Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 13 subscribers
  • Views 1251 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Intercept X Servers not updating

james hickey

Hello, 

Today I noticed that since the October 20th, which certainly follows patch Tuesday, 3 of our servers have been failing to receive updates from Sohpos. This just started, no changes were made on our end, other than MS updates. Has anyone else been experiencing this since this week?

I am very concerned since these are some critical servers. 

Here are some of the log files outputs: 

Sophos Anti-Virus Major Install Log.txt


MSI (s) (9C:F8) [10:26:14:821]: Windows Installer installed the product. Product Name: Sophos Anti-Virus. Product Version: 10.8.11.22. Product Language: 1033. Manufacturer: Sophos Limited. Installation success or error status: 1603.

MSI (s) (9C:F8) [10:26:14:826]: Deferring clean up of packages/files, if any exist
MSI (s) (9C:F8) [10:26:14:826]: MainEngineThread is returning 1603
MSI (s) (9C:28) [10:26:14:826]: No System Restore sequence number for this installation.
=== Logging stopped: 10/22/2021 10:26:14 ===
MSI (s) (9C:28) [10:26:14:831]: User policy value 'DisableRollback' is 0
MSI (s) (9C:28) [10:26:14:831]: Machine policy value 'DisableRollback' is 0
MSI (s) (9C:28) [10:26:14:831]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (9C:28) [10:26:14:831]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (9C:28) [10:26:14:832]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (9C:28) [10:26:14:832]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (s) (9C:28) [10:26:14:833]: Destroying RemoteAPI object.
MSI (s) (9C:CC) [10:26:14:833]: Custom Action Manager thread ending.
MSI (c) (98:B8) [10:26:14:834]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (c) (98:B8) [10:26:14:834]: MainEngineThread is returning 1603
=== Verbose logging stopped: 10/22/2021 10:26:14 ===

2021-10-22 10:26:14 ERROR: Installation failed
2021-10-22 10:26:14 Info: SetupPlugin: Unable to open Application registry key to get Install Path.
2021-10-22 10:26:14 ERROR: Failed to get current install location to register with tamper protection. Error 0x80070002
2021-10-22 10:26:14 ERROR: Failed to update the major update counters (The result of the last run has not been set)

Sophos Anti-Virus CustomActons Log.txt

2021-10-22 10:26:13 native:InstallInfSection: Action started
2021-10-22 10:26:13 native:InstallInfSection: INF file: C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\drivers\sdcfilter\win7_amd64\SDCFILTER.INF
2021-10-22 10:26:13 native:InstallInfSection: SetupInstallServicesFromInfSection failed
2021-10-22 10:26:13 native:InstallInfSection: Action failed
2021-10-22 10:26:13 native:InstallInfSection: Action started
2021-10-22 10:26:13 native:InstallInfSection: INF file: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVONACCESSDRIV.INF
2021-10-22 10:26:13 native:UnloadFilterDriver: Action started
2021-10-22 10:26:13 native:UnloadFilterDriver: Driver not loaded, count = 1
2021-10-22 10:26:13 native:UnloadFilterDriver: Action succeeded
2021-10-22 10:26:13 native:InstallInfSection: Action succeeded
2021-10-22 10:26:13 native:InstallInfSection: Action started
2021-10-22 10:26:13 native:InstallInfSection: INF file: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SOPHOSBOOTDRIVER.INF
2021-10-22 10:26:13 native:InstallInfSection: Action succeeded
2021-10-22 10:26:13 native:InstallInfSection: Action started
2021-10-22 10:26:13 native:InstallInfSection: INF file: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SDCFILTER.INF
2021-10-22 10:26:14 native:InstallInfSection: Action succeeded
2021-10-22 10:26:14 UpdateDesktopMessaging: Action started
2021-10-22 10:26:14 UpdateDesktopMessaging: UpdateDesktopMessaging: Could not delete SAVPlugin registry key(2)
2021-10-22 10:26:14 UpdateDesktopMessaging: Action succeeded
2021-10-22 10:26:14 DeleteOtherFiles: Action started
2021-10-22 10:26:14 DeleteOtherFiles: Unable to get list of engine files from C:\Program Files (x86)\Sophos\Sophos Anti-Virus\engsync.upd
2021-10-22 10:26:14 DeleteOtherFiles: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll does not exist, no further action.
2021-10-22 10:26:14 DeleteOtherFiles: PROCESSOR_ARCHITECTURE environment variable is: AMD64
2021-10-22 10:26:14 DeleteOtherFiles: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll does not exist, no further action.
2021-10-22 10:26:14 DeleteOtherFiles: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\detoured.dll does not exist, no further action.
2021-10-22 10:26:14 DeleteOtherFiles: GetRidOfExistingDetoured - C:\Windows\system32\SophosAV\sophos_detoured.dll detoured exists, proceeding to rename it & mark for delete.
2021-10-22 10:26:14 DeleteOtherFiles: GetRidOfExistingDetoured - C:\Windows\system32\SophosAV\sophos_detoured_x64.dll detoured exists, proceeding to rename it & mark for delete.
2021-10-22 10:26:14 DeleteOtherFiles: RemoveSophosAVDirectory: C:\Windows\system32\SophosAV\
2021-10-22 10:26:14 DeleteOtherFiles: RemoveSophosAVDirectory: Scheduling delete of SophosAV system directory on reboot (145).
2021-10-22 10:26:14 DeleteOtherFiles: RemoveSophosAVDirectory: C:\Windows\system32\SophosAV\ (wow64 disabled)
2021-10-22 10:26:14 DeleteOtherFiles: RemoveSophosAVDirectory: Scheduling delete of SophosAV system directory on reboot (145).
2021-10-22 10:26:14 DeleteOtherFiles: Deleting config file folder
2021-10-22 10:26:14 DeleteOtherFiles: Failed to delete config folder, 2
2021-10-22 10:26:14 DeleteOtherFiles: Action succeeded
2021-10-22 10:26:14 ForceDeleteUserPlugin: Action started
2021-10-22 10:26:14 ForceDeleteUserPlugin: Error deleting user pluging registry key. Returned error was: The system cannot find the file specified.

