This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

What admin privileges and which elevated executables are required for the Sophos File Scanner to update itself on a Windows 10 VDI Domain computer when the Domain user is logged in?

I have added the SophosLaunchUpdate.exe, Sophosupdate.exe, su-repair.exe, su-setup32.exe, su-setup64.exe and Sophossetup.exe to our allowed elevated privileges to help Sophos central Endpoint to work, but somethign is still missing when it comes to Sophos File Scanner being able to update itself.

I believe I can see in the SFS log where it tries to set Tamper Protection to off, but I don't think this is happening for our devices.  The Pipe timeout is already set for 120000, so that won't be our issue.  I believe it to be in the SFS update process not having elevated privileges itself or as dependent process that spawns and runs the update does not have elevated privileges.

What other exe's or dll's needs elevated privileges?  

Other components of Sophos Central Endpoint are able to update now problem, it seems to be only the SFS that is not able to update iself now.

One of the failed SFS update logs for example:

_______________________________________________________________________________

2022-09-09T14:15:51.322Z [50508:48108] A Begin product setup
2022-09-09T14:15:51.323Z [50508:48108] A Begin install
2022-09-09T14:15:51.326Z [50508:48108] A SFS already installed. Start update.
2022-09-09T14:15:51.326Z [50508:48108] A Executing step: Verify the installset is valid
2022-09-09T14:15:51.737Z [50508:48108] A Executing step: SFS directory installer
2022-09-09T14:15:51.738Z [50508:48108] A Executing step: Create directory C:\Program Files\Sophos\Sophos File Scanner and all parent directories
2022-09-09T14:15:51.747Z [50508:48108] A Executing step: Create directory C:\ProgramData\Sophos\Sophos File Scanner and all parent directories
2022-09-09T14:15:51.754Z [50508:48108] A Executing step: CreateDirectory(C:\ProgramData\Sophos\Sophos File Scanner\Logs)
2022-09-09T14:15:51.756Z [50508:48108] A Executing step: CreateDirectory(C:\ProgramData\Sophos\Sophos File Scanner\Data)
2022-09-09T14:15:51.757Z [50508:48108] A Executing step: CreateDirectory(C:\ProgramData\Sophos\Sophos File Scanner\SaviTemp)
2022-09-09T14:15:51.757Z [50508:48108] A Executing step: CreateDirectory(C:\ProgramData\Sophos\Sophos File Scanner\Drop)
2022-09-09T14:15:51.758Z [50508:48108] A Executing step: CreateDirectory(C:\ProgramData\Sophos\Sophos File Scanner\Staging)
2022-09-09T14:15:51.759Z [50508:48108] A Executing step: SAU product key installer for {591706A7-9603-4255-A65F-EA49BB11E8AC}
2022-09-09T14:15:51.759Z [50508:48108] A Executing step: CreateRegistryKey(HKLM\SOFTWARE\Sophos\AutoUpdate\Products\{591706A7-9603-4255-A65F-EA49BB11E8AC}, 32)
2022-09-09T14:15:51.760Z [50508:48108] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Sophos\AutoUpdate\Products\{591706A7-9603-4255-A65F-EA49BB11E8AC}, 32, CidFolderPath, sfs64)
2022-09-09T14:15:51.760Z [50508:48108] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Sophos\AutoUpdate\Products\{591706A7-9603-4255-A65F-EA49BB11E8AC}, 32, ProductName, Sophos File Scanner)
2022-09-09T14:15:51.761Z [50508:48108] A Executing step: SFS application key installer
2022-09-09T14:15:51.761Z [50508:48108] A Executing step: CreateRegistryKey(HKLM\Software\Sophos\Sophos File Scanner, 64)
2022-09-09T14:15:51.764Z [50508:48108] A Executing step: CreateRegistryKey(HKLM\Software\Sophos\Sophos File Scanner\Application, 64)
2022-09-09T14:15:51.764Z [50508:48108] A Executing step: CreateRegistryKey(HKLM\Software\Sophos\Sophos File Scanner\Application\Versions, 64)
2022-09-09T14:15:51.765Z [50508:48108] A Executing step: CreateRegistryKey(HKLM\Software\Sophos\Sophos File Scanner\Scanner, 64)
2022-09-09T14:15:51.766Z [50508:48108] A Executing step: CreateRegistryKey(HKLM\Software\Sophos\Sophos File Scanner\Telemetry, 64)
2022-09-09T14:15:51.767Z [50508:48108] A Executing step: SetRegistryValue(HKLM\Software\Sophos\Sophos File Scanner\Application, 64, ProductPath, C:\Program Files\Sophos\Sophos File Scanner)
2022-09-09T14:15:51.768Z [50508:48108] A Executing step: SetRegistryValue(HKLM\Software\Sophos\Sophos File Scanner\Application, 64, ProductVersion, 1.9.24.1)
2022-09-09T14:15:51.768Z [50508:48108] A Executing step: SetRegistryValue(HKLM\Software\Sophos\Sophos File Scanner\Application, 64, Upgrading, 0)
2022-09-09T14:15:51.769Z [50508:48108] A Executing step: SetRegistryValue(HKLM\Software\Sophos\Sophos File Scanner\Application, 64, Upgrading, 1)
2022-09-09T14:15:51.769Z [50508:48108] A Executing step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\TamperProtection\Components\SFS, 64)
2022-09-09T14:15:51.770Z [50508:48108] A Executing step: DeleteMatchingFiles(From C:\Program Files\Sophos\Sophos File Scanner containing 'SBK.*')
2022-09-09T14:15:51.771Z [50508:48108] I Removing file (C:\Program Files\Sophos\Sophos File Scanner\SBK1661531293-1) => rollback backup (C:\Windows\TEMP\4b3db7f6882a95703431c168560f4751e91315c75501f5f89d4c3e0ce67a29d2.tmp)
2022-09-09T14:15:51.774Z [50508:48108] A Executing step: SetRegistryValue(HKLM\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\TamperProtection\Components\SFS, 64, Enable, 0)
2022-09-09T14:15:51.774Z [50508:48108] A Executing step: Stop service step: Sophos File Scanner Service
2022-09-09T14:15:51.775Z [50508:48108] I Sending SERVICE_CONTROL_STOP for 30000ms
2022-09-09T14:15:51.775Z [50508:48108] W Failed to send SERVICE_CONTROL_STOP with error 1052: The requested control is not valid for this service.
