Sophos Central installs Multiple services missing

Hello,

All installations suddenly began failing. All attempts end with the same services missing:

Anti Virus Service

Anti Virus Status Reporter

Device Control

Web Control

Web Intelligence

These installs, also fail every update attempt after installation.

This began today. Attempts to re-install, remove and re-install, and update all fail with the same results.

Using two update cache servers. Both had no problems prior to this, all previously installed computers update from the servers fine. 

This happens on Both Windows 10 and Windows 7 computers, no difference in failures. 

Only errors I see in the logs indicate - su-setup: exit 1

There are plenty of strange entries "Skipped installation of component XXXXXX"

I am at a total loss. Any suggestions would be appreciated.

Ed

  • Hi There, 

    Thank you for reaching us. With regards to this, Can you share with us a sample AV remove logs on those systems 1 for the win10 device and 1 for the win7 system? You can collect these logs by Typing %temp% then look for the AVRemovelogs file. 
    In Addition, I would like to let you know that for windows 7 OS, the end of support for this OS will be on Dec 2021 and will no longer be supported with our product unless you’ll be subscribed for extended support. Refer to this documentation. You may consider upgrading those machines to win10 if there’s no dependent application running on a specific OS

    GlennSen 
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • EDIT - Doing further research and testing today I have resolved the issue. MS uninstall of the security essentials must leave remnants in the registry. Following this MS Post I was able to clear the registry. Once done and rebooted the normal sophos update resolved all the issues.

    Thank you.

    Ed

    Thank you for the reply. 

    Windows 10 Log:

    20 Jul 2021 15:44:42 Info: ==============================================
    20 Jul 2021 15:44:42 Info: Running OS: Microsoft Windows 10 [Version 10.00.19042]
    20 Jul 2021 15:44:42 Info: Current Competitor Removal Tool Settings
    20 Jul 2021 15:44:42 Info: Product Version: Version 2.19.0.142
    20 Jul 2021 15:44:42 Info: Using Product Catalog: Default
    20 Jul 2021 15:44:42 Info: Run On Servers: True
    20 Jul 2021 15:44:42 Info: Detection Only: False
    20 Jul 2021 15:44:42 Info: Remove Anti-Virus: True
    20 Jul 2021 15:44:42 Info: Remove Product Suites: True
    20 Jul 2021 15:44:42 Info: Remove Firewalls: True
    20 Jul 2021 15:44:42 Info: Remove Update Tools: False
    20 Jul 2021 15:44:42 Info: Send Telemetry: True
    20 Jul 2021 15:44:42 Info: Log Tracing: False
    20 Jul 2021 15:44:42 Info: Log to C:\WINDOWS\TEMP\avremove.log
    20 Jul 2021 15:44:42 Info: Default system language: en_US
    20 Jul 2021 15:44:42 Info: Default character encoding: cp1252
    20 Jul 2021 15:44:42 Info: Operating system is 64-bit: True
    20 Jul 2021 15:44:42 Info: Detected Microsoft Security Client version 4.10.0209.0
    20 Jul 2021 15:44:42 Info: ==============================================
    20 Jul 2021 15:44:42 Info: Removing detected products...
    20 Jul 2021 15:44:42 Info: Checking to see if Microsoft Security Client version 4.10.0209.0 is installed
    20 Jul 2021 15:44:42 Info: Starting removal of Microsoft Security Client version 4.10.0209.0
    20 Jul 2021 15:44:42 Info: Creating new process C:\Windows\System32\\MsiExec.exe /X {2AA3C13E-0531-41B8-AE48-AE28C940A809} /q REBOOT=ReallySuppress
    20 Jul 2021 15:46:11 Info: Removal process ended normally: exit code 1603
    20 Jul 2021 15:46:11 Failure: Removal of Microsoft Security Client version 4.10.0209.0 failed, last error 0
    20 Jul 2021 15:46:11 Failure: Return code 1603
    20 Jul 2021 15:46:13 Info: Known publishers list contains 41 entries
    20 Jul 2021 15:46:16 Info: Result of calling SubmitTelem: {"ErrorCode":0,"StatusCode":200}
    20 Jul 2021 15:46:16 Info: Competitor Removal Tool exit code 16
    20 Jul 2021 15:46:16 Info: AVRemove finished. 1 product found, 0 products removed. Report logged to : C:\WINDOWS\TEMP\avremove.log

    Windows 7:

    20 Jul 2021 15:15:41 Info: ==============================================
    20 Jul 2021 15:15:41 Info: Running OS: Microsoft Windows 7 Service Pack 1 [Version 6.01.7601]
    20 Jul 2021 15:15:41 Info: Current Competitor Removal Tool Settings
    20 Jul 2021 15:15:41 Info: Product Version: Version 2.19.0.142
    20 Jul 2021 15:15:41 Info: Using Product Catalog: Default
    20 Jul 2021 15:15:41 Info: Run On Servers: True
    20 Jul 2021 15:15:41 Info: Detection Only: False
    20 Jul 2021 15:15:41 Info: Remove Anti-Virus: True
    20 Jul 2021 15:15:41 Info: Remove Product Suites: True
    20 Jul 2021 15:15:41 Info: Remove Firewalls: True
    20 Jul 2021 15:15:41 Info: Remove Update Tools: False
    20 Jul 2021 15:15:41 Info: Send Telemetry: True
    20 Jul 2021 15:15:41 Info: Log Tracing: False
    20 Jul 2021 15:15:41 Info: Log to C:\Windows\TEMP\avremove.log
    20 Jul 2021 15:15:41 Info: Default system language: en_US
    20 Jul 2021 15:15:41 Info: Default character encoding: cp1252
    20 Jul 2021 15:15:41 Info: Operating system is 64-bit: True
    20 Jul 2021 15:15:41 Info: Detected Microsoft Security Client version 4.10.0209.020 Jul 2021 15:15:42 Info: ==============================================
    20 Jul 2021 15:15:42 Info: Removing detected products...
    20 Jul 2021 15:15:42 Info: Checking to see if Microsoft Security Client version 4.10.0209.0 is installed
    20 Jul 2021 15:15:42 Info: Starting removal of Microsoft Security Client version 4.10.0209.0
    20 Jul 2021 15:15:42 Info: Creating new process C:\Windows\system32\\MsiExec.exe /X {2AA3C13E-0531-41B8-AE48-AE28C940A809} /q REBOOT=ReallySuppress
    20 Jul 2021 15:19:19 Info: Removal process ended normally: exit code 1603
    20 Jul 2021 15:19:19 Failure: Removal of Microsoft Security Client version 4.10.0209.0 failed, last error 0
    20 Jul 2021 15:19:19 Failure: Return code 1603
    20 Jul 2021 15:19:21 Info: Known publishers list contains 41 entries
    20 Jul 2021 15:19:24 Info: Result of calling SubmitTelem: {"ErrorCode":0,"StatusCode":200}
    20 Jul 2021 15:19:24 Info: Competitor Removal Tool exit code 16
    20 Jul 2021 15:19:24 Info: AVRemove finished. 1 product found, 0 products removed. Report logged to : C:\Windows\TEMP\avremove.log

    I am at a loss to explain the Microsoft security security client. I find no evidence it is installed on Windows 7, no running services etc. Windows 10 has the standard Defender, which has not caused an issue before. 

    I am aware of the Windows 7 support. I'd love to replace them, but we are a Public School System. That decision is well above my paygrade.

    Ed