Sophos installation failed- failed to install SED64

Hi support, I need help with the issue as per subject. Logs is collected from %temp%

Started C:\Program Files (x86)\Sophos\CloudInstaller\su-setup32.exe
29/6/2022 5:41:10 pm, WARNING : Failed to determine if AutoUpdate is using a custom install location: Failed to query string value : Error code: 2
29/6/2022 5:41:10 pm, INFO : Driver is not already installed.
29/6/2022 5:41:10 pm, INFO : Getting the SED Component version from C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\integrity.dat
29/6/2022 5:41:10 pm, INFO : Starting Sophos Endpoint Defense clean installation (3.0.1.878)
29/6/2022 5:41:10 pm, INFO : Wrote HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense value: ComponentVersion data: 3.0.1.878
29/6/2022 5:41:10 pm, INFO : Unregistered old SSP Component from Sophos AutoUpdate.
29/6/2022 5:41:10 pm, INFO : Wrote HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos Endpoint Defense\ value: DisplayName data: Sophos Endpoint Defense
29/6/2022 5:41:10 pm, INFO : Wrote HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos Endpoint Defense\ value: Publisher data: Sophos Limited
29/6/2022 5:41:10 pm, INFO : Wrote HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos Endpoint Defense\ value: InstallLocation data: C:\Program Files\Sophos\Endpoint Defense
29/6/2022 5:41:10 pm, INFO : Wrote HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos Endpoint Defense\ value: UninstallString data: "C:\Program Files\Sophos\Endpoint Defense\SEDuninstall.exe"
29/6/2022 5:41:10 pm, INFO : Wrote HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos Endpoint Defense\ value: DisplayIcon data: C:\Program Files\Sophos\Endpoint Defense\SEDuninstall.exe
29/6/2022 5:41:10 pm, INFO : Wrote HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos Endpoint Defense\ value: DisplayVersion data: 3.0.1.878
29/6/2022 5:41:10 pm, INFO : Wrote HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos Endpoint Defense\ value: VersionMajor data: 3
29/6/2022 5:41:10 pm, INFO : Wrote HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos Endpoint Defense\ value: VersionMinor data: 0
29/6/2022 5:41:10 pm, INFO : Wrote HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos Endpoint Defense\ value: URLInfoAbout data: http://www.sophos.com
29/6/2022 5:41:10 pm, INFO : Wrote HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos Endpoint Defense\ value: InstallDate data: 20220629
29/6/2022 5:41:10 pm, INFO : Wrote HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos Endpoint Defense\ value: HelpLink data: http://www.sophos.com/support
29/6/2022 5:41:10 pm, INFO : Wrote HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos Endpoint Defense\ value: Contact data: Sophos Technical Support
29/6/2022 5:41:10 pm, INFO : Wrote HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos Endpoint Defense\ value: Comments data: Protects your Sophos Endpoint
29/6/2022 5:41:10 pm, INFO : Registry configured successfully to register to Add Remove Programs.
29/6/2022 5:41:10 pm, INFO : Copying C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\appfeed_part_0001.dat to C:\ProgramData\Sophos\Endpoint Defense\Data\AppFeed\\1656495670\appfeed_part_0001.dat
29/6/2022 5:41:10 pm, INFO : Supplement files copied successfully.
29/6/2022 5:41:10 pm, INFO : Copying corecustomeradapter.dll is not required.
29/6/2022 5:41:10 pm, INFO : Copying coreendpointadapter.dll is not required.
29/6/2022 5:41:10 pm, INFO : Unable to check if files are identical: GetFileVersionInfoSizeW for pathOne failed with error 1812
29/6/2022 5:41:10 pm, INFO : Copying C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\NOTICE.txt to C:\Program Files\Sophos\Endpoint Defense\NOTICE.txt
29/6/2022 5:41:10 pm, INFO : Unable to check if files are identical: GetFileVersionInfoSizeW for pathOne failed with error 1812
29/6/2022 5:41:10 pm, INFO : Copying C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\public.pem to C:\Program Files\Sophos\Endpoint Defense\public.pem
29/6/2022 5:41:10 pm, INFO : Copying safestore64.dll is not required.
29/6/2022 5:41:10 pm, INFO : Unable to check if files are identical: GetFileVersionInfoSizeW for pathOne failed with error 1812
29/6/2022 5:41:10 pm, INFO : Copying C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\SecurityProductInformation.ini to C:\Program Files\Sophos\Endpoint Defense\SecurityProductInformation.ini
29/6/2022 5:41:10 pm, INFO : Copying sedcli.exe is not required.