2021-10-22 10:26:14 ForceDeleteUserPlugin: Action succeeded
2021-10-22 10:26:14 ForceDeleteFiles: Action started
2021-10-22 10:26:14 ForceDeleteFiles: Action succeeded
2021-10-22 10:26:14 RollbackUpdateSavAdapterDll: Action started
2021-10-22 10:26:14 RollbackUpdateSavAdapterDll: Action succeeded
2021-10-22 10:26:14 RunErrorScripts: Action started
2021-10-22 10:26:14 RunErrorScripts: Action succeeded
2021-10-22 10:26:14 RestoreMovedFiles: Action started
2021-10-22 10:26:14 RestoreMovedFiles: Action succeeded
2021-10-22 10:26:14 SetUpdateFailed: Action started
2021-10-22 10:26:14 SetUpdateFailed: Unable to create an instance of ComponentManager - SystemInformation cannot be informed of end of update, error 0x80040154
2021-10-22 10:26:14 SetUpdateFailed: Action succeeded

SophosUpdate.log

21-10-22T17:24:54.014Z [16840:19928] [v6.9.359] INFO Last update failed: forcing full decode.
2021-10-22T17:24:54.014Z [16840:19928] [v6.9.359] INFO Beginning decode
2021-10-22T17:25:04.079Z [16840:19928] [v6.9.359] INFO WindowsCloudServer: decode complete
2021-10-22T17:25:09.181Z [16840:19928] [v6.9.359] INFO WindowsCloudServer: downloaded suite version: 1.8.10.295, display version: 2.19.8
2021-10-22T17:25:09.181Z [16840:19928] [v6.9.359] INFO WindowsCloudServerAV: decode complete
2021-10-22T17:25:14.311Z [16840:19928] [v6.9.359] INFO WindowsCloudServerAV: downloaded suite version: 1.3.62, display version: 10.8.11.1
2021-10-22T17:25:14.311Z [16840:19928] [v6.9.359] INFO WindowsCloudServerHitmanProAlert: decode complete
2021-10-22T17:25:19.433Z [16840:19928] [v6.9.359] INFO WindowsCloudServerHitmanProAlert: downloaded suite version: 1.1.142, display version: 2.0.22
2021-10-22T17:25:20.650Z [16840:19928] [v6.9.359] INFO Saving state.
2021-10-22T17:25:20.652Z [16840:19928] [v6.9.359] INFO Overwriting state file C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml
2021-10-22T17:25:20.656Z [16840:19928] [v6.9.359] INFO Verified state file can be loaded.
2021-10-22T17:25:20.657Z [16840:19928] [v6.9.359] INFO Installing products.
2021-10-22T17:25:20.657Z [16840:19928] [v6.9.359] INFO Skipped installation of component 0253775E-970D-4876-959C-21B422420E5A 1.6.56
2021-10-22T17:25:20.657Z [16840:19928] [v6.9.359] INFO Skipped installation of component 1129226C-32AB-4B72-85E1-A9CC8DFBC859 3.0.0.1654
2021-10-22T17:25:20.657Z [16840:19928] [v6.9.359] INFO Skipped installation of component 1FE3E7DF-EFFA-408A-A1B0-89F15BA61F31 6.9.360
2021-10-22T17:25:20.657Z [16840:19928] [v6.9.359] INFO Skipped installation of component 243DECCD-8080-410D-A45F-77F2182715EE 1.11.71.71
2021-10-22T17:25:20.657Z [16840:19928] [v6.9.359] INFO Skipped installation of component 244E68BF-E1BB-4A6B-AC18-A492DE0134C0 3.8.1.504
2021-10-22T17:25:20.657Z [16840:19928] [v6.9.359] INFO Skipped installation of component 3799FB3E-808A-4F7D-AC6A-0C74F931C386 4.14.353.0
2021-10-22T17:25:20.657Z [16840:19928] [v6.9.359] INFO Skipped installation of component 3CE954A1-0F41-4D9B-B2F0-58AA75334DFD 2.7.28.0