. Retrying.
2022-09-09T14:15:52.776Z [50508:48108] W Failed to send SERVICE_CONTROL_STOP with error 1052: The requested control is not valid for this service.
. Retrying.
2022-09-09T14:15:53.776Z [50508:48108] W Failed to send SERVICE_CONTROL_STOP with error 1052: The requested control is not valid for this service.
. Retrying.
2022-09-09T14:15:54.777Z [50508:48108] W Failed to send SERVICE_CONTROL_STOP with error 1052: The requested control is not valid for this service.
. Retrying.
2022-09-09T14:15:55.778Z [50508:48108] W Failed to send SERVICE_CONTROL_STOP with error 1052: The requested control is not valid for this service.
. Retrying.
2022-09-09T14:15:56.779Z [50508:48108] W Failed to send SERVICE_CONTROL_STOP with error 1052: The requested control is not valid for this service.
. Retrying.
2022-09-09T14:15:57.779Z [50508:48108] W Failed to send SERVICE_CONTROL_STOP with error 1052: The requested control is not valid for this service.
. Retrying.
2022-09-09T14:15:58.780Z [50508:48108] W Failed to send SERVICE_CONTROL_STOP with error 1052: The requested control is not valid for this service.
. Retrying.
2022-09-09T14:15:59.782Z [50508:48108] W Failed to send SERVICE_CONTROL_STOP with error 1052: The requested control is not valid for this service.
. Retrying.
2022-09-09T14:16:00.782Z [50508:48108] W Failed to send SERVICE_CONTROL_STOP with error 1052: The requested control is not valid for this service.
. Retrying.
2022-09-09T14:16:01.783Z [50508:48108] W Failed to send SERVICE_CONTROL_STOP with error 1052: The requested control is not valid for this service.
. Retrying.
2022-09-09T14:16:02.784Z [50508:48108] W Failed to send SERVICE_CONTROL_STOP with error 1052: The requested control is not valid for this service.
. Retrying.
2022-09-09T14:16:03.785Z [50508:48108] W Failed to send SERVICE_CONTROL_STOP with error 1052: The requested control is not valid for this service.
. Retrying.
2022-09-09T14:16:04.786Z [50508:48108] W Failed to send SERVICE_CONTROL_STOP with error 1052: The requested control is not valid for this service.
. Retrying.
2022-09-09T14:16:05.787Z [50508:48108] W Failed to send SERVICE_CONTROL_STOP with error 1052: The requested control is not valid for this service.
. Retrying.
2022-09-09T14:16:06.788Z [50508:48108] W Failed to send SERVICE_CONTROL_STOP with error 1052: The requested control is not valid for this service.
. Retrying.
2022-09-09T14:16:07.789Z [50508:48108] W Failed to send SERVICE_CONTROL_STOP with error 1052: The requested control is not valid for this service.
. Retrying.
2022-09-09T14:16:08.789Z [50508:48108] W Failed to send SERVICE_CONTROL_STOP with error 1052: The requested control is not valid for this service.
. Retrying.
2022-09-09T14:16:09.790Z [50508:48108] W Failed to send SERVICE_CONTROL_STOP with error 1052: The requested control is not valid for this service.
. Retrying.
2022-09-09T14:16:10.790Z [50508:48108] W Failed to send SERVICE_CONTROL_STOP with error 1052: The requested control is not valid for this service.
. Retrying.
2022-09-09T14:16:11.791Z [50508:48108] W Failed to send SERVICE_CONTROL_STOP with error 1052: The requested control is not valid for this service.
. Retrying.
2022-09-09T14:16:12.792Z [50508:48108] W Failed to send SERVICE_CONTROL_STOP with error 1052: The requested control is not valid for this service.
. Retrying.
2022-09-09T14:16:13.793Z [50508:48108] W Failed to send SERVICE_CONTROL_STOP with error 1052: The requested control is not valid for this service.
. Retrying.
2022-09-09T14:16:14.794Z [50508:48108] W Failed to send SERVICE_CONTROL_STOP with error 1052: The requested control is not valid for this service.
. Retrying.
2022-09-09T14:16:15.795Z [50508:48108] W Failed to send SERVICE_CONTROL_STOP with error 1052: The requested control is not valid for this service.
. Retrying.
2022-09-09T14:16:16.796Z [50508:48108] W Failed to send SERVICE_CONTROL_STOP with error 1052: The requested control is not valid for this service.
. Retrying.
2022-09-09T14:16:17.797Z [50508:48108] W Failed to send SERVICE_CONTROL_STOP with error 1052: The requested control is not valid for this service.
. Retrying.
2022-09-09T14:16:18.798Z [50508:48108] W Failed to send SERVICE_CONTROL_STOP with error 1052: The requested control is not valid for this service.
. Retrying.
2022-09-09T14:16:19.799Z [50508:48108] W Failed to send SERVICE_CONTROL_STOP with error 1052: The requested control is not valid for this service.
. Retrying.
2022-09-09T14:16:20.799Z [50508:48108] W Failed to send SERVICE_CONTROL_STOP with error 1052: The requested control is not valid for this service.
. Retrying.
2022-09-09T14:16:21.800Z [50508:48108] W Failed to send SERVICE_CONTROL_STOP with error 1052: The requested control is not valid for this service.
. Timing out.
