML;;NW;;;LW)
2020-11-24T14:09:48.101Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\RCA\Staging and all parent directories
2020-11-24T14:09:48.102Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749)
2020-11-24T14:09:48.102Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;CIOI;FA;;;S-1-5-80-1025068203-2626198128-3173141159-110103136-1829787749)S:(ML;;NW;;;LW)
2020-11-24T14:09:48.103Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CreateRegistryKey(HKLM\Software\Sophos\Management Communications System\Channels\RCA, 32)
2020-11-24T14:09:48.103Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;;KA;;;BA)(A;OICIIO;GA;;;BA)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICIIO;GA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)
2020-11-24T14:09:48.103Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;;KA;;;S-1-5-32-544)(A;OICIIO;GA;;;S-1-5-32-544)(A;;KA;;;S-1-5-18)(A;OICIIO;GA;;;S-1-5-18)(A;;KA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICIIO;GA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)
2020-11-24T14:09:48.103Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\Software\Sophos\Management Communications System\Channels\RCA, 32, presigned_uri, RegistryValue(7, 00000000)
2020-11-24T14:09:48.103Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\LiveQueryScheduled\Incoming and all parent directories
2020-11-24T14:09:48.104Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICI;FA;;;S-1-5-80-1521243867-1128773477-782615202-3742460476-2946181991)
2020-11-24T14:09:48.104Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;CIOI;FA;;;S-1-5-80-1521243867-1128773477-782615202-3742460476-2946181991)S:(ML;;NW;;;LW)
2020-11-24T14:09:48.105Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\LiveQueryScheduled\Staging and all parent directories
2020-11-24T14:09:48.105Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICI;FA;;;S-1-5-80-1521243867-1128773477-782615202-3742460476-2946181991)
2020-11-24T14:09:48.105Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-32-544)(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;CIOI;FA;;;S-1-5-80-1521243867-1128773477-782615202-3742460476-2946181991)S:(ML;;NW;;;LW)
2020-11-24T14:09:48.106Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CreateRegistryKey(HKLM\Software\Sophos\Management Communications System\Channels\LiveQueryScheduled, 32)
2020-11-24T14:09:48.106Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;;KA;;;BA)(A;OICIIO;GA;;;BA)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICIIO;GA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)
2020-11-24T14:09:48.107Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;;KA;;;S-1-5-32-544)(A;OICIIO;GA;;;S-1-5-32-544)(A;;KA;;;S-1-5-18)(A;OICIIO;GA;;;S-1-5-18)(A;;KA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)(A;OICIIO;GA;;;S-1-5-80-616523863-387867340-2024776631-963389826-2037398138)
2020-11-24T14:09:48.107Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: MCS MCS Remapper Installer
2020-11-24T14:09:48.107Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Messages and all parent directories
2020-11-24T14:09:48.107Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;;FA;;;SY)(A;OICIIO;GA;;;SY)(A;;FA;;;BA)(A;OICIIO;GA;;;BA)
2020-11-24T14:09:48.107Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;CIOI;GA;;;S-1-5-18)(A;CIOI;GA;;;S-1-5-32-544)
2020-11-24T14:09:48.110Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Messages\Incoming and all parent directories
2020-11-24T14:09:48.111Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Messages\Staging and all parent directories
2020-11-24T14:09:48.111Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CreateRegistryKey(HKLM\Software\Sophos\Management, 64)
2020-11-24T14:09:48.112Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;;KA;;;SY)(A;OICIIO;FA;;;SY)(A;;KA;;;BA)(A;OICIIO;FA;;;BA)
2020-11-24T14:09:48.112Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-32-544)
2020-11-24T14:09:48.112Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CreateRegistryKey(HKLM\Software\Sophos\Management\Policy, 64)
2020-11-24T14:09:48.113Z [ 9068:15128] [v4.12.686.0] INFO  Existing security permissions before resetting permissions: D:PAI(A;;KA;;;SY)(A;OICIIO;FA;;;SY)(A;;KA;;;BA)(A;OICIIO;FA;;;BA)
2020-11-24T14:09:48.113Z [ 9068:15128] [v4.12.686.0] INFO  New security permissions: D:PAI(A;CIOI;FA;;;S-1-5-18)(A;CIOI;FA;;;S-1-5-32-544)
2020-11-24T14:09:48.113Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: MCS add remove program key installer
2020-11-24T14:09:48.114Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32)
2020-11-24T14:09:48.114Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, AuthorizedCDFPrefix, )
2020-11-24T14:09:48.114Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, Comments, Management Communications System)
2020-11-24T14:09:48.114Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, Contact, Sophos Technical Support)
2020-11-24T14:09:48.115Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, DisplayName, Sophos Management Communications System)
2020-11-24T14:09:48.115Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, DisplayVersion, 4.12.686.0)
2020-11-24T14:09:48.115Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, EstimatedSize, 5263)
2020-11-24T14:09:48.115Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, HelpLink, http://www.sophos.com/support)
2020-11-24T14:09:48.116Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, InstallDate, 20201124)
