Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Subscribers 13 subscribers
  • Views 4544 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

MTR Update failure v2.4.0.59

LHerzog

happens today:

C:\ProgramData\Sophos\AutoUpdate\Logs\SophosUpdate.log

2023-09-27T07:14:15.702Z [ 9848:13456] I Installing component MTR64 (MTR64) 2.4.0.59
2023-09-27T07:14:15.889Z [ 9848:13456] I setupDll='C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\setup64.dll'; setupExe='C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\su-setup64.exe'.
2023-09-27T07:14:15.890Z [ 9848:13456] I Enabling same AM-PPL protection level as parent for child process
2023-09-27T07:14:15.995Z [ 1300: 8516] I Loading attested files from: 'C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\integrity.dat'
2023-09-27T07:14:16.002Z [ 1300: 8516] I Loading attested files from: 'C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\scm_integrity.dat'
2023-09-27T07:14:16.083Z [ 1300: 8516] I Successfully established interface IProductSetup2.
2023-09-27T07:14:49.262Z [ 1300: 8516] I Reboot state: 0
2023-09-27T07:14:49.262Z [ 1300: 8516] W Failed to install product MTR64.
2023-09-27T07:14:49.271Z [ 9848:13456] E su-setup: exit 1
2023-09-27T07:14:49.272Z [ 9848:13456] E [SAU] Failed to install product MTR64 (MTR64) 2.4.0.59

C:\ProgramData\Sophos\Managed Threat Response\Logs\dbos.log

{"level":"info","timestamp":"2023-09-27T09:08:39.393+0200","pkg":"sophos.logger","msg":"logging configured","fileName":"C:\\ProgramData\\Sophos\\Managed Threat Response\\Logs\\dbos.log","maxSizeMB":10,"maxBackups":3,"level":"info","maxAgeInDays":30}
{"level":"info","timestamp":"2023-09-27T09:08:39.554+0200","pkg":"sophos","msg":"Sophos Managed Threat Response","version":"'2.4.0.41'","Commit":"'8c839de0cf0f5d41a35693344d1d445879b7c915'"}
{"level":"info","timestamp":"2023-09-27T09:08:39.555+0200","pkg":"sophos.logger","msg":"logging configured","fileName":"C:\\ProgramData\\Sophos\\Managed Threat Response\\Logs\\dbos.log","maxSizeMB":10,"maxBackups":3,"level":"info","maxAgeInDays":30}
{"level":"info","timestamp":"2023-09-27T09:08:39.559+0200","pkg":"sophos.logger","msg":"default logger updated"}
{"level":"fatal","timestamp":"2023-09-27T09:08:39.559+0200","pkg":"sophos","msg":"error loading service","error":"Der Dienstprozess konnte keine Verbindung mit dem Dienstcontroller herstellen."}
{"level":"info","timestamp":"2023-09-27T09:15:14.713+0200","pkg":"sophos.logger","msg":"logging configured","fileName":"C:\\ProgramData\\Sophos\\Managed Threat Response\\Logs\\dbos.log","maxSizeMB":10,"maxBackups":3,"level":"info","maxAgeInDays":30}
{"level":"info","timestamp":"2023-09-27T09:15:14.884+0200","pkg":"sophos","msg":"Sophos Managed Threat Response","version":"'2.4.0.41'","Commit":"'8c839de0cf0f5d41a35693344d1d445879b7c915'"}
{"level":"info","timestamp":"2023-09-27T09:15:14.884+0200","pkg":"sophos.logger","msg":"logging configured","fileName":"C:\\ProgramData\\Sophos\\Managed Threat Response\\Logs\\dbos.log","maxSizeMB":10,"maxBackups":3,"level":"info","maxAgeInDays":30}
{"level":"info","timestamp":"2023-09-27T09:15:14.889+0200","pkg":"sophos.logger","msg":"default logger updated"}
{"level":"fatal","timestamp":"2023-09-27T09:15:14.889+0200","pkg":"sophos","msg":"error loading service","error":"Der Dienstprozess konnte keine Verbindung mit dem Dienstcontroller herstellen."}