2022-09-09T14:16:21.800Z [50508:48108] E Failed step: Stop service step: Sophos File Scanner Service, rolling back previous steps
2022-09-09T14:16:21.800Z [50508:48108] A Rolling back step: SetRegistryValue(HKLM\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\TamperProtection\Components\SFS, 64, Enable, 0)
2022-09-09T14:16:21.801Z [50508:48108] A Rolling back step: DeleteMatchingFiles(From C:\Program Files\Sophos\Sophos File Scanner containing 'SBK.*')
2022-09-09T14:16:21.823Z [50508:48108] A Rolling back step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\TamperProtection\Components\SFS, 64)
2022-09-09T14:16:21.823Z [50508:48108] A Rolling back step: SetRegistryValue(HKLM\Software\Sophos\Sophos File Scanner\Application, 64, Upgrading, 1)
2022-09-09T14:16:21.824Z [50508:48108] A Rolling back step: SFS application key installer
2022-09-09T14:16:21.824Z [50508:48108] A Rolling back step: SetRegistryValue(HKLM\Software\Sophos\Sophos File Scanner\Application, 64, Upgrading, 0)
2022-09-09T14:16:21.824Z [50508:48108] A Rolling back step: SetRegistryValue(HKLM\Software\Sophos\Sophos File Scanner\Application, 64, ProductVersion, 1.9.24.1)
2022-09-09T14:16:21.824Z [50508:48108] A Rolling back step: SetRegistryValue(HKLM\Software\Sophos\Sophos File Scanner\Application, 64, ProductPath, C:\Program Files\Sophos\Sophos File Scanner)
2022-09-09T14:16:21.824Z [50508:48108] A Rolling back step: CreateRegistryKey(HKLM\Software\Sophos\Sophos File Scanner\Telemetry, 64)
2022-09-09T14:16:21.824Z [50508:48108] A Rolling back step: CreateRegistryKey(HKLM\Software\Sophos\Sophos File Scanner\Scanner, 64)
2022-09-09T14:16:21.824Z [50508:48108] A Rolling back step: CreateRegistryKey(HKLM\Software\Sophos\Sophos File Scanner\Application\Versions, 64)
2022-09-09T14:16:21.824Z [50508:48108] A Rolling back step: CreateRegistryKey(HKLM\Software\Sophos\Sophos File Scanner\Application, 64)
2022-09-09T14:16:21.824Z [50508:48108] A Rolling back step: CreateRegistryKey(HKLM\Software\Sophos\Sophos File Scanner, 64)
2022-09-09T14:16:21.824Z [50508:48108] A Rolling back step: SAU product key installer for {591706A7-9603-4255-A65F-EA49BB11E8AC}
2022-09-09T14:16:21.824Z [50508:48108] A Rolling back step: SetRegistryValue(HKLM\SOFTWARE\Sophos\AutoUpdate\Products\{591706A7-9603-4255-A65F-EA49BB11E8AC}, 32, ProductName, Sophos File Scanner)
2022-09-09T14:16:21.824Z [50508:48108] A Rolling back step: SetRegistryValue(HKLM\SOFTWARE\Sophos\AutoUpdate\Products\{591706A7-9603-4255-A65F-EA49BB11E8AC}, 32, CidFolderPath, sfs64)
2022-09-09T14:16:21.824Z [50508:48108] A Rolling back step: CreateRegistryKey(HKLM\SOFTWARE\Sophos\AutoUpdate\Products\{591706A7-9603-4255-A65F-EA49BB11E8AC}, 32)
2022-09-09T14:16:21.824Z [50508:48108] A Rolling back step: SFS directory installer
2022-09-09T14:16:21.824Z [50508:48108] A Rolling back step: CreateDirectory(C:\ProgramData\Sophos\Sophos File Scanner\Staging)
2022-09-09T14:16:21.824Z [50508:48108] A Rolling back step: CreateDirectory(C:\ProgramData\Sophos\Sophos File Scanner\Drop)
2022-09-09T14:16:21.824Z [50508:48108] A Rolling back step: CreateDirectory(C:\ProgramData\Sophos\Sophos File Scanner\SaviTemp)
2022-09-09T14:16:21.824Z [50508:48108] A Rolling back step: CreateDirectory(C:\ProgramData\Sophos\Sophos File Scanner\Data)
2022-09-09T14:16:21.824Z [50508:48108] A Rolling back step: CreateDirectory(C:\ProgramData\Sophos\Sophos File Scanner\Logs)
2022-09-09T14:16:21.824Z [50508:48108] A Rolling back step: Create directory C:\ProgramData\Sophos\Sophos File Scanner and all parent directories
2022-09-09T14:16:21.824Z [50508:48108] A Rolling back step: Create directory C:\Program Files\Sophos\Sophos File Scanner and all parent directories
2022-09-09T14:16:21.824Z [50508:48108] A Rolling back step: Verify the installset is valid
2022-09-09T14:16:21.824Z [50508:48108] W Failed composite step
2022-09-09T14:16:21.824Z [50508:48108] A Execution failed
2022-09-09T14:16:21.824Z [50508:48108] E Action failed
2022-09-09T14:16:21.825Z [50508:48108] A End product setup

____________________________________________________________________

After manually disabling Tamper Protection, then running the update from the Agent SFS is able to update.   The successful log below:

___________________________________________________________________

2022-09-09T18:36:20.706Z [51452:51456] A Begin product setup
2022-09-09T18:36:20.706Z [51452:51456] A Begin install
2022-09-09T18:36:20.710Z [51452:51456] A SFS already installed. Start update.