29/6/2022 5:41:10 pm, INFO : Copying sedservice.exe is not required.
29/6/2022 5:41:10 pm, INFO : Copying sedtelemetry.exe is not required.
29/6/2022 5:41:10 pm, INFO : Copying seduninstall.exe is not required.
29/6/2022 5:41:10 pm, INFO : Copying sophoscleanup.exe is not required.
29/6/2022 5:41:10 pm, INFO : Unable to check if files are identical: GetFileVersionInfoSizeW for pathOne failed with error 1812
29/6/2022 5:41:10 pm, INFO : Copying C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\SophosED.cat to C:\Program Files\Sophos\Endpoint Defense\SophosED.cat
29/6/2022 5:41:10 pm, INFO : Unable to check if files are identical: GetFileVersionInfoSizeW for pathOne failed with error 1812
29/6/2022 5:41:10 pm, INFO : Copying C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\SophosED.inf to C:\Program Files\Sophos\Endpoint Defense\SophosED.inf
29/6/2022 5:41:10 pm, INFO : Unable to check if files are identical: GetFileVersionInfoSizeW for pathOne failed with error 1812
29/6/2022 5:41:10 pm, INFO : Copying C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\SophosED.man to C:\Program Files\Sophos\Endpoint Defense\SophosED.man
29/6/2022 5:41:10 pm, INFO : Copying sophosed.sys is not required.
29/6/2022 5:41:10 pm, INFO : Unable to check if files are identical: GetFileVersionInfoSizeW for pathOne failed with error 1812
29/6/2022 5:41:10 pm, INFO : Copying C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\SophosEL.cat to C:\Program Files\Sophos\Endpoint Defense\SophosEL.cat
29/6/2022 5:41:10 pm, INFO : Unable to check if files are identical: GetFileVersionInfoSizeW for pathOne failed with error 1812
29/6/2022 5:41:10 pm, INFO : Copying C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\SophosEL.inf to C:\Program Files\Sophos\Endpoint Defense\SophosEL.inf
29/6/2022 5:41:10 pm, INFO : Copying sophosel.sys is not required.
29/6/2022 5:41:10 pm, INFO : Copying sophosfilesubmitter.exe is not required.
29/6/2022 5:41:10 pm, INFO : Copying sophosna.exe is not required.
29/6/2022 5:41:10 pm, INFO : Copying sophosrestore.exe is not required.
29/6/2022 5:41:10 pm, INFO : Copying sophossafestore.exe is not required.
29/6/2022 5:41:10 pm, INFO : Copying sophosscancoordinator.exe is not required.
29/6/2022 5:41:10 pm, INFO : Copying sophtlib.dll is not required.
29/6/2022 5:41:10 pm, INFO : Copying sspdevcon.exe is not required.
29/6/2022 5:41:10 pm, INFO : Copying sspedr.exe is not required.
29/6/2022 5:41:10 pm, INFO : Copying sspservice.exe is not required.
29/6/2022 5:41:10 pm, INFO : Copying ssptelemetry.exe is not required.
29/6/2022 5:41:10 pm, INFO : Binaries copied successfully.
29/6/2022 5:41:10 pm, INFO : Operating system version is Win10 or greater and supports InstallELAMCertificate ...
29/6/2022 5:41:10 pm, INFO : Installing ELAM driver...
29/6/2022 5:41:10 pm, INFO : Copying C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\SophosEL.sys to C:\Windows\system32\drivers\SophosEL.sys
29/6/2022 5:41:10 pm, INFO : Copying C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\SophosEL.sys to C:\Windows\ELAMBKUP\SophosEL.sys
29/6/2022 5:41:10 pm, INFO : Sophos ELAM successfully unregistered.
29/6/2022 5:41:10 pm, INFO : Existing Sophos ELAM discovered and successfully deleted.
29/6/2022 5:41:10 pm, INFO : Registered C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\SophosEL.cat in the Windows Driver Database as SophosEL-amd64-3.0.1.309.cat
29/6/2022 5:41:10 pm, INFO : ELAM Driver successfully installed.
29/6/2022 5:41:10 pm, INFO : Starting SEDcli.exe to install the ELAM Certificate information ...
29/6/2022 5:41:10 pm, INFO : Command line: "C:\Program Files\Sophos\Endpoint Defense\SEDcli.exe" -installELAMCertInfo
29/6/2022 5:41:10 pm, INFO : ELAM Certificate information installed ...
29/6/2022 5:41:10 pm, INFO : Installing Sophos Endpoint Defense Service ...
29/6/2022 5:41:10 pm, ERROR : Error installing Sophos Endpoint Defense: Existing Sophos Endpoint Defense Service discovered, error attempting to delete it.
29/6/2022 5:41:10 pm, INFO : Starting rollback of failed installation.
29/6/2022 5:41:10 pm, INFO : Getting the SED Component version from C:\Program Files\Sophos\Endpoint Defense\integrity.dat
29/6/2022 5:41:10 pm, WARNING : Failed to get the SED Component version from C:\Program Files\Sophos\Endpoint Defense\integrity.dat
29/6/2022 5:41:10 pm, INFO : Starting Sophos Endpoint Defense uninstallation (3.0.1.878)
29/6/2022 5:41:10 pm, INFO : Operating system version is Win10 or greater and supports InstallELAMCertificate ...