C:\Windows\Temp\Sophos MTR Install Log 2023-09-27 07-14-16Z.txt

2023-09-27T07:14:16.083Z [ 1300: 8516] A Begin product setup
2023-09-27T07:14:16.083Z [ 1300: 8516] A Begin install
2023-09-27T07:14:16.092Z [ 1300: 8516] I Verbose level was not set in ImagePath, not carrying over to post upgrade
2023-09-27T07:14:16.092Z [ 1300: 8516] A Executing step: Tamper protection of the MTR_SCM component will be set to: OFF
2023-09-27T07:14:16.096Z [ 1300: 8516] I Waiting for operation to succeed within 60000ms.
2023-09-27T07:14:16.096Z [ 1300: 8516] A Tamper protection of the MTR_SCM component has been set to: OFF
2023-09-27T07:14:16.096Z [ 1300: 8516] A Executing step: Stop service step without disabling tamper protection for service: Sophos Managed Threat Response
2023-09-27T07:14:16.096Z [ 1300: 8516] I Service Sophos Managed Threat Response already stopped.
2023-09-27T07:14:16.096Z [ 1300: 8516] A Executing step: Delete directory (C:\ProgramData\Sophos\Managed Threat Response\Data) and its contents, if any.
2023-09-27T07:14:16.096Z [ 1300: 8516] A Executing step: DeleteRegistryKey(HKLM\SOFTWARE\Sophos\Telemetry\Plugins\MTR, 32)
2023-09-27T07:14:16.096Z [ 1300: 8516] A Executing step: DeleteFile(C:\Program Files\Sophos\Managed Threat Response\SophosMTRTelemetry.exe)
2023-09-27T07:14:16.097Z [ 1300: 8516] A Executing step: Trickbot protection key install steps forSophosMTRTelemetry.exe
2023-09-27T07:14:16.097Z [ 1300: 8516] A Executing step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosMTRTelemetry.exe, 0)
2023-09-27T07:14:16.097Z [ 1300: 8516] A Executing step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTRTelemetry.exe, 64)
2023-09-27T07:14:16.097Z [ 1300: 8516] A Executing step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTRTelemetry.exe, 32)
2023-09-27T07:14:16.097Z [ 1300: 8516] A Executing step: Delete service step: Sophos Managed Threat Response
2023-09-27T07:14:16.097Z [ 1300: 8516] I Querying configuration of service: Sophos Managed Threat Response
2023-09-27T07:14:16.098Z [ 1300: 8516] I Waiting 60000ms for service deletion
2023-09-27T07:14:16.098Z [ 1300: 8516] I Waiting for operation to succeed within 60000ms.
2023-09-27T07:14:16.098Z [ 1300: 8516] W Service still exists, waiting...
2023-09-27T07:14:17.112Z [ 1300: 8516] I Retrying operation. Counter: 1
2023-09-27T07:14:17.112Z [ 1300: 8516] A Successfully deleted service: Sophos Managed Threat Response
2023-09-27T07:14:17.113Z [ 1300: 8516] A Executing step: MTR install directories
2023-09-27T07:14:17.113Z [ 1300: 8516] A Executing step: Create directory C:\Program Files\Sophos\Managed Threat Response and all parent directories
2023-09-27T07:14:17.113Z [ 1300: 8516] A Executing step: Create directory C:\ProgramData\Sophos\Managed Threat Response and all parent directories
2023-09-27T07:14:17.117Z [ 1300: 8516] I Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;LS)(A;OICI;FR;;;BU)
2023-09-27T07:14:17.126Z [ 1300: 8516] A Executing step: Create directory C:\ProgramData\Sophos\Certificates\Managed Threat Response and all parent directories
2023-09-27T07:14:17.127Z [ 1300: 8516] I Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;LS)(A;OICI;FR;;;BU)
2023-09-27T07:14:17.132Z [ 1300: 8516] A Executing step: Create directory C:\ProgramData\Sophos\Managed Threat Response\Config and all parent directories
2023-09-27T07:14:17.133Z [ 1300: 8516] I Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;LS)(A;OICI;FR;;;BU)
2023-09-27T07:14:17.136Z [ 1300: 8516] A Executing step: Create directory C:\ProgramData\Sophos\Managed Threat Response\Logs and all parent directories
2023-09-27T07:14:17.137Z [ 1300: 8516] I Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;LS)(A;OICI;FR;;;BU)
2023-09-27T07:14:17.141Z [ 1300: 8516] A Executing step: Install service step: Sophos Managed Threat Response
2023-09-27T07:14:17.150Z [ 1300: 8516] A Executing step: Tamper protection will be updated for the main component, if rollback is triggered.
2023-09-27T07:14:17.150Z [ 1300: 8516] A Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\integrity.dat, C:\Program Files\Sophos\Managed Threat Response\integrity.dat)
2023-09-27T07:14:17.155Z [ 1300: 8516] A Executing step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Components\MTR, 64)
2023-09-27T07:14:17.156Z [ 1300: 8516] A Executing step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Services\Sophos Managed Threat Response, 64)
2023-09-27T07:14:17.156Z [ 1300: 8516] A Executing step: Tamper protection will be updated for the main component.
2023-09-27T07:14:17.161Z [ 1300: 8516] I Waiting for operation to succeed within 60000ms.
2023-09-27T07:14:17.161Z [ 1300: 8516] I Tamper protection for the main component has been updated.
2023-09-27T07:14:17.161Z [ 1300: 8516] A Executing step: MTR adapter installer
2023-09-27T07:14:17.161Z [ 1300: 8516] A Executing step: DeleteRegistryKey(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters\MDR, 32)
2023-09-27T07:14:17.166Z [ 1300: 8516] A Executing step: WaitForLockedFile(C:\Program Files\Sophos\Managed Threat Response\MTRAdapter.dll, 60, WaitOnInstallToUnlock)
2023-09-27T07:14:17.166Z [ 1300: 8516] I Waiting for operation to succeed within 60000ms.
2023-09-27T07:14:17.268Z [ 1300: 8516] I Retrying operation. Counter: 1
2023-09-27T07:14:17.269Z [ 1300: 8516] A Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\MTRAdapter.dll, C:\Program Files\Sophos\Managed Threat Response\MTRAdapter.dll)
2023-09-27T07:14:17.278Z [ 1300: 8516] A Executing step: WaitForLockedFile(C:\Program Files\Sophos\Managed Threat Response\MTRAdapter.dll, 60, WaitOnRollbackToUnlock)
2023-09-27T07:14:17.278Z [ 1300: 8516] A Executing step: CreateRegistryKey(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters\MDR, 32)
2023-09-27T07:14:17.279Z [ 1300: 8516] A Executing step: SetRegistryValue(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters\MDR, 32, DllPath, C:\Program Files\Sophos\Managed Threat Response\MTRAdapter.dll)
2023-09-27T07:14:17.279Z [ 1300: 8516] A Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\SophosMTR.exe, C:\Program Files\Sophos\Managed Threat Response\SophosMTR.exe)
2023-09-27T07:14:17.299Z [ 1300: 8516] A Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\SophosMTRUninstall.exe, C:\Program Files\Sophos\Managed Threat Response\SophosMTRUninstall.exe)
2023-09-27T07:14:17.307Z [ 1300: 8516] A Executing step: Trickbot protection key install steps forSophosMTRUninstall.exe
2023-09-27T07:14:17.307Z [ 1300: 8516] A Executing step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosMTRUninstall.exe, 0)
2023-09-27T07:14:17.311Z [ 1300: 8516] A Executing step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosMTRUninstall.exe, 0)