2020-11-24T14:09:48.116Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, InstallLocation, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint)
2020-11-24T14:09:48.116Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, InstallSource, C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep)
2020-11-24T14:09:48.116Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, Language, 1033)
2020-11-24T14:09:48.117Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, ModifyPath, )
2020-11-24T14:09:48.117Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, NoModify, 1)
2020-11-24T14:09:48.117Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, NoRepair, 1)
2020-11-24T14:09:48.117Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, Publisher, Sophos Limited)
2020-11-24T14:09:48.118Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, UninstallString, "C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\Uninstall.exe")
2020-11-24T14:09:48.118Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, URLInfoAbout, http://www.sophos.com)
2020-11-24T14:09:48.118Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, VersionMajor, 4)
2020-11-24T14:09:48.118Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, VersionMinor, 12)
2020-11-24T14:09:48.119Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, SystemComponent, 1)
2020-11-24T14:09:48.119Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Start tamper-protected service step: Sophos MCS Agent
2020-11-24T14:09:48.199Z [ 9068:15128] [v4.12.686.0] INFO  Waiting 60000ms for service to start.
2020-11-24T14:09:48.199Z [ 9068:15128] [v4.12.686.0] INFO  Waiting for operation to succeed within 60000ms.
2020-11-24T14:09:49.200Z [ 9068:15128] [v4.12.686.0] INFO  Retrying operation. Counter: 1
2020-11-24T14:09:49.200Z [ 9068:15128] [v4.12.686.0] INFO  The service is running.
2020-11-24T14:09:49.200Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Start tamper-protected service step: Sophos MCS Client
2020-11-24T14:09:49.313Z [ 9068:15128] [v4.12.686.0] INFO  Waiting 60000ms for service to start.
2020-11-24T14:09:49.313Z [ 9068:15128] [v4.12.686.0] INFO  Waiting for operation to succeed within 60000ms.
2020-11-24T14:09:50.314Z [ 9068:15128] [v4.12.686.0] INFO  Retrying operation. Counter: 1
2020-11-24T14:09:50.314Z [ 9068:15128] [v4.12.686.0] INFO  The service is running.
2020-11-24T14:09:50.314Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: Tamper protection of the MCS_SCM component will be set to: ON 
2020-11-24T14:09:50.321Z [ 9068:15128] [v4.12.686.0] INFO  Waiting for operation to succeed within 60000ms.
2020-11-24T14:09:50.321Z [ 9068:15128] [v4.12.686.0] INFO  Tamper protection of the MCS_SCM component has been set to: ON 
2020-11-24T14:09:50.321Z [ 9068:15128] [v4.12.686.0] INFO  Executing step: TriggerRollbackTestStep: No action at execution
2020-11-24T14:09:50.321Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Tamper protection of the MCS_SCM component will be set to: OFF 
2020-11-24T14:09:50.321Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Stop service step without disabling tamper protection for service: Sophos MCS Client
2020-11-24T14:09:50.322Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Stop service step without disabling tamper protection for service: Sophos MCS Agent
2020-11-24T14:09:50.322Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Delete service step: Sophos MCS Client
2020-11-24T14:09:50.322Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Delete service step: Sophos MCS Agent
2020-11-24T14:09:50.322Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Install service step: Sophos MCS Agent
2020-11-24T14:09:50.322Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Install service step: Sophos MCS Client
2020-11-24T14:09:50.322Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: MCS directory installer
2020-11-24T14:09:50.322Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Create directory C:\Program Files (x86)\Sophos\Management Communications System\Endpoint and all parent directories
2020-11-24T14:09:50.323Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint and all parent directories
2020-11-24T14:09:50.323Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CreateDirectory(C:\ProgramData\Sophos\Management Communications System\Endpoint\Trail)
2020-11-24T14:09:50.323Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Create directory C:\ProgramData\Sophos\Remote Management System\3\Agent and all parent directories
2020-11-24T14:09:50.323Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CreateDirectory(C:\ProgramData\Sophos\Remote Management System\3\Agent\AdapterStorage)
2020-11-24T14:09:50.323Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Create directory C:\ProgramData\Sophos\Certificates\Management Communications System and all parent directories
2020-11-24T14:09:50.323Z [ 9068:15128] [v4.12.686.0] INFO  MCS directory installer completed successfully.
2020-11-24T14:09:50.323Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Tamper protection will be updated for the main component, if rollback is triggered.
2020-11-24T14:09:50.324Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\integrity.dat, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\integrity.dat)
2020-11-24T14:09:50.348Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Components\MCS, 64)
2020-11-24T14:09:50.348Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Tamper protection will be updated for the main component.
2020-11-24T14:09:50.349Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: MCS file installer
