Hello,
I installed Sophos Intercept X for Server on some servers but on one server Hitman doesn't install/start. If i try "C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\hmpa64\hmpalert.exe /install /mode=sophos" or ""C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\hmpa64\hmpalert.exe" /upgrade /quiet /noautoupdate" I got only the message "This programm is manged by Sophos".
C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\hmpa64\hmpalert.exe /install /mode=sophos
I rebooted the machine and remove and install the software but no change.
Any help possible?
Thx!
Hello Stefan N
Did you open a case with support? The command that you mentioned is correct "C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\hmpa64\hmpalert.exe /install /mode=sophos" - the only…
When you run the Central installer, the install logs of the components should go to the temp directory of the installing user, e.g. %temp%.
Do you see a log for the HMPA component?
Logfile:
a 2021-11-16 11:11:16.084 [37740:36660] - Beginning installe 2021-11-16 11:11:16.118 [37740:36660] - Install failed with exception: Failed to open Registry key: HKLM\SYSTEM\CurrentControlSet\Services\hmpalert, error 2
I added the key manually. But the log:
a 2021-11-16 11:45:12.606 [15080:15076] - Beginning install a 2021-11-16 11:45:12.639 [15080:15076] - Executing step: Validate it is NextGen endpoint a 2021-11-16 11:45:12.639 [15080:15076] - Executing step: Validate the user is an admin a 2021-11-16 11:45:12.639 [15080:15076] - Executing step: Validate that driver verifier is NOT enabled for HMPA. a 2021-11-16 11:45:12.639 [15080:15076] - Executing step: Validate that HMPA is not pending reboot a 2021-11-16 11:45:12.640 [15080:15076] - Executing step: HMPA install mode installer a 2021-11-16 11:45:12.640 [15080:15076] - Executing step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\Services\hmpalert, 0) a 2021-11-16 11:45:12.640 [15080:15076] - Executing step: SetRegistryValue(HKLM\SYSTEM\CurrentControlSet\Services\hmpalert, 0, Mode, 3) a 2021-11-16 11:45:12.641 [15080:15076] - Executing step: HMPA Hotfix Add/Remove Programs Uninstaller a 2021-11-16 11:45:12.641 [15080:15076] - Executing step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0C81FABA-4224-4C89-AB4B-F463CE24C53E}, 64) a 2021-11-16 11:45:12.643 [15080:15076] - Executing step: CreateDirectory(C:\ProgramData\HitmanPro.Alert\Logs) with Permission(owner=SYSTEM, SYSTEM=all, Administratoren=all, Benutzer=r) a 2021-11-16 11:45:12.648 [15080:15076] - Executing step: CreateDirectory(C:\ProgramData\HitmanPro.Alert\MCS) with Permission(owner=SYSTEM, SYSTEM=all, Administratoren=all) a 2021-11-16 11:45:12.650 [15080:15076] - Executing step: HMPA Integrity installer a 2021-11-16 11:45:12.650 [15080:15076] - Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\hmpa64\integrity.dat, C:\Program Files (x86)\HitmanPro.Alert\integrity.dat) a 2021-11-16 11:45:12.656 [15080:15076] - Executing step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Components\HMPA, 0) a 2021-11-16 11:45:12.656 [15080:15076] - Executing step: SetRegistryValue(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Components\HMPA, 0, IntegrityPath, C:\Program Files (x86)\HitmanPro.Alert\integrity.dat) a 2021-11-16 11:45:12.656 [15080:15076] - Executing step: SetRegistryValue(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Components\HMPA, 0, Enable, 1) a 2021-11-16 11:45:12.657 [15080:15076] - Executing step: HMPA app upgrader composite a 2021-11-16 11:45:12.657 [15080:15076] - Executing step: Wow64RedirectionInstallStep(disable) a 2021-11-16 11:45:12.657 [15080:15076] - Executing step: ServiceControlInstallStep(hmpalertsvc, stop) w 2021-11-16 11:45:12.658 [15080:15076] - OpenService failed for hmpalertsvc, error 1060 w 2021-11-16 11:45:12.658 [15080:15076] - Failed step: ServiceControlInstallStep(hmpalertsvc, stop), rolling back previous steps a 2021-11-16 11:45:12.658 [15080:15076] - Rolling back step: Wow64RedirectionInstallStep(disable) w 2021-11-16 11:45:12.658 [15080:15076] - Failed composite step w 2021-11-16 11:45:12.658 [15080:15076] - Failed step: HMPA app upgrader composite, rolling back previous steps a 2021-11-16 11:45:12.658 [15080:15076] - Rolling back step: HMPA Integrity installer a 2021-11-16 11:45:12.658 [15080:15076] - Rolling back step: SetRegistryValue(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Components\HMPA, 0, Enable, 1) a 2021-11-16 11:45:12.659 [15080:15076] - Rolling back step: SetRegistryValue(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Components\HMPA, 0, IntegrityPath, C:\Program Files (x86)\HitmanPro.Alert\integrity.dat) a 2021-11-16 11:45:12.659 [15080:15076] - Rolling back step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Components\HMPA, 0) a 2021-11-16 11:45:12.659 [15080:15076] - Rolling back step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\hmpa64\integrity.dat, C:\Program Files (x86)\HitmanPro.Alert\integrity.dat) a 2021-11-16 11:45:12.661 [15080:15076] - Rolling back step: CreateDirectory(C:\ProgramData\HitmanPro.Alert\MCS) with Permission(owner=SYSTEM, SYSTEM=all, Administratoren=all) a 2021-11-16 11:45:12.662 [15080:15076] - Rolling back step: CreateDirectory(C:\ProgramData\HitmanPro.Alert\Logs) with Permission(owner=SYSTEM, SYSTEM=all, Administratoren=all, Benutzer=r) a 2021-11-16 11:45:12.662 [15080:15076] - Rolling back step: HMPA Hotfix Add/Remove Programs Uninstaller a 2021-11-16 11:45:12.662 [15080:15076] - Rolling back step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0C81FABA-4224-4C89-AB4B-F463CE24C53E}, 64) a 2021-11-16 11:45:12.662 [15080:15076] - Rolling back step: HMPA install mode installer a 2021-11-16 11:45:12.662 [15080:15076] - Rolling back step: SetRegistryValue(HKLM\SYSTEM\CurrentControlSet\Services\hmpalert, 0, Mode, 3) a 2021-11-16 11:45:12.663 [15080:15076] - Rolling back step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\Services\hmpalert, 0) a 2021-11-16 11:45:12.663 [15080:15076] - Rolling back step: Validate that HMPA is not pending reboot a 2021-11-16 11:45:12.663 [15080:15076] - Rolling back step: Validate that driver verifier is NOT enabled for HMPA. a 2021-11-16 11:45:12.663 [15080:15076] - Rolling back step: Validate the user is an admin a 2021-11-16 11:45:12.663 [15080:15076] - Rolling back step: Validate it is NextGen endpoint w 2021-11-16 11:45:12.663 [15080:15076] - Failed composite step e 2021-11-16 11:45:12.663 [15080:15076] - Action failed