2022-09-09T18:36:20.710Z [51452:51456] A Executing step: Verify the installset is valid
2022-09-09T18:36:21.045Z [51452:51456] A Executing step: SFS directory installer
2022-09-09T18:36:21.045Z [51452:51456] A Executing step: Create directory C:\Program Files\Sophos\Sophos File Scanner and all parent directories
2022-09-09T18:36:21.054Z [51452:51456] A Executing step: Create directory C:\ProgramData\Sophos\Sophos File Scanner and all parent directories
2022-09-09T18:36:21.062Z [51452:51456] A Executing step: CreateDirectory(C:\ProgramData\Sophos\Sophos File Scanner\Logs)
2022-09-09T18:36:21.065Z [51452:51456] A Executing step: CreateDirectory(C:\ProgramData\Sophos\Sophos File Scanner\Data)
2022-09-09T18:36:21.065Z [51452:51456] A Executing step: CreateDirectory(C:\ProgramData\Sophos\Sophos File Scanner\SaviTemp)
2022-09-09T18:36:21.065Z [51452:51456] A Executing step: CreateDirectory(C:\ProgramData\Sophos\Sophos File Scanner\Drop)
2022-09-09T18:36:21.067Z [51452:51456] A Executing step: CreateDirectory(C:\ProgramData\Sophos\Sophos File Scanner\Staging)
2022-09-09T18:36:21.067Z [51452:51456] A Executing step: SAU product key installer for {591706A7-9603-4255-A65F-EA49BB11E8AC}
2022-09-09T18:36:21.067Z [51452:51456] A Executing step: CreateRegistryKey(HKLM\SOFTWARE\Sophos\AutoUpdate\Products\{591706A7-9603-4255-A65F-EA49BB11E8AC}, 32)
2022-09-09T18:36:21.068Z [51452:51456] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Sophos\AutoUpdate\Products\{591706A7-9603-4255-A65F-EA49BB11E8AC}, 32, CidFolderPath, sfs64)
2022-09-09T18:36:21.068Z [51452:51456] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Sophos\AutoUpdate\Products\{591706A7-9603-4255-A65F-EA49BB11E8AC}, 32, ProductName, Sophos File Scanner)
2022-09-09T18:36:21.068Z [51452:51456] A Executing step: SFS application key installer
2022-09-09T18:36:21.068Z [51452:51456] A Executing step: CreateRegistryKey(HKLM\Software\Sophos\Sophos File Scanner, 64)
2022-09-09T18:36:21.072Z [51452:51456] A Executing step: CreateRegistryKey(HKLM\Software\Sophos\Sophos File Scanner\Application, 64)
2022-09-09T18:36:21.072Z [51452:51456] A Executing step: CreateRegistryKey(HKLM\Software\Sophos\Sophos File Scanner\Application\Versions, 64)
2022-09-09T18:36:21.072Z [51452:51456] A Executing step: CreateRegistryKey(HKLM\Software\Sophos\Sophos File Scanner\Scanner, 64)
2022-09-09T18:36:21.075Z [51452:51456] A Executing step: CreateRegistryKey(HKLM\Software\Sophos\Sophos File Scanner\Telemetry, 64)
2022-09-09T18:36:21.077Z [51452:51456] A Executing step: SetRegistryValue(HKLM\Software\Sophos\Sophos File Scanner\Application, 64, ProductPath, C:\Program Files\Sophos\Sophos File Scanner)
2022-09-09T18:36:21.078Z [51452:51456] A Executing step: SetRegistryValue(HKLM\Software\Sophos\Sophos File Scanner\Application, 64, ProductVersion, 1.9.24.1)
2022-09-09T18:36:21.078Z [51452:51456] A Executing step: SetRegistryValue(HKLM\Software\Sophos\Sophos File Scanner\Application, 64, Upgrading, 0)
2022-09-09T18:36:21.078Z [51452:51456] A Executing step: SetRegistryValue(HKLM\Software\Sophos\Sophos File Scanner\Application, 64, Upgrading, 1)
2022-09-09T18:36:21.078Z [51452:51456] A Executing step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\TamperProtection\Components\SFS, 64)
2022-09-09T18:36:21.078Z [51452:51456] A Executing step: DeleteMatchingFiles(From C:\Program Files\Sophos\Sophos File Scanner containing 'SBK.*')
2022-09-09T18:36:21.080Z [51452:51456] I Removing file (C:\Program Files\Sophos\Sophos File Scanner\SBK1661531293-1) => rollback backup (C:\Windows\TEMP\963c53cd2351557d01d7d0b841cc6d0b00f80add00bc0fb12e326ad083835329.tmp)
2022-09-09T18:36:21.082Z [51452:51456] A Executing step: SetRegistryValue(HKLM\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\TamperProtection\Components\SFS, 64, Enable, 0)
2022-09-09T18:36:21.083Z [51452:51456] A Executing step: Stop service step: Sophos File Scanner Service
2022-09-09T18:36:21.083Z [51452:51456] I Service already stopped.
2022-09-09T18:36:21.083Z [51452:51456] A Executing step: Delete service step: Sophos File Scanner Service
2022-09-09T18:36:21.088Z [51452:51456] I Waiting 30000ms for service deletion
2022-09-09T18:36:22.089Z [51452:51456] A Successfully deleted service: Sophos File Scanner Service
2022-09-09T18:36:22.089Z [51452:51456] A Executing step: Install service step: Sophos File Scanner Service
2022-09-09T18:36:22.103Z [51452:51456] A Executing step: SetRegistryValue(HKLM\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\TamperProtection\Components\SFS, 64, Enable, 1)
2022-09-09T18:36:22.104Z [51452:51456] A Executing step: Rename file C:\Program Files\Sophos\Sophos File Scanner\SophosFileScanner.exe to C:\Program Files\Sophos\Sophos File Scanner\SBK1662748580-1
2022-09-09T18:36:22.105Z [51452:51456] A Executing step: Rename file C:\ProgramData\Sophos\Sophos File Scanner\Data\filerep.dat to C:\ProgramData\Sophos\Sophos File Scanner\Data\SBK-filerep-1662748580-1
2022-09-09T18:36:22.107Z [51452:51456] A Executing step: Rename file C:\ProgramData\Sophos\Sophos File Scanner\Data\signerrep.dat to C:\ProgramData\Sophos\Sophos File Scanner\Data\SBK-signerrep-1662748580-1
2022-09-09T18:36:22.108Z [51452:51456] A Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sfs64\filerep.dat, C:\ProgramData\Sophos\Sophos File Scanner\Data\filerep.dat)
2022-09-09T18:36:22.113Z [51452:51456] A Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sfs64\signerrep.dat, C:\ProgramData\Sophos\Sophos File Scanner\Data\signerrep.dat)
2022-09-09T18:36:22.115Z [51452:51456] A Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sfs64\Sophos\Sophos File Scanner\SophosFileScanner.exe, C:\Program Files\Sophos\Sophos File Scanner\SophosFileScanner.exe)
2022-09-09T18:36:22.126Z [51452:51456] A Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sfs64\Sophos\Sophos File Scanner\integrity.dat, C:\Program Files\Sophos\Sophos File Scanner\integrity.dat)
2022-09-09T18:36:22.131Z [51452:51456] A Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sfs64\Sophos\Sophos File Scanner\SophosFS.exe, C:\Program Files\Sophos\Sophos File Scanner\SophosFS.exe)
2022-09-09T18:36:22.136Z [51452:51456] A Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sfs64\Sophos\Sophos File Scanner\Uninstall.exe, C:\Program Files\Sophos\Sophos File Scanner\Uninstall.exe)
2022-09-09T18:36:22.141Z [51452:51456] A Executing step: DeleteRegistryKey(HKLM\Software\Sophos\Health\ProcessNotification\Sophos File Scanner, 32)
2022-09-09T18:36:22.153Z [51452:51456] A Executing step: DeleteFile(C:\Program Files\Sophos\Sophos File Scanner\Telemetry.exe)
2022-09-09T18:36:22.153Z [51452:51456] A Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sfs64\Sophos\Sophos File Scanner\SophosFSTelemetry.exe, C:\Program Files\Sophos\Sophos File Scanner\SophosFSTelemetry.exe)
2022-09-09T18:36:22.160Z [51452:51456] A Executing step: SFS Telemetry installer
2022-09-09T18:36:22.160Z [51452:51456] A Executing step: CreateRegistryKey(HKLM\SOFTWARE\Sophos\Telemetry\Plugins\SFS, 32)
2022-09-09T18:36:22.160Z [51452:51456] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Sophos\Telemetry\Plugins\SFS, 32, Cmd, SophosFSTelemetry.exe)
2022-09-09T18:36:22.161Z [51452:51456] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Sophos\Telemetry\Plugins\SFS, 32, Path, C:\Program Files\Sophos\Sophos File Scanner\SophosFSTelemetry.exe)