2020-11-24T14:09:50.349Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\scm_integrity.dat, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\scm_integrity.dat)
2020-11-24T14:09:50.349Z [ 9068:15128] [v4.12.686.0] INFO  DeleteFile C:\Program Files (x86)\Sophos\Management Communications System\TMP\scm_integrity.dat1606226988-1: file already absent
2020-11-24T14:09:50.349Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\NOTICE.txt, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\NOTICE.txt)
2020-11-24T14:09:50.349Z [ 9068:15128] [v4.12.686.0] INFO  DeleteFile C:\Program Files (x86)\Sophos\Management Communications System\TMP\NOTICE.txt1606226988-1: file already absent
2020-11-24T14:09:50.349Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\McsAdapter.dll, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAdapter.dll)
2020-11-24T14:09:50.349Z [ 9068:15128] [v4.12.686.0] INFO  DeleteFile C:\Program Files (x86)\Sophos\Management Communications System\TMP\McsAdapter.dll1606226988-1: file already absent
2020-11-24T14:09:50.349Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\McsEvents.dll, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsEvents.dll)
2020-11-24T14:09:50.349Z [ 9068:15128] [v4.12.686.0] INFO  DeleteFile C:\Program Files (x86)\Sophos\Management Communications System\TMP\McsEvents.dll1606226988-1: file already absent
2020-11-24T14:09:50.349Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\McsAgent.exe, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe)
2020-11-24T14:09:50.350Z [ 9068:15128] [v4.12.686.0] INFO  DeleteFile C:\Program Files (x86)\Sophos\Management Communications System\TMP\McsAgent.exe1606226988-1: file already absent
2020-11-24T14:09:50.350Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\McsClient.exe, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe)
2020-11-24T14:09:50.350Z [ 9068:15128] [v4.12.686.0] INFO  DeleteFile C:\Program Files (x86)\Sophos\Management Communications System\TMP\McsClient.exe1606226988-1: file already absent
2020-11-24T14:09:50.350Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\scf.dat, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\scf.dat)
2020-11-24T14:09:50.350Z [ 9068:15128] [v4.12.686.0] INFO  DeleteFile C:\Program Files (x86)\Sophos\Management Communications System\TMP\scf.dat1606226988-1: file already absent
2020-11-24T14:09:50.350Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\sof.dat, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\sof.dat)
2020-11-24T14:09:50.350Z [ 9068:15128] [v4.12.686.0] INFO  DeleteFile C:\Program Files (x86)\Sophos\Management Communications System\TMP\sof.dat1606226988-1: file already absent
2020-11-24T14:09:50.350Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Management Communications System\Endpoint\Uninstall.exe, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\Uninstall.exe)
2020-11-24T14:09:50.350Z [ 9068:15128] [v4.12.686.0] INFO  DeleteFile C:\Program Files (x86)\Sophos\Management Communications System\TMP\Uninstall.exe1606226988-1: file already absent
2020-11-24T14:09:50.350Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca1.crt, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca1.crt)
2020-11-24T14:09:50.361Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca1.crl, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca1.crl)
2020-11-24T14:09:50.361Z [ 9068:15128] [v4.12.686.0] INFO  DeleteFile C:\ProgramData\Sophos\Certificates\Management Communications System\TMP\sophosca1.crl1606226988-1: file already absent
2020-11-24T14:09:50.361Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca2.crt, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca2.crt)
2020-11-24T14:09:50.362Z [ 9068:15128] [v4.12.686.0] INFO  DeleteFile C:\ProgramData\Sophos\Certificates\Management Communications System\TMP\sophosca2.crt1606226988-1: file already absent
2020-11-24T14:09:50.362Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca2.crl, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca2.crl)
2020-11-24T14:09:50.362Z [ 9068:15128] [v4.12.686.0] INFO  DeleteFile C:\ProgramData\Sophos\Certificates\Management Communications System\TMP\sophosca2.crl1606226988-1: file already absent
2020-11-24T14:09:50.362Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca3.crt, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca3.crt)
2020-11-24T14:09:50.363Z [ 9068:15128] [v4.12.686.0] INFO  DeleteFile C:\ProgramData\Sophos\Certificates\Management Communications System\TMP\sophosca3.crt1606226988-1: file already absent
2020-11-24T14:09:50.363Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca3.crl, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca3.crl)
2020-11-24T14:09:50.363Z [ 9068:15128] [v4.12.686.0] INFO  DeleteFile C:\ProgramData\Sophos\Certificates\Management Communications System\TMP\sophosca3.crl1606226988-1: file already absent
2020-11-24T14:09:50.364Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca4.crt, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca4.crt)
2020-11-24T14:09:50.364Z [ 9068:15128] [v4.12.686.0] INFO  DeleteFile C:\ProgramData\Sophos\Certificates\Management Communications System\TMP\sophosca4.crt1606226988-1: file already absent
2020-11-24T14:09:50.364Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Sophos\Certificates\Management Communications System\sophosca4.crl, C:\ProgramData\Sophos\Certificates\Management Communications System\sophosca4.crl)
2020-11-24T14:09:50.364Z [ 9068:15128] [v4.12.686.0] INFO  DeleteFile C:\ProgramData\Sophos\Certificates\Management Communications System\TMP\sophosca4.crl1606226988-1: file already absent