2023-09-27T07:14:17.311Z [ 1300: 8516] A Executing step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTRUninstall.exe, 64)
2023-09-27T07:14:17.314Z [ 1300: 8516] A Executing step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTRUninstall.exe, 64)
2023-09-27T07:14:17.315Z [ 1300: 8516] A Executing step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTRUninstall.exe, 32)
2023-09-27T07:14:17.318Z [ 1300: 8516] A Executing step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTRUninstall.exe, 32)
2023-09-27T07:14:17.318Z [ 1300: 8516] A Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\certificate.crt, C:\ProgramData\Sophos\Certificates\Managed Threat Response\certificate.crt)
2023-09-27T07:14:17.326Z [ 1300: 8516] A Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\NOTICE.txt, C:\Program Files\Sophos\Managed Threat Response\NOTICE.txt)
2023-09-27T07:14:17.331Z [ 1300: 8516] A Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\SophosMTR_NOTICE.txt, C:\Program Files\Sophos\Managed Threat Response\SophosMTR_NOTICE.txt)
2023-09-27T07:14:17.339Z [ 1300: 8516] A Executing step: Trickbot protection key install steps forSophosMTR.exe
2023-09-27T07:14:17.339Z [ 1300: 8516] A Executing step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosMTR.exe, 0)
2023-09-27T07:14:17.343Z [ 1300: 8516] A Executing step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosMTR.exe, 0)
2023-09-27T07:14:17.343Z [ 1300: 8516] A Executing step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTR.exe, 64)
2023-09-27T07:14:17.348Z [ 1300: 8516] A Executing step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTR.exe, 64)
2023-09-27T07:14:17.348Z [ 1300: 8516] A Executing step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTR.exe, 32)
2023-09-27T07:14:17.352Z [ 1300: 8516] A Executing step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTR.exe, 32)
2023-09-27T07:14:17.352Z [ 1300: 8516] A Executing step: MTR add remove program key installer
2023-09-27T07:14:17.352Z [ 1300: 8516] A Executing step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64)
2023-09-27T07:14:17.352Z [ 1300: 8516] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64, DisplayName, Sophos Managed Threat Response)
2023-09-27T07:14:17.352Z [ 1300: 8516] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64, DisplayVersion, 2.4.0.53)
2023-09-27T07:14:17.352Z [ 1300: 8516] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64, Publisher, Sophos Limited)
2023-09-27T07:14:17.352Z [ 1300: 8516] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64, SystemComponent, 1)
2023-09-27T07:14:17.353Z [ 1300: 8516] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64, UninstallString, "C:\Program Files\Sophos\Managed Threat Response\SophosMTRUninstall.exe")
2023-09-27T07:14:17.353Z [ 1300: 8516] A Executing step: Start tamper-protected service step: Sophos Managed Threat Response
2023-09-27T07:14:17.353Z [ 1300: 8516] I Querying configuration of service: Sophos Managed Threat Response
2023-09-27T07:14:47.993Z [ 1300: 8516] E Exception starting tamper protected service: StartService failed with error 1053: Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
2023-09-27T07:14:47.994Z [ 1300: 8516] W Cannot determine service PID; service is in invalid state: 1
2023-09-27T07:14:47.995Z [ 1300: 8516] I StopCommand key was set
2023-09-27T07:14:47.995Z [ 1300: 8516] I Waiting 60000ms for service stop
2023-09-27T07:14:47.995Z [ 1300: 8516] I Waiting for operation to succeed within 60000ms.
2023-09-27T07:14:47.996Z [ 1300: 8516] I Service has stopped.
2023-09-27T07:14:47.996Z [ 1300: 8516] I StopCommand key was removed
2023-09-27T07:14:47.997Z [ 1300: 8516] W StartService failed with error 1053: Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
2023-09-27T07:14:47.997Z [ 1300: 8516] E Failed step: Start tamper-protected service step: Sophos Managed Threat Response, rolling back previous steps
2023-09-27T07:14:47.997Z [ 1300: 8516] A Rolling back step: MTR add remove program key installer
2023-09-27T07:14:47.997Z [ 1300: 8516] A Rolling back step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64, UninstallString, "C:\Program Files\Sophos\Managed Threat Response\SophosMTRUninstall.exe")
2023-09-27T07:14:47.997Z [ 1300: 8516] A Rolling back step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64, SystemComponent, 1)
2023-09-27T07:14:47.997Z [ 1300: 8516] A Rolling back step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64, Publisher, Sophos Limited)
2023-09-27T07:14:47.997Z [ 1300: 8516] A Rolling back step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64, DisplayVersion, 2.4.0.53)
2023-09-27T07:14:47.998Z [ 1300: 8516] A Rolling back step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64, DisplayName, Sophos Managed Threat Response)
2023-09-27T07:14:47.998Z [ 1300: 8516] A Rolling back step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64)
2023-09-27T07:14:47.998Z [ 1300: 8516] A Rolling back step: Trickbot protection key install steps forSophosMTR.exe
2023-09-27T07:14:47.998Z [ 1300: 8516] A Rolling back step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTR.exe, 32)
2023-09-27T07:14:47.999Z [ 1300: 8516] A Rolling back step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTR.exe, 32)
2023-09-27T07:14:48.006Z [ 1300: 8516] A Rolling back step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTR.exe, 64)
2023-09-27T07:14:48.007Z [ 1300: 8516] A Rolling back step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTR.exe, 64)
2023-09-27T07:14:48.012Z [ 1300: 8516] A Rolling back step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosMTR.exe, 0)
2023-09-27T07:14:48.012Z [ 1300: 8516] A Rolling back step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosMTR.exe, 0)
2023-09-27T07:14:48.019Z [ 1300: 8516] A Rolling back step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\SophosMTR_NOTICE.txt, C:\Program Files\Sophos\Managed Threat Response\SophosMTR_NOTICE.txt)
2023-09-27T07:14:48.026Z [ 1300: 8516] A Rolling back step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\NOTICE.txt, C:\Program Files\Sophos\Managed Threat Response\NOTICE.txt)
2023-09-27T07:14:48.031Z [ 1300: 8516] A Rolling back step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\certificate.crt, C:\ProgramData\Sophos\Certificates\Managed Threat Response\certificate.crt)
2023-09-27T07:14:48.041Z [ 1300: 8516] A Rolling back step: Trickbot protection key install steps forSophosMTRUninstall.exe
2023-09-27T07:14:48.041Z [ 1300: 8516] A Rolling back step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTRUninstall.exe, 32)