2022-09-09T18:36:22.161Z [51452:51456] A Executing step: SFS add remove program key installer
2022-09-09T18:36:22.161Z [51452:51456] A Executing step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64)
2022-09-09T18:36:22.161Z [51452:51456] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, AuthorizedCDFPrefix, )
2022-09-09T18:36:22.161Z [51452:51456] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, Comments, Sophos File Scanner)
2022-09-09T18:36:22.161Z [51452:51456] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, Contact, Sophos Technical Support)
2022-09-09T18:36:22.162Z [51452:51456] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, DisplayIcon, "C:\Program Files\Sophos\Sophos File Scanner\SophosFS.exe")
2022-09-09T18:36:22.162Z [51452:51456] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, DisplayName, Sophos File Scanner)
2022-09-09T18:36:22.162Z [51452:51456] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, DisplayVersion, 1.9.24.1)
2022-09-09T18:36:22.162Z [51452:51456] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, EstimatedSize, 6084)
2022-09-09T18:36:22.163Z [51452:51456] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, HelpLink, http://www.sophos.com/support)
2022-09-09T18:36:22.163Z [51452:51456] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, InstallDate, 20220909)
2022-09-09T18:36:22.164Z [51452:51456] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, InstallLocation, C:\Program Files\Sophos\Sophos File Scanner)
2022-09-09T18:36:22.165Z [51452:51456] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, InstallSource, )
2022-09-09T18:36:22.165Z [51452:51456] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, Language, 1033)
2022-09-09T18:36:22.166Z [51452:51456] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, ModifyPath, )
2022-09-09T18:36:22.166Z [51452:51456] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, NoModify, 1)
2022-09-09T18:36:22.166Z [51452:51456] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, NoRepair, 1)
2022-09-09T18:36:22.166Z [51452:51456] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, Publisher, Sophos Limited)
2022-09-09T18:36:22.167Z [51452:51456] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, UninstallString, "C:\Program Files\Sophos\Sophos File Scanner\Uninstall.exe")
2022-09-09T18:36:22.167Z [51452:51456] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, URLInfoAbout, http://www.sophos.com)
2022-09-09T18:36:22.167Z [51452:51456] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, VersionMajor, 1)
2022-09-09T18:36:22.167Z [51452:51456] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, VersionMinor, 9)
2022-09-09T18:36:22.167Z [51452:51456] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, SystemComponent, 1)
2022-09-09T18:36:22.168Z [51452:51456] A Executing step: SetRegistryValue(HKLM\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\TamperProtection\Components\SFS, 64, IntegrityPath, C:\Program Files\Sophos\Sophos File Scanner\integrity.dat)
2022-09-09T18:36:22.168Z [51452:51456] A Executing step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Sophos File Scanner Service, 64)
2022-09-09T18:36:22.168Z [51452:51456] A Executing step: SetRegistryValue(HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Sophos File Scanner Service, 64, , service)
2022-09-09T18:36:22.168Z [51452:51456] A Executing step: CreateRegistryKey(HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosFileScanner.exe, 64)
2022-09-09T18:36:22.169Z [51452:51456] A Executing step: SetRegistryValue(HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosFileScanner.exe, 64, MaxLoaderThreads, 1)
2022-09-09T18:36:22.169Z [51452:51456] A Executing step: DeleteMatchingFiles(From C:\ProgramData\Sophos\Sophos File Scanner\Data containing 'SBK.*')
2022-09-09T18:36:22.170Z [51452:51456] I Removing file (C:\ProgramData\Sophos\Sophos File Scanner\Data\SBK-filerep-1662748580-1) => rollback backup (C:\Windows\TEMP\8a4aaee8c765ddde801177a8239f666e441d1c5b849f352cb0272988a86a25c6.tmp)
2022-09-09T18:36:22.172Z [51452:51456] I Removing file (C:\ProgramData\Sophos\Sophos File Scanner\Data\SBK-signerrep-1662748580-1) => rollback backup (C:\Windows\TEMP\0e07a2a116e1f378e32e86e547284712955981bb4472a5f64d48f7c5788552d5.tmp)
2022-09-09T18:36:22.176Z [51452:51456] A Executing step: DeleteMatchingFiles(From C:\ProgramData\Sophos\Sophos File Scanner\Logs containing 'SophosFS\.log-[0-9]+-[0-9]+')
2022-09-09T18:36:22.176Z [51452:51456] A Executing step: HealScanners(HKLM\Software\Sophos\Sophos File Scanner\Scanner, 64)
2022-09-09T18:36:22.177Z [51452:51456] I Active scanners: 0
2022-09-09T18:36:22.177Z [51452:51456] A Executing step: SetEngineDataPermissions
2022-09-09T18:36:22.177Z [51452:51456] I Setting permissions on virus data files in C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384
2022-09-09T18:36:22.244Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022080203.ide
2022-09-09T18:36:22.245Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022080205.ide
2022-09-09T18:36:22.245Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022080301.ide
2022-09-09T18:36:22.246Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022080308.ide
2022-09-09T18:36:22.246Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022080401.ide
2022-09-09T18:36:22.247Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022080501.ide
2022-09-09T18:36:22.248Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022080601.ide
2022-09-09T18:36:22.248Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022080602.ide
2022-09-09T18:36:22.249Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022080701.ide
2022-09-09T18:36:22.249Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022080801.ide
2022-09-09T18:36:22.250Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022080803.ide
2022-09-09T18:36:22.250Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022080901.ide
2022-09-09T18:36:22.251Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022080902.ide
2022-09-09T18:36:22.251Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022080903.ide
2022-09-09T18:36:22.252Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022081001.ide
2022-09-09T18:36:22.252Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022081003.ide
2022-09-09T18:36:22.253Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022081004.ide
2022-09-09T18:36:22.254Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022081102.ide
2022-09-09T18:36:22.255Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022081104.ide
2022-09-09T18:36:22.256Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022081201.ide
2022-09-09T18:36:22.256Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022081202.ide
2022-09-09T18:36:22.257Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022081203.ide
2022-09-09T18:36:22.257Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022081401.ide
2022-09-09T18:36:22.258Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022081501.ide
2022-09-09T18:36:22.258Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022081502.ide
2022-09-09T18:36:22.260Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022081504.ide
2022-09-09T18:36:22.261Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022081601.ide
2022-09-09T18:36:22.261Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022081602.ide