2020-11-24T14:09:50.365Z [ 9068:15128] [v4.12.686.0] INFO  MCS file installer completed successfully.
2020-11-24T14:09:50.365Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: MCS flags installer
2020-11-24T14:09:50.365Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CreateDirectory(C:\ProgramData\Sophos\Management Communications System\Endpoint\Flags)
2020-11-24T14:09:50.365Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: DeleteMatchingFiles(From C:\ProgramData\Sophos\Management Communications System\Endpoint\Flags containing '.*')
2020-11-24T14:09:50.366Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Flags\cepng.json, C:\ProgramData\Sophos\Management Communications System\Endpoint\Flags\cepng.json)
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep\Flags\cix.json, C:\ProgramData\Sophos\Management Communications System\Endpoint\Flags\cix.json)
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  MCS flags installer completed successfully.
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Components\MCS_SCM, 64)
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: MCS registry key Installer
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CreateRegistryKey(HKLM\Software\Sophos\Remote Management System, 32)
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CreateRegistryKey(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters, 32)
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CreateRegistryKey(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters\MCS, 32)
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters\MCS, 32, DllPath, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAdapter.dll)
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CreateRegistryKey(HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sophos Management Communications System, 0)
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sophos Management Communications System, 0, EventMessageFile, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsEvents.dll)
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sophos Management Communications System, 0, ParameterMessageFile, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsEvents.dll)
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sophos Management Communications System, 0, CategoryMessageFile, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsEvents.dll)
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sophos Management Communications System, 0, CategoryCount, 2)
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sophos Management Communications System, 0, TypesSupported, 7)
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CreateRegistryKey(HKLM\Software\Sophos\Telemetry\Plugins\MCS, 32)
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\Software\Sophos\Telemetry\Plugins\MCS, 32, File, C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\mcsAgentTelemetry.json)
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CreateRegistryKey(HKLM\System\CurrentControlSet\Services\Sophos Endpoint Defense\EndpointFlags, 0)
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  MCS registry key Installer completed successfully.
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: MCS Channels Installer
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\APPWL\Incoming and all parent directories
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\APPWL\Staging and all parent directories
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CreateRegistryKey(HKLM\Software\Sophos\Management Communications System\Channels\APPWL, 32)
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\Software\Sophos\Management Communications System\Channels\APPWL, 32, presigned_uri, RegistryValue(7, 00000000)
2020-11-24T14:09:50.367Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\EDR\Incoming and all parent directories
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\EDR\Staging and all parent directories
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CreateRegistryKey(HKLM\Software\Sophos\Management Communications System\Channels\EDR, 32)
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\Software\Sophos\Management Communications System\Channels\EDR, 32, presigned_uri, RegistryValue(7, 00000000)
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\FIM\Incoming and all parent directories
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\FIM\Staging and all parent directories
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CreateRegistryKey(HKLM\Software\Sophos\Management Communications System\Channels\FIM, 32)
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\Software\Sophos\Management Communications System\Channels\FIM, 32, presigned_uri, RegistryValue(7, 00000000)
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\ForensicSnapshot\Incoming and all parent directories
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\ForensicSnapshot\Staging and all parent directories
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CreateRegistryKey(HKLM\Software\Sophos\Management Communications System\Channels\ForensicSnapshot, 32)
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\Software\Sophos\Management Communications System\Channels\ForensicSnapshot, 32, presigned_uri, RegistryValue(7, 00000000)
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\RCA\Incoming and all parent directories
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\RCA\Staging and all parent directories