2023-09-27T07:14:48.042Z [ 1300: 8516] A Rolling back step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTRUninstall.exe, 32)
2023-09-27T07:14:48.045Z [ 1300: 8516] A Rolling back step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTRUninstall.exe, 64)
2023-09-27T07:14:48.046Z [ 1300: 8516] A Rolling back step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTRUninstall.exe, 64)
2023-09-27T07:14:48.050Z [ 1300: 8516] A Rolling back step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosMTRUninstall.exe, 0)
2023-09-27T07:14:48.051Z [ 1300: 8516] A Rolling back step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosMTRUninstall.exe, 0)
2023-09-27T07:14:48.056Z [ 1300: 8516] A Rolling back step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\SophosMTRUninstall.exe, C:\Program Files\Sophos\Managed Threat Response\SophosMTRUninstall.exe)
2023-09-27T07:14:48.060Z [ 1300: 8516] A Rolling back step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\SophosMTR.exe, C:\Program Files\Sophos\Managed Threat Response\SophosMTR.exe)
2023-09-27T07:14:48.073Z [ 1300: 8516] W DeleteFile: C:\Program Files\Sophos\Managed Threat Response\SophosMTR.exe, failed with error 5: Zugriff verweigert
2023-09-27T07:14:48.077Z [ 1300: 8516] A Rolling back step: MTR adapter installer
2023-09-27T07:14:48.078Z [ 1300: 8516] A Rolling back step: SetRegistryValue(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters\MDR, 32, DllPath, C:\Program Files\Sophos\Managed Threat Response\MTRAdapter.dll)
2023-09-27T07:14:48.078Z [ 1300: 8516] A Rolling back step: CreateRegistryKey(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters\MDR, 32)
2023-09-27T07:14:48.078Z [ 1300: 8516] A Rolling back step: WaitForLockedFile(C:\Program Files\Sophos\Managed Threat Response\MTRAdapter.dll, 60, WaitOnRollbackToUnlock)
2023-09-27T07:14:48.078Z [ 1300: 8516] I Waiting for operation to succeed within 60000ms.
2023-09-27T07:14:48.182Z [ 1300: 8516] I Retrying operation. Counter: 1
2023-09-27T07:14:48.183Z [ 1300: 8516] A Rolling back step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\MTRAdapter.dll, C:\Program Files\Sophos\Managed Threat Response\MTRAdapter.dll)
2023-09-27T07:14:48.189Z [ 1300: 8516] A Rolling back step: WaitForLockedFile(C:\Program Files\Sophos\Managed Threat Response\MTRAdapter.dll, 60, WaitOnInstallToUnlock)
2023-09-27T07:14:48.189Z [ 1300: 8516] A Rolling back step: DeleteRegistryKey(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters\MDR, 32)
2023-09-27T07:14:48.194Z [ 1300: 8516] A Rolling back step: Tamper protection will be updated for the main component.
2023-09-27T07:14:48.194Z [ 1300: 8516] A Rolling back step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Services\Sophos Managed Threat Response, 64)
2023-09-27T07:14:48.194Z [ 1300: 8516] A Rolling back step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Components\MTR, 64)
2023-09-27T07:14:48.194Z [ 1300: 8516] A Rolling back step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\integrity.dat, C:\Program Files\Sophos\Managed Threat Response\integrity.dat)
2023-09-27T07:14:48.202Z [ 1300: 8516] A Rolling back step: Tamper protection will be updated for the main component, if rollback is triggered.
2023-09-27T07:14:48.213Z [ 1300: 8516] I Waiting for operation to succeed within 60000ms.
2023-09-27T07:14:48.213Z [ 1300: 8516] I Tamper protection for the main component has been updated.
2023-09-27T07:14:48.213Z [ 1300: 8516] A Rolling back step: Install service step: Sophos Managed Threat Response
2023-09-27T07:14:48.215Z [ 1300: 8516] I Waiting 60000ms for service deletion
2023-09-27T07:14:48.215Z [ 1300: 8516] I Waiting for operation to succeed within 60000ms.
2023-09-27T07:14:48.215Z [ 1300: 8516] W Service still exists, waiting...
2023-09-27T07:14:49.225Z [ 1300: 8516] I Retrying operation. Counter: 1
2023-09-27T07:14:49.226Z [ 1300: 8516] A Successfully deleted service: Sophos Managed Threat Response
2023-09-27T07:14:49.226Z [ 1300: 8516] A Rolling back step: MTR install directories
2023-09-27T07:14:49.226Z [ 1300: 8516] A Rolling back step: Create directory C:\ProgramData\Sophos\Managed Threat Response\Logs and all parent directories
2023-09-27T07:14:49.230Z [ 1300: 8516] A Rolling back step: Create directory C:\ProgramData\Sophos\Managed Threat Response\Config and all parent directories
2023-09-27T07:14:49.235Z [ 1300: 8516] A Rolling back step: Create directory C:\ProgramData\Sophos\Certificates\Managed Threat Response and all parent directories
2023-09-27T07:14:49.239Z [ 1300: 8516] A Rolling back step: Create directory C:\ProgramData\Sophos\Managed Threat Response and all parent directories
2023-09-27T07:14:49.247Z [ 1300: 8516] A Rolling back step: Create directory C:\Program Files\Sophos\Managed Threat Response and all parent directories
2023-09-27T07:14:49.247Z [ 1300: 8516] A Rolling back step: Delete service step: Sophos Managed Threat Response
2023-09-27T07:14:49.253Z [ 1300: 8516] A Rolling back step: Trickbot protection key install steps forSophosMTRTelemetry.exe
2023-09-27T07:14:49.254Z [ 1300: 8516] A Rolling back step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTRTelemetry.exe, 32)
2023-09-27T07:14:49.254Z [ 1300: 8516] A Rolling back step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTRTelemetry.exe, 64)
2023-09-27T07:14:49.254Z [ 1300: 8516] A Rolling back step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosMTRTelemetry.exe, 0)
2023-09-27T07:14:49.254Z [ 1300: 8516] A Rolling back step: DeleteFile(C:\Program Files\Sophos\Managed Threat Response\SophosMTRTelemetry.exe)
2023-09-27T07:14:49.254Z [ 1300: 8516] A Rolling back step: DeleteRegistryKey(HKLM\SOFTWARE\Sophos\Telemetry\Plugins\MTR, 32)
2023-09-27T07:14:49.254Z [ 1300: 8516] A Rolling back step: Delete directory (C:\ProgramData\Sophos\Managed Threat Response\Data) and its contents, if any.
2023-09-27T07:14:49.255Z [ 1300: 8516] A Rolling back step: Stop service step without disabling tamper protection for service: Sophos Managed Threat Response
2023-09-27T07:14:49.255Z [ 1300: 8516] I Service was already missing or stopped
2023-09-27T07:14:49.255Z [ 1300: 8516] A Rolling back step: Tamper protection of the MTR_SCM component will be set to: OFF
2023-09-27T07:14:49.261Z [ 1300: 8516] I Waiting for operation to succeed within 60000ms.
2023-09-27T07:14:49.262Z [ 1300: 8516] A Tamper protection of the component MTR_SCM has been reset to:  OFF
2023-09-27T07:14:49.262Z [ 1300: 8516] W Failed composite step
2023-09-27T07:14:49.262Z [ 1300: 8516] A Execution failed
2023-09-27T07:14:49.262Z [ 1300: 8516] E Action failed
2023-09-27T07:14:49.262Z [ 1300: 8516] A End product setup