29/6/2022 5:41:10 pm, WARNING : Failed to query if the SEL driver can be unloaded or service stopped.
29/6/2022 5:41:10 pm, WARNING : Failed to query if the driver can be unloaded or service stopped.
29/6/2022 5:41:10 pm, INFO : Removed Sophos process keys under 'AppCompatFlags\Custom'
29/6/2022 5:41:10 pm, INFO : Removed Sophos process keys under 'Image File Execution Options'
29/6/2022 5:41:10 pm, INFO : Removed Sophos process keys under 'AppCompatFlags\Custom - WOW6432'
29/6/2022 5:41:10 pm, INFO : Removed Sophos process keys under 'Image File Execution Options - WOW6432'
29/6/2022 5:41:10 pm, INFO : Stopping Sophos System Protection Service ...
29/6/2022 5:41:10 pm, WARNING : Could not open service - Sophos System Protection Service, error 1060.
29/6/2022 5:41:11 pm, WARNING : Could not open service - Sophos System Protection Service, error 1060.
29/6/2022 5:41:12 pm, WARNING : Could not open service - Sophos System Protection Service, error 1060.
29/6/2022 5:41:13 pm, WARNING : Could not open service - Sophos System Protection Service, error 1060.
29/6/2022 5:41:14 pm, WARNING : Could not open service - Sophos System Protection Service, error 1060.
29/6/2022 5:41:15 pm, WARNING : Could not open service - Sophos System Protection Service, error 1060.
29/6/2022 5:41:16 pm, WARNING : Could not open service - Sophos System Protection Service, error 1060.
29/6/2022 5:41:17 pm, WARNING : Could not open service - Sophos System Protection Service, error 1060.
29/6/2022 5:41:18 pm, WARNING : Could not open service - Sophos System Protection Service, error 1060.
29/6/2022 5:41:19 pm, WARNING : Could not open service - Sophos System Protection Service, error 1060.
29/6/2022 5:41:20 pm, WARNING : Could not open service - Sophos System Protection Service, error 1060.
29/6/2022 5:41:21 pm, WARNING : Could not open service - Sophos System Protection Service, error 1060.
29/6/2022 5:41:22 pm, WARNING : Could not open service - Sophos System Protection Service, error 1060.
29/6/2022 5:41:23 pm, WARNING : Could not open service - Sophos System Protection Service, error 1060.
29/6/2022 5:41:24 pm, WARNING : Could not open service - Sophos System Protection Service, error 1060.
29/6/2022 5:41:25 pm, WARNING : Could not open service - Sophos System Protection Service, error 1060.
29/6/2022 5:41:26 pm, WARNING : Could not open service - Sophos System Protection Service, error 1060.
29/6/2022 5:41:27 pm, WARNING : Could not open service - Sophos System Protection Service, error 1060.
29/6/2022 5:41:28 pm, WARNING : Could not open service - Sophos System Protection Service, error 1060.
29/6/2022 5:41:29 pm, WARNING : Could not open service - Sophos System Protection Service, error 1060.
29/6/2022 5:41:30 pm, WARNING : Could not open service - Sophos System Protection Service, error 1060.
29/6/2022 5:41:31 pm, WARNING : Could not open service - Sophos System Protection Service, error 1060.
29/6/2022 5:41:32 pm, WARNING : Could not open service - Sophos System Protection Service, error 1060.
29/6/2022 5:41:33 pm, WARNING : Could not open service - Sophos System Protection Service, error 1060.
29/6/2022 5:41:34 pm, WARNING : Could not open service - Sophos System Protection Service, error 1060.
29/6/2022 5:41:35 pm, WARNING : Could not open service - Sophos System Protection Service, error 1060.
29/6/2022 5:41:36 pm, WARNING : Could not open service - Sophos System Protection Service, error 1060.
29/6/2022 5:41:37 pm, WARNING : Could not open service - Sophos System Protection Service, error 1060.
29/6/2022 5:41:38 pm, WARNING : Could not open service - Sophos System Protection Service, error 1060.
29/6/2022 5:41:39 pm, WARNING : Could not open service - Sophos System Protection Service, error 1060.
29/6/2022 5:41:40 pm, WARNING : Could not open service - Sophos System Protection Service, error 1060.
29/6/2022 5:41:40 pm, WARNING : Skipping stop service - Sophos System Protection Service is not installed.
29/6/2022 5:41:40 pm, INFO : Stopping Sophos Endpoint Defense Service ...
29/6/2022 5:42:11 pm, WARNING : Sophos System Protection Service has already been removed from the Service Control Manager.
29/6/2022 5:42:11 pm, ERROR : Failed to uninstall: Failed to delete service.
29/6/2022 5:42:11 pm, ERROR : Rollback failed: Failed to delete service.
29/6/2022 5:42:11 pm, ERROR : SetupPlugin install error: Existing Sophos Endpoint Defense Service discovered, error attempting to delete it.