2022-09-09T18:36:22.262Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022081604.ide
2022-09-09T18:36:22.262Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022081701.ide
2022-09-09T18:36:22.263Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022081703.ide
2022-09-09T18:36:22.264Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022081706.ide
2022-09-09T18:36:22.264Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022081801.ide
2022-09-09T18:36:22.266Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022081804.ide
2022-09-09T18:36:22.266Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022081902.ide
2022-09-09T18:36:22.267Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022081904.ide
2022-09-09T18:36:22.267Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022081906.ide
2022-09-09T18:36:22.268Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022082001.ide
2022-09-09T18:36:22.268Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022082201.ide
2022-09-09T18:36:22.269Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022082205.ide
2022-09-09T18:36:22.270Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022082207.ide
2022-09-09T18:36:22.272Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022082301.ide
2022-09-09T18:36:22.273Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022082305.ide
2022-09-09T18:36:22.273Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022082307.ide
2022-09-09T18:36:22.274Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022082401.ide
2022-09-09T18:36:22.275Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022082405.ide
2022-09-09T18:36:22.275Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022082501.ide
2022-09-09T18:36:22.276Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022082503.ide
2022-09-09T18:36:22.277Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022082505.ide
2022-09-09T18:36:22.278Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022082603.ide
2022-09-09T18:36:22.278Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022082605.ide
2022-09-09T18:36:22.279Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022082607.ide
2022-09-09T18:36:22.280Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022082701.ide
2022-09-09T18:36:22.280Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022082903.ide
2022-09-09T18:36:22.281Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022082905.ide
2022-09-09T18:36:22.282Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022083001.ide
2022-09-09T18:36:22.283Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022083003.ide
2022-09-09T18:36:22.283Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022083007.ide
2022-09-09T18:36:22.284Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022083101.ide
2022-09-09T18:36:22.285Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022083102.ide
2022-09-09T18:36:22.285Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022083103.ide
2022-09-09T18:36:22.286Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022090103.ide
2022-09-09T18:36:22.287Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022090104.ide
2022-09-09T18:36:22.287Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022090105.ide
2022-09-09T18:36:22.288Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022090201.ide
2022-09-09T18:36:22.289Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022090204.ide
2022-09-09T18:36:22.290Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022090205.ide
2022-09-09T18:36:22.291Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022090301.ide
2022-09-09T18:36:22.292Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022090401.ide
2022-09-09T18:36:22.292Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022090501.ide
2022-09-09T18:36:22.293Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022090504.ide
2022-09-09T18:36:22.293Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022090507.ide
2022-09-09T18:36:22.294Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022090603.ide
2022-09-09T18:36:22.295Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022090604.ide
2022-09-09T18:36:22.295Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022090605.ide
2022-09-09T18:36:22.296Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022090701.ide
2022-09-09T18:36:22.296Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022090704.ide
2022-09-09T18:36:22.297Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022090707.ide
2022-09-09T18:36:22.297Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022090801.ide
2022-09-09T18:36:22.298Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022090802.ide
2022-09-09T18:36:22.299Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022090803.ide
2022-09-09T18:36:22.300Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022090901.ide
2022-09-09T18:36:22.301Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\2022090902.ide
2022-09-09T18:36:22.301Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\manifestdata.dat
2022-09-09T18:36:22.302Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\vdl.dat
2022-09-09T18:36:22.303Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\vdla01.vdb
2022-09-09T18:36:22.304Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\vdla02.vdb
2022-09-09T18:36:22.305Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\vdla03.vdb
2022-09-09T18:36:22.306Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\vdla04.vdb
2022-09-09T18:36:22.307Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\vdla05.vdb
2022-09-09T18:36:22.308Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\vdla06.vdb
2022-09-09T18:36:22.309Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\vdla07.vdb
2022-09-09T18:36:22.309Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\vdla08.vdb
2022-09-09T18:36:22.311Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\vdla09.vdb
2022-09-09T18:36:22.312Z [51452:51456] I Set permissions on C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16627437735799384\vdla10.vdb
2022-09-09T18:36:22.312Z [51452:51456] A Executing step: Start service step: Sophos File Scanner Service
2022-09-09T18:36:24.393Z [51452:51456] I Service is running.
2022-09-09T18:36:24.393Z [51452:51456] A Commit step: Verify the installset is valid
2022-09-09T18:36:24.393Z [51452:51456] A Commit step: SFS directory installer
2022-09-09T18:36:24.393Z [51452:51456] A Commit step: Create directory C:\Program Files\Sophos\Sophos File Scanner and all parent directories
2022-09-09T18:36:24.393Z [51452:51456] A Commit step: Create directory C:\ProgramData\Sophos\Sophos File Scanner and all parent directories
2022-09-09T18:36:24.393Z [51452:51456] A Commit step: CreateDirectory(C:\ProgramData\Sophos\Sophos File Scanner\Logs)
2022-09-09T18:36:24.393Z [51452:51456] A Commit step: CreateDirectory(C:\ProgramData\Sophos\Sophos File Scanner\Data)
2022-09-09T18:36:24.393Z [51452:51456] A Commit step: CreateDirectory(C:\ProgramData\Sophos\Sophos File Scanner\SaviTemp)
2022-09-09T18:36:24.393Z [51452:51456] A Commit step: CreateDirectory(C:\ProgramData\Sophos\Sophos File Scanner\Drop)
2022-09-09T18:36:24.393Z [51452:51456] A Commit step: CreateDirectory(C:\ProgramData\Sophos\Sophos File Scanner\Staging)
2022-09-09T18:36:24.393Z [51452:51456] A SFS directory installer completed successfully.