MTR service stopped afterwards:



This thread was automatically locked due to age.
Parents
  • 0

    several reboots and attempts to re-update failed. It will always fail at interaction with the service, that is exists but is not running:

    2023-09-27T09:18:47.273Z [14060:18836] A Executing step: Start tamper-protected service step: Sophos Managed Threat Response
    2023-09-27T09:18:47.274Z [14060:18836] I Querying configuration of service: Sophos Managed Threat Response
    2023-09-27T09:19:17.670Z [14060:18836] E Exception starting tamper protected service: StartService failed with error 1053: Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
    2023-09-27T09:19:17.671Z [14060:18836] W Cannot determine service PID; service is in invalid state: 1
    2023-09-27T09:19:17.672Z [14060:18836] I StopCommand key was set
    2023-09-27T09:19:17.673Z [14060:18836] I Waiting 60000ms for service stop
    2023-09-27T09:19:17.673Z [14060:18836] I Waiting for operation to succeed within 60000ms.
    2023-09-27T09:19:17.673Z [14060:18836] I Service has stopped.
    2023-09-27T09:19:17.674Z [14060:18836] I StopCommand key was removed
    2023-09-27T09:19:17.675Z [14060:18836] W StartService failed with error 1053: Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
    2023-09-27T09:19:17.675Z [14060:18836] E Failed step: Start tamper-protected service step: Sophos Managed Threat Response, rolling back previous steps
    2023-09-27T09:19:17.675Z [14060:18836] A Rolling back step: MTR add remove program key installer

    need to reinstall the whole Sophos Endpoint because only the MTR service will not start.

  • 0 in reply to LHerzog

    even after EP uninstall, reboot, MTR component fails to install. any idea?

    2023-09-27T09:58:36.497Z [12848:14412] I Loading attested files from: 'C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\livequery64\integrity.dat'
2023-09-27T09:58:36.608Z [12848:14412] I Successfully established interface IProductSetup2.
2023-09-27T09:58:37.849Z [12848:14412] I Reboot state: 0
2023-09-27T09:58:37.849Z [12848:14412] I Successfully installed product LiveQuery64 4.0.0.442.
2023-09-27T09:58:37.8614698Z INFO : Installed Sophos Live Query for Windows (64-bit) v4.0.0.442: 0 (reboot code: 0)
2023-09-27T09:58:37.8639245Z INFO : Data folder: C:\\ProgramData\\Sophos\\AutoUpdate\\data
2023-09-27T09:58:37.8684507Z INFO : Overwriting state file C:\\ProgramData\\Sophos\\AutoUpdate\\data\\status\\SophosUpdateStatus.xml
2023-09-27T09:58:37.8725127Z INFO : Writing XML for the state of the components
2023-09-27T09:58:37.8761341Z INFO : Writing state CRTSETUP to registry.
2023-09-27T09:58:37.8786628Z INFO : Writing state UNINSTALLER64 to registry.
2023-09-27T09:58:37.8812671Z INFO : Writing state SED64 to registry.
2023-09-27T09:58:37.8844078Z INFO : Writing state MCS to registry.
2023-09-27T09:58:37.8864047Z INFO : Writing state SSE64 to registry.
2023-09-27T09:58:37.8893962Z INFO : Writing state SFS64 to registry.
2023-09-27T09:58:37.8922132Z INFO : Writing state SHS to registry.
2023-09-27T09:58:37.8946838Z INFO : Writing state UI64 to registry.
2023-09-27T09:58:37.8974275Z INFO : Writing state AMSI64 to registry.
2023-09-27T09:58:37.8993687Z INFO : Writing state SME64 to registry.
2023-09-27T09:58:37.9026642Z INFO : Writing state ESH64 to registry.
2023-09-27T09:58:37.9053541Z INFO : Writing state LIVETERMINAL64 to registry.
2023-09-27T09:58:37.9083439Z INFO : Writing state EFW64 to registry.
2023-09-27T09:58:37.9109207Z INFO : Writing state ENCRYPTION to registry.
2023-09-27T09:58:37.9134875Z INFO : Writing state LiveQuery64 to registry.
2023-09-27T09:58:37.9171009Z INFO : Writing state MTR64 to registry.
2023-09-27T09:58:37.9203119Z INFO : Writing state NTP64 to registry.
2023-09-27T09:58:37.9233061Z INFO : Writing state SDU64 to registry.
2023-09-27T09:58:37.9259020Z INFO : Writing state HMPA64 to registry.
2023-09-27T09:58:37.9284868Z INFO : Writing state SAUXG to registry.
2023-09-27T09:58:37.9311215Z INFO : Cache folder: C:\\ProgramData\\Sophos\\AutoUpdate\\cache
2023-09-27T09:58:38.1206137Z INFO : Checking manifest:C:\\ProgramData\\Sophos\\AutoUpdate\\Cache\\decoded\\mtr64\\manifest.dat
2023-09-27T09:58:38.3469896Z INFO : Installing Component: Sophos Managed Threat Response for Windows (64-bit) v2.4.0.59
2023-09-27T09:58:38.3489832Z INFO : setupDll='setup64.dll'; setupExe='su-setup64.exe'.
2023-09-27T09:58:38.464Z [13956:11004] I Loading attested files from: 'C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\integrity.dat'
2023-09-27T09:58:38.468Z [13956:11004] I Loading attested files from: 'C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\scm_integrity.dat'
2023-09-27T09:58:38.553Z [13956:11004] I Successfully established interface IProductSetup2.
2023-09-27T09:59:09.913Z [13956:11004] I Reboot state: 0
2023-09-27T09:59:09.913Z [13956:11004] W Failed to install product MTR64 2.4.0.59.
2023-09-27T09:59:09.9202860Z ERROR : su-setup: exit 1
2023-09-27T09:59:09.9223754Z INFO : Installed Sophos Managed Threat Response for Windows (64-bit) v2.4.0.59: -2147213568 (reboot code: 0)
2023-09-27T10:01:10.0742043Z INFO : setupDll='setup64.dll'; setupExe='su-setup64.exe'.
2023-09-27T10:01:10.178Z [ 6664: 9884] I Loading attested files from: 'C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\integrity.dat'
2023-09-27T10:01:10.182Z [ 6664: 9884] I Loading attested files from: 'C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\scm_integrity.dat'
2023-09-27T10:01:10.229Z [ 6664: 9884] I Successfully established interface IProductSetup2.
2023-09-27T10:01:41.577Z [ 6664: 9884] I Reboot state: 0
2023-09-27T10:01:41.578Z [ 6664: 9884] W Failed to install product MTR64 2.4.0.59.
2023-09-27T10:01:41.5907708Z ERROR : su-setup: exit 1
2023-09-27T10:01:41.5933200Z INFO : Installed Sophos Managed Threat Response for Windows (64-bit) v2.4.0.59: -2147213568 (reboot code: 0)
2023-09-27T10:05:41.7421683Z INFO : setupDll='setup64.dll'; setupExe='su-setup64.exe'.
2023-09-27T10:05:41.834Z [ 7656: 2644] I Loading attested files from: 'C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\integrity.dat'
2023-09-27T10:05:41.838Z [ 7656: 2644] I Loading attested files from: 'C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\scm_integrity.dat'
2023-09-27T10:05:41.882Z [ 7656: 2644] I Successfully established interface IProductSetup2.
2023-09-27T10:06:13.190Z [ 7656: 2644] I Reboot state: 0
2023-09-27T10:06:13.190Z [ 7656: 2644] W Failed to install product MTR64 2.4.0.59.
2023-09-27T10:06:13.1988365Z ERROR : su-setup: exit 1
2023-09-27T10:06:13.2010498Z INFO : Installed Sophos Managed Threat Response for Windows (64-bit) v2.4.0.59: -2147213568 (reboot code: 0)
2023-09-27T10:06:13.2036899Z ERROR : Installation failed

