This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Intercept X on Win Server 16 - Failed to update. How to re-try?

Got a Medium Alert that one of my servers is out of compliance. Checked the endpoint and it says that Malicious Traffic Detection and Sophos Antivirus failed to install. There doesn't seem to be a way to tell it to try again. I've attached the most recent log file.

 1805.SophosUpdate.log



This thread was automatically locked due to age.
Parents
  • I can see from the last update attempt:

    2021-03-18T19:55:34.232Z [22284:20828] [v6.7.352.0] INFO Installing component E17FE03B-0501-4aaa-BC69-0129D965F311 10.8.10.810.
    2021-03-18T19:55:34.243Z [22284:20828] [v6.7.352.0] INFO Checking manifest:C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\appfeed_manifest.dat
    2021-03-18T19:55:34.249Z [22284:20828] [v6.7.352.0] INFO Checking manifest:C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\manifest.dat
    2021-03-18T19:55:35.597Z [22284:20828] [v6.7.352.0] INFO Checking manifest:C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\crt\manifest.dat
    2021-03-18T19:55:35.752Z [22284:20828] [v6.7.352.0] INFO Checking manifest:C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\SAVCFG\savcfg.manifest.dat
    2021-03-18T19:55:35.758Z [22284:20828] [v6.7.352.0] INFO Checking manifest:C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\savcontrol\savcontrol.manifest.dat
    2021-03-18T19:55:35.771Z [22284:20828] [v6.7.352.0] INFO setupDll='C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\setup.dll'; setupExe='C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\su-setup32.exe'.
    2021-03-18T19:55:36.889Z [ 8264:10552] [v6.7.352.0] INFO Trying to load setup.dll of product E17FE03B-0501-4aaa-BC69-0129D965F311 10.8.10.810.
    2021-03-18T19:55:37.420Z [ 8264:10552] [v6.7.352.0] INFO Setup DLL loaded C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\setup.dll.
    2021-03-18T19:55:37.421Z [ 8264:10552] [v6.7.352.0] INFO Trying interface IProductSetup2 of product E17FE03B-0501-4aaa-BC69-0129D965F311 10.8.10.810.
    2021-03-18T19:55:37.421Z [ 8264:10552] [v6.7.352.0] WARN IProductSetup2 threw exception Could not create instance.
    2021-03-18T19:55:37.421Z [ 8264:10552] [v6.7.352.0] INFO Creating CProductConfig interface.
    2021-03-18T19:55:37.422Z [ 8264:10552] [v6.7.352.0] INFO Trying interface IProductSetup of product E17FE03B-0501-4aaa-BC69-0129D965F311 10.8.10.810.
    2021-03-18T19:55:37.422Z [ 8264:10552] [v6.7.352.0] INFO Successfully established interface IProductSetup.
    2021-03-18T19:55:59.093Z [ 8264:10552] [v6.7.352.0] INFO Reboot state: 0
    2021-03-18T19:55:59.093Z [ 8264:10552] [v6.7.352.0] WARN Failed to install product E17FE03B-0501-4aaa-BC69-0129D965F311 10.8.10.810.

    And then:

    2021-03-18T19:55:59.132Z [22284:20828] [v6.7.352.0] INFO Installing component 8087796B-2289-4897-98A5-58FF23DAAFD0 1.11.194.0.
    2021-03-18T19:55:59.138Z [22284:20828] [v6.7.352.0] INFO Checking manifest:C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\ntp64\manifest.dat
    2021-03-18T19:56:00.102Z [22284:20828] [v6.7.352.0] INFO setupDll='C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\ntp64\setup.dll'; setupExe='C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\su-setup32.exe'.
    2021-03-18T19:56:00.311Z [ 5800: 552] [v6.7.352.0] INFO Trying to load setup.dll of product 8087796B-2289-4897-98A5-58FF23DAAFD0 1.11.194.0.
    2021-03-18T19:56:00.450Z [ 5800: 552] [v6.7.352.0] INFO Setup DLL loaded C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\ntp64\setup.dll.
    2021-03-18T19:56:00.450Z [ 5800: 552] [v6.7.352.0] INFO Trying interface IProductSetup2 of product 8087796B-2289-4897-98A5-58FF23DAAFD0 1.11.194.0.
    2021-03-18T19:56:00.463Z [ 5800: 552] [v6.7.352.0] INFO Successfully established interface IProductSetup2.
    2021-03-18T19:56:00.971Z [ 5800: 552] [v6.7.352.0] INFO Reboot state: 0
    2021-03-18T19:56:00.971Z [ 5800: 552] [v6.7.352.0] WARN Failed to install product 8087796B-2289-4897-98A5-58FF23DAAFD0 1.11.194.0.
    2021-03-18T19:56:01.008Z [22284:20828] [v6.7.352.0] ERROR su-setup: exit 1

    So both SAV and NTP failed to install.  These will both have created install logs under \windows\temp\

    E.g.for a major update:
    Sophos Anti-Virus Major Install Log_210311_010309.txt
    Sophos Anti-Virus Major CustomActions Log_210311_010309.txt

    or, if a minor update:
    Sophos Anti-Virus Install Log_210318_084105.txt
    Sophos Anti-Virus CustomActions Log_210318_084105.txt

    There will be a pair of logs, the install log and the custom action logs, they have the same time stamp.