2022-09-09T18:36:24.393Z [51452:51456] A Commit step: SAU product key installer for {591706A7-9603-4255-A65F-EA49BB11E8AC}
2022-09-09T18:36:24.393Z [51452:51456] A Commit step: CreateRegistryKey(HKLM\SOFTWARE\Sophos\AutoUpdate\Products\{591706A7-9603-4255-A65F-EA49BB11E8AC}, 32)
2022-09-09T18:36:24.393Z [51452:51456] A Commit step: SetRegistryValue(HKLM\SOFTWARE\Sophos\AutoUpdate\Products\{591706A7-9603-4255-A65F-EA49BB11E8AC}, 32, CidFolderPath, sfs64)
2022-09-09T18:36:24.393Z [51452:51456] A Commit step: SetRegistryValue(HKLM\SOFTWARE\Sophos\AutoUpdate\Products\{591706A7-9603-4255-A65F-EA49BB11E8AC}, 32, ProductName, Sophos File Scanner)
2022-09-09T18:36:24.393Z [51452:51456] A SAU product key installer for {591706A7-9603-4255-A65F-EA49BB11E8AC} completed successfully.
2022-09-09T18:36:24.393Z [51452:51456] A Commit step: SFS application key installer
2022-09-09T18:36:24.393Z [51452:51456] A Commit step: CreateRegistryKey(HKLM\Software\Sophos\Sophos File Scanner, 64)
2022-09-09T18:36:24.393Z [51452:51456] A Commit step: CreateRegistryKey(HKLM\Software\Sophos\Sophos File Scanner\Application, 64)
2022-09-09T18:36:24.393Z [51452:51456] A Commit step: CreateRegistryKey(HKLM\Software\Sophos\Sophos File Scanner\Application\Versions, 64)
2022-09-09T18:36:24.393Z [51452:51456] A Commit step: CreateRegistryKey(HKLM\Software\Sophos\Sophos File Scanner\Scanner, 64)
2022-09-09T18:36:24.393Z [51452:51456] A Commit step: CreateRegistryKey(HKLM\Software\Sophos\Sophos File Scanner\Telemetry, 64)
2022-09-09T18:36:24.393Z [51452:51456] A Commit step: SetRegistryValue(HKLM\Software\Sophos\Sophos File Scanner\Application, 64, ProductPath, C:\Program Files\Sophos\Sophos File Scanner)
2022-09-09T18:36:24.393Z [51452:51456] A Commit step: SetRegistryValue(HKLM\Software\Sophos\Sophos File Scanner\Application, 64, ProductVersion, 1.9.24.1)
2022-09-09T18:36:24.393Z [51452:51456] A Commit step: SetRegistryValue(HKLM\Software\Sophos\Sophos File Scanner\Application, 64, Upgrading, 0)
2022-09-09T18:36:24.393Z [51452:51456] A SFS application key installer completed successfully.
2022-09-09T18:36:24.393Z [51452:51456] A Commit step: SetRegistryValue(HKLM\Software\Sophos\Sophos File Scanner\Application, 64, Upgrading, 1)
2022-09-09T18:36:24.393Z [51452:51456] A Commit step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\TamperProtection\Components\SFS, 64)
2022-09-09T18:36:24.394Z [51452:51456] A Commit step: DeleteMatchingFiles(From C:\Program Files\Sophos\Sophos File Scanner containing 'SBK.*')
2022-09-09T18:36:24.398Z [51452:51456] A Commit step: SetRegistryValue(HKLM\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\TamperProtection\Components\SFS, 64, Enable, 0)
2022-09-09T18:36:24.398Z [51452:51456] A Commit step: Stop service step: Sophos File Scanner Service
2022-09-09T18:36:24.398Z [51452:51456] A Commit step: Delete service step: Sophos File Scanner Service
2022-09-09T18:36:24.398Z [51452:51456] A Commit step: Install service step: Sophos File Scanner Service
2022-09-09T18:36:24.398Z [51452:51456] A Commit step: SetRegistryValue(HKLM\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\TamperProtection\Components\SFS, 64, Enable, 1)
2022-09-09T18:36:24.398Z [51452:51456] A Commit step: Rename file C:\Program Files\Sophos\Sophos File Scanner\SophosFileScanner.exe to C:\Program Files\Sophos\Sophos File Scanner\SBK1662748580-1
2022-09-09T18:36:24.398Z [51452:51456] A Commit step: Rename file C:\ProgramData\Sophos\Sophos File Scanner\Data\filerep.dat to C:\ProgramData\Sophos\Sophos File Scanner\Data\SBK-filerep-1662748580-1
2022-09-09T18:36:24.398Z [51452:51456] A Commit step: Rename file C:\ProgramData\Sophos\Sophos File Scanner\Data\signerrep.dat to C:\ProgramData\Sophos\Sophos File Scanner\Data\SBK-signerrep-1662748580-1
2022-09-09T18:36:24.398Z [51452:51456] A Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sfs64\filerep.dat, C:\ProgramData\Sophos\Sophos File Scanner\Data\filerep.dat)
2022-09-09T18:36:24.398Z [51452:51456] A Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sfs64\signerrep.dat, C:\ProgramData\Sophos\Sophos File Scanner\Data\signerrep.dat)
2022-09-09T18:36:24.398Z [51452:51456] A Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sfs64\Sophos\Sophos File Scanner\SophosFileScanner.exe, C:\Program Files\Sophos\Sophos File Scanner\SophosFileScanner.exe)
2022-09-09T18:36:24.398Z [51452:51456] A Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sfs64\Sophos\Sophos File Scanner\integrity.dat, C:\Program Files\Sophos\Sophos File Scanner\integrity.dat)
2022-09-09T18:36:24.401Z [51452:51456] A Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sfs64\Sophos\Sophos File Scanner\SophosFS.exe, C:\Program Files\Sophos\Sophos File Scanner\SophosFS.exe)
2022-09-09T18:36:24.405Z [51452:51456] A Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sfs64\Sophos\Sophos File Scanner\Uninstall.exe, C:\Program Files\Sophos\Sophos File Scanner\Uninstall.exe)
2022-09-09T18:36:24.409Z [51452:51456] A Commit step: DeleteRegistryKey(HKLM\Software\Sophos\Health\ProcessNotification\Sophos File Scanner, 32)
2022-09-09T18:36:24.413Z [51452:51456] A Commit step: DeleteFile(C:\Program Files\Sophos\Sophos File Scanner\Telemetry.exe)
2022-09-09T18:36:24.413Z [51452:51456] A Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sfs64\Sophos\Sophos File Scanner\SophosFSTelemetry.exe, C:\Program Files\Sophos\Sophos File Scanner\SophosFSTelemetry.exe)
2022-09-09T18:36:24.415Z [51452:51456] A Commit step: SFS Telemetry installer
2022-09-09T18:36:24.415Z [51452:51456] A Commit step: CreateRegistryKey(HKLM\SOFTWARE\Sophos\Telemetry\Plugins\SFS, 32)
2022-09-09T18:36:24.415Z [51452:51456] A Commit step: SetRegistryValue(HKLM\SOFTWARE\Sophos\Telemetry\Plugins\SFS, 32, Cmd, SophosFSTelemetry.exe)
2022-09-09T18:36:24.415Z [51452:51456] A Commit step: SetRegistryValue(HKLM\SOFTWARE\Sophos\Telemetry\Plugins\SFS, 32, Path, C:\Program Files\Sophos\Sophos File Scanner\SophosFSTelemetry.exe)
2022-09-09T18:36:24.415Z [51452:51456] A SFS Telemetry installer completed successfully.