    2023-09-27T10:09:52.881Z [ 9244:12040] A Begin product setup
2023-09-27T10:09:52.881Z [ 9244:12040] A Begin install
2023-09-27T10:09:52.885Z [ 9244:12040] A Executing step: Stop service step without disabling tamper protection for service: Sophos Managed Threat Response
2023-09-27T10:09:52.886Z [ 9244:12040] I Service Sophos Managed Threat Response does not exist.
2023-09-27T10:09:52.886Z [ 9244:12040] A Executing step: Delete service step: Sophos Managed Threat Response
2023-09-27T10:09:52.886Z [ 9244:12040] I Querying configuration of service: Sophos Managed Threat Response
2023-09-27T10:09:52.886Z [ 9244:12040] I Query Service: Service Sophos Managed Threat Response does not exist.
2023-09-27T10:09:52.886Z [ 9244:12040] I Service Sophos Managed Threat Response does not exist.
2023-09-27T10:09:52.887Z [ 9244:12040] A Executing step: MTR install directories
2023-09-27T10:09:52.887Z [ 9244:12040] A Executing step: Create directory C:\Program Files\Sophos\Managed Threat Response and all parent directories
2023-09-27T10:09:52.887Z [ 9244:12040] A Executing step: Create directory C:\ProgramData\Sophos\Managed Threat Response and all parent directories
2023-09-27T10:09:52.887Z [ 9244:12040] W C:\ProgramData\Sophos\Managed Threat Response exists at a stage where it is expected to be created for the first time. Deleting directory and creating a new instance.
2023-09-27T10:09:52.892Z [ 9244:12040] I Existing security permissions before resetting permissions: D:AI(A;OICIID;FA;;;SY)(A;OICIID;FA;;;BA)(A;OICIID;FR;;;BU)
2023-09-27T10:09:52.893Z [ 9244:12040] A Executing step: Create directory C:\ProgramData\Sophos\Certificates\Managed Threat Response and all parent directories
2023-09-27T10:09:52.894Z [ 9244:12040] A Executing step: Create directory C:\ProgramData\Sophos\Managed Threat Response\Config and all parent directories
2023-09-27T10:09:52.895Z [ 9244:12040] A Executing step: Create directory C:\ProgramData\Sophos\Managed Threat Response\Logs and all parent directories
2023-09-27T10:09:52.897Z [ 9244:12040] A Executing step: Install service step: Sophos Managed Threat Response
2023-09-27T10:09:52.900Z [ 9244:12040] A Executing step: Tamper protection will be updated for the main component, if rollback is triggered.
2023-09-27T10:09:52.900Z [ 9244:12040] A Tamper protection main component key does not exist. Nothing to be done, if rollback is triggered.
2023-09-27T10:09:52.900Z [ 9244:12040] A Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\integrity.dat, C:\Program Files\Sophos\Managed Threat Response\integrity.dat)
2023-09-27T10:09:52.901Z [ 9244:12040] A Executing step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Components\MTR, 64)
2023-09-27T10:09:52.901Z [ 9244:12040] A Executing step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Services\Sophos Managed Threat Response, 64)
2023-09-27T10:09:52.902Z [ 9244:12040] A Executing step: Tamper protection will be updated for the main component.
2023-09-27T10:09:52.905Z [ 9244:12040] I Waiting for operation to succeed within 60000ms.
2023-09-27T10:09:52.905Z [ 9244:12040] I Tamper protection for the main component has been updated.
2023-09-27T10:09:52.905Z [ 9244:12040] A Executing step: MTR adapter installer
2023-09-27T10:09:52.905Z [ 9244:12040] A Executing step: DeleteRegistryKey(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters\MDR, 32)
2023-09-27T10:09:52.905Z [ 9244:12040] A Executing step: WaitForLockedFile(C:\Program Files\Sophos\Managed Threat Response\MTRAdapter.dll, 60, WaitOnInstallToUnlock)
2023-09-27T10:09:52.905Z [ 9244:12040] I Waiting for operation to succeed within 60000ms.
2023-09-27T10:09:52.905Z [ 9244:12040] A Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\MTRAdapter.dll, C:\Program Files\Sophos\Managed Threat Response\MTRAdapter.dll)
2023-09-27T10:09:52.908Z [ 9244:12040] A Executing step: WaitForLockedFile(C:\Program Files\Sophos\Managed Threat Response\MTRAdapter.dll, 60, WaitOnRollbackToUnlock)
2023-09-27T10:09:52.908Z [ 9244:12040] A Executing step: CreateRegistryKey(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters\MDR, 32)
2023-09-27T10:09:52.909Z [ 9244:12040] A Executing step: SetRegistryValue(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters\MDR, 32, DllPath, C:\Program Files\Sophos\Managed Threat Response\MTRAdapter.dll)
2023-09-27T10:09:52.909Z [ 9244:12040] A Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\SophosMTR.exe, C:\Program Files\Sophos\Managed Threat Response\SophosMTR.exe)
2023-09-27T10:09:52.919Z [ 9244:12040] A Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\SophosMTRUninstall.exe, C:\Program Files\Sophos\Managed Threat Response\SophosMTRUninstall.exe)
2023-09-27T10:09:52.922Z [ 9244:12040] A Executing step: Trickbot protection key install steps forSophosMTRUninstall.exe
2023-09-27T10:09:52.922Z [ 9244:12040] A Executing step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosMTRUninstall.exe, 0)
2023-09-27T10:09:52.922Z [ 9244:12040] A Executing step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosMTRUninstall.exe, 0)
2023-09-27T10:09:52.923Z [ 9244:12040] A Executing step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTRUninstall.exe, 64)
2023-09-27T10:09:52.923Z [ 9244:12040] A Executing step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTRUninstall.exe, 64)
2023-09-27T10:09:52.923Z [ 9244:12040] A Executing step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTRUninstall.exe, 32)
2023-09-27T10:09:52.923Z [ 9244:12040] A Executing step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTRUninstall.exe, 32)
2023-09-27T10:09:52.923Z [ 9244:12040] A Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\certificate.crt, C:\ProgramData\Sophos\Certificates\Managed Threat Response\certificate.crt)