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CreateRegistryKey(HKLM\Software\Sophos\Management Communications System\Channels\RCA, 32)
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\Software\Sophos\Management Communications System\Channels\RCA, 32, presigned_uri, RegistryValue(7, 00000000)
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\LiveQueryScheduled\Incoming and all parent directories
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\LiveQueryScheduled\Staging and all parent directories
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CreateRegistryKey(HKLM\Software\Sophos\Management Communications System\Channels\LiveQueryScheduled, 32)
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  MCS Channels Installer completed successfully.
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: MCS MCS Remapper Installer
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Messages and all parent directories
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Messages\Incoming and all parent directories
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Create directory C:\ProgramData\Sophos\Management Communications System\Endpoint\Messages\Staging and all parent directories
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CreateRegistryKey(HKLM\Software\Sophos\Management, 64)
2020-11-24T14:09:50.368Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CreateRegistryKey(HKLM\Software\Sophos\Management\Policy, 64)
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  MCS MCS Remapper Installer completed successfully.
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: MCS add remove program key installer
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32)
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, AuthorizedCDFPrefix, )
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, Comments, Management Communications System)
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, Contact, Sophos Technical Support)
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, DisplayName, Sophos Management Communications System)
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, DisplayVersion, 4.12.686.0)
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, EstimatedSize, 5263)
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, HelpLink, http://www.sophos.com/support)
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, InstallDate, 20201124)
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, InstallLocation, C:\Program Files (x86)\Sophos\Management Communications System\Endpoint)
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, InstallSource, C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep)
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, Language, 1033)
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, ModifyPath, )
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, NoModify, 1)
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, NoRepair, 1)
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, Publisher, Sophos Limited)
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, UninstallString, "C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\Uninstall.exe")
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, URLInfoAbout, http://www.sophos.com)
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, VersionMajor, 4)
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, VersionMinor, 12)
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}, 32, SystemComponent, 1)
2020-11-24T14:09:50.369Z [ 9068:15128] [v4.12.686.0] INFO  MCS add remove program key installer completed successfully.
2020-11-24T14:09:50.370Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Start tamper-protected service step: Sophos MCS Agent
2020-11-24T14:09:50.370Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Start tamper-protected service step: Sophos MCS Client
2020-11-24T14:09:50.370Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: Tamper protection of the MCS_SCM component will be set to: ON 
2020-11-24T14:09:50.370Z [ 9068:15128] [v4.12.686.0] INFO  Commit step: TriggerRollbackTestStep: No action at execution
2020-11-24T14:09:50.370Z [ 9068:15128] [v4.12.686.0] INFO  MCS overall installer completed successfully.
2020-11-24T14:09:50.370Z [ 9068:15128] [v4.12.686.0] INFO  Action was successful, reboot is not required
2020-11-24T14:09:50.370Z [ 9068:15128] [v4.12.686.0] INFO  End product setup

Thanks

Children

0 intrusus over 3 years ago in reply to M-ameen Ahmed Ahmed

Hi,

M-ameen Ahmed Ahmed said:
it seem both Sophos MSC Agent and Client Services work again after update

So the problem solved itself after the windows update, glad to hear!

It seems that Sophos found Malware and/or potentially unwanted Applications. Please check the device on Sophos Central so that you can deal with the Threat Case. If you need help with cleanup, or Intercept X was unable to perform automatic cleanup, please open a new thread in this group or submit a case to Sophos support. We try to solve only one problem per thread in the community to keep things organized.

Intrusus
Sophos Certified Engineer | Sophos Certified Technician

_{private lab:
XG firewall with SFOS 18.0.3 MR-3}^{Intercept X Advanced (for Server) with EDR EAP latest}
_{If a post solves your question use the 'Verify Answer' link}
Cancel
Vote Up 0 Vote Down

Cancel
0 M-ameen Ahmed Ahmed over 3 years ago in reply to intrusus

Thank You very much . Now every thing work again.
Cancel
Vote Up +1 Vote Down

Cancel