2021-10-22T17:25:20.657Z [16840:19928] [v6.9.359] INFO Skipped installation of component 3D8DC0A9-7F42-4CD5-AA7B-CF29296E7789 3.9.8.10
2021-10-22T17:25:20.657Z [16840:19928] [v6.9.359] INFO Skipped installation of component 591706A7-9603-4255-A65F-EA49BB11E8AC 1.8.24.0
2021-10-22T17:25:20.657Z [16840:19928] [v6.9.359] INFO Skipped installation of component 5CD1A7B6-812E-47A1-A986-3A6D5D5C19F5 2.3.150.0
2021-10-22T17:25:20.657Z [16840:19928] [v6.9.359] INFO Skipped installation of component 642A6FD9-A9D6-482D-BD8C-46661F241A0E 1.7.79
2021-10-22T17:25:20.657Z [16840:19928] [v6.9.359] INFO Skipped installation of component 70FDD40E-986A-44E5-9620-2B894A06702A 1.7.4.0
2021-10-22T17:25:20.657Z [16840:19928] [v6.9.359] INFO Skipped installation of component 7F682906-6E49-481B-89C5-2DCA36720F4F 3.1.9.0
2021-10-22T17:25:20.657Z [16840:19928] [v6.9.359] INFO Skipped installation of component 8087796B-2289-4897-98A5-58FF23DAAFD0 1.14.663.0
2021-10-22T17:25:20.657Z [16840:19928] [v6.9.359] INFO Skipped installation of component CD297D6B-58A5-474F-8A0D-0A15803B8B50 1.2.0.17
2021-10-22T17:25:20.657Z [16840:19928] [v6.9.359] INFO Skipped installation of component FileIntegrityMonitoring 1.0.1.11
2021-10-22T17:25:20.658Z [16840:19928] [v6.9.359] INFO Skipped installation of component SDU 6.9.410
2021-10-22T17:25:20.659Z [16840:19928] [v6.9.359] INFO Installing component E17FE03B-0501-4aaa-BC69-0129D965F311 10.8.11.22.
2021-10-22T17:25:20.665Z [16840:19928] [v6.9.359] INFO Checking manifest:C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\appfeed_manifest.dat
2021-10-22T17:25:20.669Z [16840:19928] [v6.9.359] INFO Checking manifest:C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\manifest.dat
2021-10-22T17:25:21.466Z [16840:19928] [v6.9.359] INFO Checking manifest:C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\crt\manifest.dat
2021-10-22T17:25:21.606Z [16840:19928] [v6.9.359] INFO Checking manifest:C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\SAVCFG\savcfg.manifest.dat
2021-10-22T17:25:21.610Z [16840:19928] [v6.9.359] INFO Checking manifest:C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\savcontrol\savcontrol.manifest.dat
2021-10-22T17:25:21.617Z [16840:19928] [v6.9.359] INFO setupDll='C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\setup.dll'; setupExe='C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\su-setup32.exe'.
2021-10-22T17:25:21.886Z [21144:16324] [v6.9.343] INFO Trying to load setup.dll of product E17FE03B-0501-4aaa-BC69-0129D965F311 10.8.11.22.
2021-10-22T17:25:21.977Z [21144:16324] [v6.9.343] INFO Setup DLL loaded C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\setup.dll.
2021-10-22T17:25:21.978Z [21144:16324] [v6.9.343] INFO Trying interface IProductSetup2 of product E17FE03B-0501-4aaa-BC69-0129D965F311 10.8.11.22.
2021-10-22T17:25:21.979Z [21144:16324] [v6.9.343] WARN IProductSetup2 threw exception Could not create instance.