Added TAGs
[edited by: Qoosh at 11:09 PM (GMT -7) on 4 Jul 2022]
  • Hi Yee Loon Ong,

    Thanks for reaching out to the Sophos Community Forum. 

    The first error I can see in the logs you posted is as follows:
    29/6/2022 5:41:10 pm, ERROR : Error installing Sophos Endpoint Defense: Existing Sophos Endpoint Defense Service discovered, error attempting to delete it.

    If there are remnants of a previous installation left behind on this device, I recommend using the Sophos Zap tool to clean up the system, before attempting a fresh install.

    Kushal Lakhan
    Global Community Support Engineer
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • GIven this is the error:

    ERROR : Error installing Sophos Endpoint Defense: Existing Sophos Endpoint Defense Service discovered, error attempting to delete it.

    This would suggest this is a retry of the install.

    When you run the Central installer, it tries 3 times to install each component if it fails.

    If you did run the Central installer, under %temp%, I assume you have 3 install logs for this component.  Based on the time stamps, can you link/paste/attach the first of the 3?

    THanks.

  • One thought to recover from the current state, which might get you back to the initial cause:

    If "Sophos Endpoint Defense Service" is started: If you set in the registry:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense Service
    Start to 4 from 2.  Does it stop, if you refresh services.msc window?

    If so, you could then run from an admin prompt:

    sc.exe delete "Sophos Endpoint Defense Service"

    This should delete the service and prevent the error you're getting now.  My thought is, it if fails again for the original problem, the retry will put you back in the same state, which is why understanding the original problem is important.

    If it's not already running, can you delete the service by running:

    sc.exe delete "Sophos Endpoint Defense Service"

    Given it's a protected service, with Tamper Protection off, which I assume it must be:  You could set the "Start" value registry mentioned above to 4 and reboot.  Then you can delete the service with the sc.exe command and retry.