Server Protection - Hitman Pro Alert can't be installed

Hello,

I installed Sophos Intercept X for Server on some servers but on one server Hitman doesn't install/start. If i try "C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\hmpa64\hmpalert.exe /install /mode=sophos" or ""C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\hmpa64\hmpalert.exe" /upgrade /quiet /noautoupdate" I got only the message "This programm is manged by Sophos".

I rebooted the machine and remove and install the software but no change.


Any help possible?

Thx!

Top Replies

  • Hello

    Did you open a case with support? The command that you mentioned is correct "C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\hmpa64\hmpalert.exe /install /mode=sophos"   - the only…

Parents Reply Children
  • Hello,

    Logfile:

    a 2021-11-16 11:11:16.084 [37740:36660] - Beginning install
    e 2021-11-16 11:11:16.118 [37740:36660] - Install failed with exception: Failed to open Registry key: HKLM\SYSTEM\CurrentControlSet\Services\hmpalert, error 2

  • I added the key manually. But the log:

    a 2021-11-16 11:45:12.606 [15080:15076] - Beginning install
    a 2021-11-16 11:45:12.639 [15080:15076] - Executing step: Validate it is NextGen endpoint
    a 2021-11-16 11:45:12.639 [15080:15076] - Executing step: Validate the user is an admin
    a 2021-11-16 11:45:12.639 [15080:15076] - Executing step: Validate that driver verifier is NOT enabled for HMPA.
    a 2021-11-16 11:45:12.639 [15080:15076] - Executing step: Validate that HMPA is not pending reboot
    a 2021-11-16 11:45:12.640 [15080:15076] - Executing step: HMPA install mode installer
    a 2021-11-16 11:45:12.640 [15080:15076] - Executing step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\Services\hmpalert, 0)
    a 2021-11-16 11:45:12.640 [15080:15076] - Executing step: SetRegistryValue(HKLM\SYSTEM\CurrentControlSet\Services\hmpalert, 0, Mode, 3)
    a 2021-11-16 11:45:12.641 [15080:15076] - Executing step: HMPA Hotfix Add/Remove Programs Uninstaller
    a 2021-11-16 11:45:12.641 [15080:15076] - Executing step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0C81FABA-4224-4C89-AB4B-F463CE24C53E}, 64)
    a 2021-11-16 11:45:12.643 [15080:15076] - Executing step: CreateDirectory(C:\ProgramData\HitmanPro.Alert\Logs) with Permission(owner=SYSTEM, SYSTEM=all, Administratoren=all, Benutzer=r)
    a 2021-11-16 11:45:12.648 [15080:15076] - Executing step: CreateDirectory(C:\ProgramData\HitmanPro.Alert\MCS) with Permission(owner=SYSTEM, SYSTEM=all, Administratoren=all)
    a 2021-11-16 11:45:12.650 [15080:15076] - Executing step: HMPA Integrity installer
    a 2021-11-16 11:45:12.650 [15080:15076] - Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\hmpa64\integrity.dat, C:\Program Files (x86)\HitmanPro.Alert\integrity.dat)
    a 2021-11-16 11:45:12.656 [15080:15076] - Executing step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Components\HMPA, 0)
    a 2021-11-16 11:45:12.656 [15080:15076] - Executing step: SetRegistryValue(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Components\HMPA, 0, IntegrityPath, C:\Program Files (x86)\HitmanPro.Alert\integrity.dat)
    a 2021-11-16 11:45:12.656 [15080:15076] - Executing step: SetRegistryValue(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Components\HMPA, 0, Enable, 1)
    a 2021-11-16 11:45:12.657 [15080:15076] - Executing step: HMPA app upgrader composite
    a 2021-11-16 11:45:12.657 [15080:15076] - Executing step: Wow64RedirectionInstallStep(disable)
    a 2021-11-16 11:45:12.657 [15080:15076] - Executing step: ServiceControlInstallStep(hmpalertsvc, stop)
    w 2021-11-16 11:45:12.658 [15080:15076] - OpenService failed for hmpalertsvc, error 1060
    w 2021-11-16 11:45:12.658 [15080:15076] - Failed step: ServiceControlInstallStep(hmpalertsvc, stop), rolling back previous steps
    a 2021-11-16 11:45:12.658 [15080:15076] - Rolling back step: Wow64RedirectionInstallStep(disable)
    w 2021-11-16 11:45:12.658 [15080:15076] - Failed composite step
    w 2021-11-16 11:45:12.658 [15080:15076] - Failed step: HMPA app upgrader composite, rolling back previous steps
    a 2021-11-16 11:45:12.658 [15080:15076] - Rolling back step: HMPA Integrity installer
    a 2021-11-16 11:45:12.658 [15080:15076] - Rolling back step: SetRegistryValue(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Components\HMPA, 0, Enable, 1)
    a 2021-11-16 11:45:12.659 [15080:15076] - Rolling back step: SetRegistryValue(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Components\HMPA, 0, IntegrityPath, C:\Program Files (x86)\HitmanPro.Alert\integrity.dat)
    a 2021-11-16 11:45:12.659 [15080:15076] - Rolling back step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Components\HMPA, 0)
    a 2021-11-16 11:45:12.659 [15080:15076] - Rolling back step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\hmpa64\integrity.dat, C:\Program Files (x86)\HitmanPro.Alert\integrity.dat)
    a 2021-11-16 11:45:12.661 [15080:15076] - Rolling back step: CreateDirectory(C:\ProgramData\HitmanPro.Alert\MCS) with Permission(owner=SYSTEM, SYSTEM=all, Administratoren=all)
    a 2021-11-16 11:45:12.662 [15080:15076] - Rolling back step: CreateDirectory(C:\ProgramData\HitmanPro.Alert\Logs) with Permission(owner=SYSTEM, SYSTEM=all, Administratoren=all, Benutzer=r)
    a 2021-11-16 11:45:12.662 [15080:15076] - Rolling back step: HMPA Hotfix Add/Remove Programs Uninstaller
    a 2021-11-16 11:45:12.662 [15080:15076] - Rolling back step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0C81FABA-4224-4C89-AB4B-F463CE24C53E}, 64)
    a 2021-11-16 11:45:12.662 [15080:15076] - Rolling back step: HMPA install mode installer
    a 2021-11-16 11:45:12.662 [15080:15076] - Rolling back step: SetRegistryValue(HKLM\SYSTEM\CurrentControlSet\Services\hmpalert, 0, Mode, 3)
    a 2021-11-16 11:45:12.663 [15080:15076] - Rolling back step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\Services\hmpalert, 0)
    a 2021-11-16 11:45:12.663 [15080:15076] - Rolling back step: Validate that HMPA is not pending reboot
    a 2021-11-16 11:45:12.663 [15080:15076] - Rolling back step: Validate that driver verifier is NOT enabled for HMPA.
    a 2021-11-16 11:45:12.663 [15080:15076] - Rolling back step: Validate the user is an admin
    a 2021-11-16 11:45:12.663 [15080:15076] - Rolling back step: Validate it is NextGen endpoint
    w 2021-11-16 11:45:12.663 [15080:15076] - Failed composite step
    e 2021-11-16 11:45:12.663 [15080:15076] - Action failed