2023-09-27T10:09:52.926Z [ 9244:12040] A Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\NOTICE.txt, C:\Program Files\Sophos\Managed Threat Response\NOTICE.txt)
2023-09-27T10:09:52.930Z [ 9244:12040] A Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\SophosMTR_NOTICE.txt, C:\Program Files\Sophos\Managed Threat Response\SophosMTR_NOTICE.txt)
2023-09-27T10:09:52.932Z [ 9244:12040] A Executing step: Trickbot protection key install steps forSophosMTR.exe
2023-09-27T10:09:52.933Z [ 9244:12040] A Executing step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosMTR.exe, 0)
2023-09-27T10:09:52.933Z [ 9244:12040] A Executing step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosMTR.exe, 0)
2023-09-27T10:09:52.933Z [ 9244:12040] A Executing step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTR.exe, 64)
2023-09-27T10:09:52.933Z [ 9244:12040] A Executing step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTR.exe, 64)
2023-09-27T10:09:52.933Z [ 9244:12040] A Executing step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTR.exe, 32)
2023-09-27T10:09:52.933Z [ 9244:12040] A Executing step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTR.exe, 32)
2023-09-27T10:09:52.933Z [ 9244:12040] A Executing step: MTR add remove program key installer
2023-09-27T10:09:52.933Z [ 9244:12040] A Executing step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64)
2023-09-27T10:09:52.933Z [ 9244:12040] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64, DisplayName, Sophos Managed Threat Response)
2023-09-27T10:09:52.934Z [ 9244:12040] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64, DisplayVersion, 2.4.0.53)
2023-09-27T10:09:52.934Z [ 9244:12040] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64, Publisher, Sophos Limited)
2023-09-27T10:09:52.934Z [ 9244:12040] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64, SystemComponent, 1)
2023-09-27T10:09:52.934Z [ 9244:12040] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64, UninstallString, "C:\Program Files\Sophos\Managed Threat Response\SophosMTRUninstall.exe")
2023-09-27T10:09:52.934Z [ 9244:12040] A Executing step: Start tamper-protected service step: Sophos Managed Threat Response
2023-09-27T10:09:52.934Z [ 9244:12040] I Querying configuration of service: Sophos Managed Threat Response
2023-09-27T10:10:23.030Z [ 9244:12040] E Exception starting tamper protected service: StartService failed with error 1053: Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
2023-09-27T10:10:23.032Z [ 9244:12040] W Cannot determine service PID; service is in invalid state: 1
2023-09-27T10:10:23.033Z [ 9244:12040] I StopCommand key was set
2023-09-27T10:10:23.034Z [ 9244:12040] I Waiting 60000ms for service stop
2023-09-27T10:10:23.034Z [ 9244:12040] I Waiting for operation to succeed within 60000ms.
2023-09-27T10:10:23.034Z [ 9244:12040] I Service has stopped.
2023-09-27T10:10:23.035Z [ 9244:12040] I StopCommand key was removed
2023-09-27T10:10:23.036Z [ 9244:12040] W StartService failed with error 1053: Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
2023-09-27T10:10:23.036Z [ 9244:12040] E Failed step: Start tamper-protected service step: Sophos Managed Threat Response, rolling back previous steps
2023-09-27T10:10:23.036Z [ 9244:12040] A Rolling back step: MTR add remove program key installer
2023-09-27T10:10:23.036Z [ 9244:12040] A Rolling back step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64, UninstallString, "C:\Program Files\Sophos\Managed Threat Response\SophosMTRUninstall.exe")
2023-09-27T10:10:23.037Z [ 9244:12040] A Rolling back step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64, SystemComponent, 1)
2023-09-27T10:10:23.038Z [ 9244:12040] A Rolling back step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64, Publisher, Sophos Limited)
2023-09-27T10:10:23.038Z [ 9244:12040] A Rolling back step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64, DisplayVersion, 2.4.0.53)
2023-09-27T10:10:23.039Z [ 9244:12040] A Rolling back step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64, DisplayName, Sophos Managed Threat Response)
2023-09-27T10:10:23.040Z [ 9244:12040] A Rolling back step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64)
2023-09-27T10:10:23.040Z [ 9244:12040] A Rolling back step: Trickbot protection key install steps forSophosMTR.exe
2023-09-27T10:10:23.041Z [ 9244:12040] A Rolling back step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTR.exe, 32)
2023-09-27T10:10:23.041Z [ 9244:12040] A Rolling back step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTR.exe, 32)
2023-09-27T10:10:23.042Z [ 9244:12040] A Rolling back step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTR.exe, 64)
2023-09-27T10:10:23.042Z [ 9244:12040] A Rolling back step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTR.exe, 64)
2023-09-27T10:10:23.043Z [ 9244:12040] A Rolling back step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosMTR.exe, 0)
2023-09-27T10:10:23.043Z [ 9244:12040] A Rolling back step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosMTR.exe, 0)
2023-09-27T10:10:23.044Z [ 9244:12040] A Rolling back step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\SophosMTR_NOTICE.txt, C:\Program Files\Sophos\Managed Threat Response\SophosMTR_NOTICE.txt)
2023-09-27T10:10:23.047Z [ 9244:12040] A Rolling back step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\NOTICE.txt, C:\Program Files\Sophos\Managed Threat Response\NOTICE.txt)
2023-09-27T10:10:23.049Z [ 9244:12040] A Rolling back step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\certificate.crt, C:\ProgramData\Sophos\Certificates\Managed Threat Response\certificate.crt)