    As for NTP, it will be called:
    Sophos Network Threat Protection Install Log 20210318 204127.txt

    Can you attach these?

    AutoUpdate will keep trying to install them on every update.  Which is each hour as scheduled or as and when you do "update now".

Reply
  • I can see from the last update attempt:

    2021-03-18T19:55:34.232Z [22284:20828] [v6.7.352.0] INFO Installing component E17FE03B-0501-4aaa-BC69-0129D965F311 10.8.10.810.
    2021-03-18T19:55:34.243Z [22284:20828] [v6.7.352.0] INFO Checking manifest:C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\appfeed_manifest.dat
    2021-03-18T19:55:34.249Z [22284:20828] [v6.7.352.0] INFO Checking manifest:C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\manifest.dat
    2021-03-18T19:55:35.597Z [22284:20828] [v6.7.352.0] INFO Checking manifest:C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\crt\manifest.dat
    2021-03-18T19:55:35.752Z [22284:20828] [v6.7.352.0] INFO Checking manifest:C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\SAVCFG\savcfg.manifest.dat
    2021-03-18T19:55:35.758Z [22284:20828] [v6.7.352.0] INFO Checking manifest:C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\savcontrol\savcontrol.manifest.dat
    2021-03-18T19:55:35.771Z [22284:20828] [v6.7.352.0] INFO setupDll='C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\setup.dll'; setupExe='C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\su-setup32.exe'.
    2021-03-18T19:55:36.889Z [ 8264:10552] [v6.7.352.0] INFO Trying to load setup.dll of product E17FE03B-0501-4aaa-BC69-0129D965F311 10.8.10.810.
    2021-03-18T19:55:37.420Z [ 8264:10552] [v6.7.352.0] INFO Setup DLL loaded C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\setup.dll.
    2021-03-18T19:55:37.421Z [ 8264:10552] [v6.7.352.0] INFO Trying interface IProductSetup2 of product E17FE03B-0501-4aaa-BC69-0129D965F311 10.8.10.810.
    2021-03-18T19:55:37.421Z [ 8264:10552] [v6.7.352.0] WARN IProductSetup2 threw exception Could not create instance.
    2021-03-18T19:55:37.421Z [ 8264:10552] [v6.7.352.0] INFO Creating CProductConfig interface.
    2021-03-18T19:55:37.422Z [ 8264:10552] [v6.7.352.0] INFO Trying interface IProductSetup of product E17FE03B-0501-4aaa-BC69-0129D965F311 10.8.10.810.
    2021-03-18T19:55:37.422Z [ 8264:10552] [v6.7.352.0] INFO Successfully established interface IProductSetup.
    2021-03-18T19:55:59.093Z [ 8264:10552] [v6.7.352.0] INFO Reboot state: 0
    2021-03-18T19:55:59.093Z [ 8264:10552] [v6.7.352.0] WARN Failed to install product E17FE03B-0501-4aaa-BC69-0129D965F311 10.8.10.810.

    And then:

    2021-03-18T19:55:59.132Z [22284:20828] [v6.7.352.0] INFO Installing component 8087796B-2289-4897-98A5-58FF23DAAFD0 1.11.194.0.
    2021-03-18T19:55:59.138Z [22284:20828] [v6.7.352.0] INFO Checking manifest:C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\ntp64\manifest.dat
    2021-03-18T19:56:00.102Z [22284:20828] [v6.7.352.0] INFO setupDll='C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\ntp64\setup.dll'; setupExe='C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\su-setup32.exe'.
    2021-03-18T19:56:00.311Z [ 5800: 552] [v6.7.352.0] INFO Trying to load setup.dll of product 8087796B-2289-4897-98A5-58FF23DAAFD0 1.11.194.0.
    2021-03-18T19:56:00.450Z [ 5800: 552] [v6.7.352.0] INFO Setup DLL loaded C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\ntp64\setup.dll.
    2021-03-18T19:56:00.450Z [ 5800: 552] [v6.7.352.0] INFO Trying interface IProductSetup2 of product 8087796B-2289-4897-98A5-58FF23DAAFD0 1.11.194.0.
    2021-03-18T19:56:00.463Z [ 5800: 552] [v6.7.352.0] INFO Successfully established interface IProductSetup2.
    2021-03-18T19:56:00.971Z [ 5800: 552] [v6.7.352.0] INFO Reboot state: 0
    2021-03-18T19:56:00.971Z [ 5800: 552] [v6.7.352.0] WARN Failed to install product 8087796B-2289-4897-98A5-58FF23DAAFD0 1.11.194.0.
    2021-03-18T19:56:01.008Z [22284:20828] [v6.7.352.0] ERROR su-setup: exit 1

    So both SAV and NTP failed to install.  These will both have created install logs under \windows\temp\

    E.g.for a major update:
    Sophos Anti-Virus Major Install Log_210311_010309.txt
    Sophos Anti-Virus Major CustomActions Log_210311_010309.txt

    or, if a minor update:
    Sophos Anti-Virus Install Log_210318_084105.txt
    Sophos Anti-Virus CustomActions Log_210318_084105.txt

    There will be a pair of logs, the install log and the custom action logs, they have the same time stamp.

    As for NTP, it will be called:
    Sophos Network Threat Protection Install Log 20210318 204127.txt

    Can you attach these?

    AutoUpdate will keep trying to install them on every update.  Which is each hour as scheduled or as and when you do "update now".

Children
No Data