2021-10-22T17:25:21.979Z [21144:16324] [v6.9.343] INFO Creating CProductConfig interface.
2021-10-22T17:25:21.979Z [21144:16324] [v6.9.343] INFO Trying interface IProductSetup of product E17FE03B-0501-4aaa-BC69-0129D965F311 10.8.11.22.
2021-10-22T17:25:21.979Z [21144:16324] [v6.9.343] INFO Successfully established interface IProductSetup.
2021-10-22T17:26:14.839Z [21144:16324] [v6.9.343] INFO Reboot state: 0
2021-10-22T17:26:14.839Z [21144:16324] [v6.9.343] WARN Failed to install product E17FE03B-0501-4aaa-BC69-0129D965F311 10.8.11.22.
2021-10-22T17:26:14.847Z [16840:19928] [v6.9.359] ERROR su-setup: exit 1
2021-10-22T17:26:14.848Z [16840:19928] [v6.9.359] INFO Setting failed installed thumbprint.
2021-10-22T17:26:14.848Z [16840:19928] [v6.9.359] INFO Saving intermediate state after installing E17FE03B-0501-4aaa-BC69-0129D965F311
2021-10-22T17:26:14.853Z [16840:19928] [v6.9.359] INFO Overwriting state file C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml
2021-10-22T17:26:14.859Z [16840:19928] [v6.9.359] INFO Verified state file can be loaded.
2021-10-22T17:26:14.862Z [16840:19928] [v6.9.359] INFO Telemetry Interval set to 86400 seconds
2021-10-22T17:26:14.863Z [16840:19928] [v6.9.359] INFO Telemetry Interval updated to 86400 seconds
2021-10-22T17:26:14.863Z [16840:19928] [v6.9.359] INFO Telemetry last ran at 2021-10-22 10:26:14, Offset 5832, Offset Time 2021-10-22 12:03:26
2021-10-22T17:26:14.863Z [16840:19928] [v6.9.359] INFO Telemetry schedule has not elapsed.
2021-10-22T17:26:14.867Z [16840:19928] [v6.9.359] INFO Overwriting state file C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml
2021-10-22T17:26:14.872Z [16840:19928] [v6.9.359] INFO Verified state file can be loaded.
2021-10-22T17:26:14.895Z [16840:19928] [v6.9.359] INFO SophosUpdate has completed with the result 4.
2021-10-22T17:26:14.895Z [16840:19928] [v6.9.359] INFO SophosUpdate is exiting.



This thread was automatically locked due to age.
Parents
  • 0

    "SetupPlugin: Unable to open Application registry key to get Install Path."

    This relates to the "Path" value under the registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\SAVService\Application

    Can you check if it exists?

    If not, maybe you can create the REG_SZ and set the value to what I assume should be C:\Program Files (x86)\Sophos\Sophos Anti-Virus\

  • 0 in reply to Sophos User930

    Hello,

    No that key does not exist. I have some input from Sophos suggesting a reboot. I will be doing that this evening and will report back.

    Thanks for  your input.

    James

Reply Children
  • 0 in reply to james hickey

    I'm pretty sure the installer uses that for future work that references the install location so it is quite fundamental.  Hard to say if just adding that back will help as it's hard to say what else is missing.  If nothing else, you'll get a different error.  Worse case, use SophosZap to remove and then re-deploy. 

Unfiltered HTML