2023-09-27T10:10:23.053Z [ 9244:12040] A Rolling back step: Trickbot protection key install steps forSophosMTRUninstall.exe
2023-09-27T10:10:23.054Z [ 9244:12040] A Rolling back step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTRUninstall.exe, 32)
2023-09-27T10:10:23.054Z [ 9244:12040] A Rolling back step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTRUninstall.exe, 32)
2023-09-27T10:10:23.054Z [ 9244:12040] A Rolling back step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTRUninstall.exe, 64)
2023-09-27T10:10:23.055Z [ 9244:12040] A Rolling back step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTRUninstall.exe, 64)
2023-09-27T10:10:23.055Z [ 9244:12040] A Rolling back step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosMTRUninstall.exe, 0)
2023-09-27T10:10:23.055Z [ 9244:12040] A Rolling back step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosMTRUninstall.exe, 0)
2023-09-27T10:10:23.056Z [ 9244:12040] A Rolling back step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\SophosMTRUninstall.exe, C:\Program Files\Sophos\Managed Threat Response\SophosMTRUninstall.exe)
2023-09-27T10:10:23.057Z [ 9244:12040] A Rolling back step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\SophosMTR.exe, C:\Program Files\Sophos\Managed Threat Response\SophosMTR.exe)
2023-09-27T10:10:23.068Z [ 9244:12040] W DeleteFile: C:\Program Files\Sophos\Managed Threat Response\SophosMTR.exe, failed with error 5: Zugriff verweigert
2023-09-27T10:10:23.071Z [ 9244:12040] A Rolling back step: MTR adapter installer
2023-09-27T10:10:23.071Z [ 9244:12040] A Rolling back step: SetRegistryValue(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters\MDR, 32, DllPath, C:\Program Files\Sophos\Managed Threat Response\MTRAdapter.dll)
2023-09-27T10:10:23.071Z [ 9244:12040] A Rolling back step: CreateRegistryKey(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters\MDR, 32)
2023-09-27T10:10:23.071Z [ 9244:12040] A Rolling back step: WaitForLockedFile(C:\Program Files\Sophos\Managed Threat Response\MTRAdapter.dll, 60, WaitOnRollbackToUnlock)
2023-09-27T10:10:23.072Z [ 9244:12040] I Waiting for operation to succeed within 60000ms.
2023-09-27T10:10:23.186Z [ 9244:12040] I Retrying operation. Counter: 1
2023-09-27T10:10:23.186Z [ 9244:12040] A Rolling back step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\MTRAdapter.dll, C:\Program Files\Sophos\Managed Threat Response\MTRAdapter.dll)
2023-09-27T10:10:23.187Z [ 9244:12040] A Rolling back step: WaitForLockedFile(C:\Program Files\Sophos\Managed Threat Response\MTRAdapter.dll, 60, WaitOnInstallToUnlock)
2023-09-27T10:10:23.187Z [ 9244:12040] A Rolling back step: DeleteRegistryKey(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters\MDR, 32)
2023-09-27T10:10:23.187Z [ 9244:12040] A Rolling back step: Tamper protection will be updated for the main component.
2023-09-27T10:10:23.187Z [ 9244:12040] A Rolling back step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Services\Sophos Managed Threat Response, 64)
2023-09-27T10:10:23.187Z [ 9244:12040] A Rolling back step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Components\MTR, 64)
2023-09-27T10:10:23.188Z [ 9244:12040] A Rolling back step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\integrity.dat, C:\Program Files\Sophos\Managed Threat Response\integrity.dat)
2023-09-27T10:10:23.189Z [ 9244:12040] A Rolling back step: Tamper protection will be updated for the main component, if rollback is triggered.
2023-09-27T10:10:23.189Z [ 9244:12040] I Nothing to be done at Rollback. Tamper protection for the main component was off.
2023-09-27T10:10:23.189Z [ 9244:12040] A Rolling back step: Install service step: Sophos Managed Threat Response
2023-09-27T10:10:23.190Z [ 9244:12040] I Waiting 60000ms for service deletion
2023-09-27T10:10:23.190Z [ 9244:12040] I Waiting for operation to succeed within 60000ms.
2023-09-27T10:10:23.190Z [ 9244:12040] W Service still exists, waiting...
2023-09-27T10:10:24.195Z [ 9244:12040] I Retrying operation. Counter: 1
2023-09-27T10:10:24.196Z [ 9244:12040] A Successfully deleted service: Sophos Managed Threat Response
2023-09-27T10:10:24.196Z [ 9244:12040] A Rolling back step: MTR install directories
2023-09-27T10:10:24.196Z [ 9244:12040] A Rolling back step: Create directory C:\ProgramData\Sophos\Managed Threat Response\Logs and all parent directories
2023-09-27T10:10:24.199Z [ 9244:12040] A Rolling back step: Create directory C:\ProgramData\Sophos\Managed Threat Response\Config and all parent directories
2023-09-27T10:10:24.200Z [ 9244:12040] A Rolling back step: Create directory C:\ProgramData\Sophos\Certificates\Managed Threat Response and all parent directories
2023-09-27T10:10:24.202Z [ 9244:12040] A Rolling back step: Create directory C:\ProgramData\Sophos\Managed Threat Response and all parent directories
2023-09-27T10:10:24.206Z [ 9244:12040] A Rolling back step: Create directory C:\Program Files\Sophos\Managed Threat Response and all parent directories
2023-09-27T10:10:24.208Z [ 9244:12040] A Rolling back step: Delete service step: Sophos Managed Threat Response
2023-09-27T10:10:24.208Z [ 9244:12040] A No information acquired for the service, so no action at Rollback
2023-09-27T10:10:24.209Z [ 9244:12040] A Rolling back step: Stop service step without disabling tamper protection for service: Sophos Managed Threat Response
2023-09-27T10:10:24.209Z [ 9244:12040] I Service was already missing or stopped
2023-09-27T10:10:24.209Z [ 9244:12040] W Failed composite step
2023-09-27T10:10:24.210Z [ 9244:12040] A Execution failed
2023-09-27T10:10:24.210Z [ 9244:12040] E Action failed
2023-09-27T10:10:24.210Z [ 9244:12040] A End product setup

Reply Children
No Data
Unfiltered HTML
Help Us Improve The Community
Unfiltered HTML