2022-09-09T18:36:24.415Z [51452:51456] A Commit step: SFS add remove program key installer
2022-09-09T18:36:24.415Z [51452:51456] A Commit step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64)
2022-09-09T18:36:24.415Z [51452:51456] A Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, AuthorizedCDFPrefix, )
2022-09-09T18:36:24.415Z [51452:51456] A Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, Comments, Sophos File Scanner)
2022-09-09T18:36:24.415Z [51452:51456] A Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, Contact, Sophos Technical Support)
2022-09-09T18:36:24.415Z [51452:51456] A Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, DisplayIcon, "C:\Program Files\Sophos\Sophos File Scanner\SophosFS.exe")
2022-09-09T18:36:24.415Z [51452:51456] A Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, DisplayName, Sophos File Scanner)
2022-09-09T18:36:24.415Z [51452:51456] A Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, DisplayVersion, 1.9.24.1)
2022-09-09T18:36:24.415Z [51452:51456] A Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, EstimatedSize, 6084)
2022-09-09T18:36:24.415Z [51452:51456] A Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, HelpLink, http://www.sophos.com/support)
2022-09-09T18:36:24.415Z [51452:51456] A Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, InstallDate, 20220909)
2022-09-09T18:36:24.415Z [51452:51456] A Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, InstallLocation, C:\Program Files\Sophos\Sophos File Scanner)
2022-09-09T18:36:24.415Z [51452:51456] A Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, InstallSource, )
2022-09-09T18:36:24.415Z [51452:51456] A Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, Language, 1033)
2022-09-09T18:36:24.415Z [51452:51456] A Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, ModifyPath, )
2022-09-09T18:36:24.415Z [51452:51456] A Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, NoModify, 1)
2022-09-09T18:36:24.416Z [51452:51456] A Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, NoRepair, 1)
2022-09-09T18:36:24.416Z [51452:51456] A Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, Publisher, Sophos Limited)
2022-09-09T18:36:24.416Z [51452:51456] A Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, UninstallString, "C:\Program Files\Sophos\Sophos File Scanner\Uninstall.exe")
2022-09-09T18:36:24.416Z [51452:51456] A Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, URLInfoAbout, http://www.sophos.com)
2022-09-09T18:36:24.416Z [51452:51456] A Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, VersionMajor, 1)
2022-09-09T18:36:24.416Z [51452:51456] A Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, VersionMinor, 9)
2022-09-09T18:36:24.416Z [51452:51456] A Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}, 64, SystemComponent, 1)
2022-09-09T18:36:24.416Z [51452:51456] A SFS add remove program key installer completed successfully.
2022-09-09T18:36:24.416Z [51452:51456] A Commit step: SetRegistryValue(HKLM\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\TamperProtection\Components\SFS, 64, IntegrityPath, C:\Program Files\Sophos\Sophos File Scanner\integrity.dat)
2022-09-09T18:36:24.416Z [51452:51456] A Commit step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Sophos File Scanner Service, 64)
2022-09-09T18:36:24.416Z [51452:51456] A Commit step: SetRegistryValue(HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Sophos File Scanner Service, 64, , service)
2022-09-09T18:36:24.416Z [51452:51456] A Commit step: CreateRegistryKey(HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosFileScanner.exe, 64)
2022-09-09T18:36:24.416Z [51452:51456] A Commit step: SetRegistryValue(HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosFileScanner.exe, 64, MaxLoaderThreads, 1)
2022-09-09T18:36:24.416Z [51452:51456] A Commit step: DeleteMatchingFiles(From C:\ProgramData\Sophos\Sophos File Scanner\Data containing 'SBK.*')
2022-09-09T18:36:24.423Z [51452:51456] A Commit step: DeleteMatchingFiles(From C:\ProgramData\Sophos\Sophos File Scanner\Logs containing 'SophosFS\.log-[0-9]+-[0-9]+')
2022-09-09T18:36:24.423Z [51452:51456] A Commit step: HealScanners(HKLM\Software\Sophos\Sophos File Scanner\Scanner, 64)
2022-09-09T18:36:24.423Z [51452:51456] A Commit step: SetEngineDataPermissions
2022-09-09T18:36:24.423Z [51452:51456] A Commit step: Start service step: Sophos File Scanner Service
2022-09-09T18:36:24.423Z [51452:51456] A SFS overall installer completed successfully.
2022-09-09T18:36:24.423Z [51452:51456] A Action was successful, reboot is not required
2022-09-09T18:36:24.424Z [51452:51456] A End product setup

__________________________________________________________________________________



This thread was automatically locked due to age.
Parents Reply Children
No Data