MTR Update failure v2.4.0.59

Question

happens today: 
 C:\ProgramData\Sophos\AutoUpdate\Logs\SophosUpdate.log 
 2023-09-27T07:14:15.702Z [ 9848:13456] I Installing component MTR64 (MTR64) 2.4.0.59 2023-09-27T07:14:15.889Z [ 9848:13456] I setupDll='C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\setup64.dll'; setupExe='C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\su-setup64.exe'. 2023-09-27T07:14:15.890Z [ 9848:13456] I Enabling same AM-PPL protection level as parent for child process 2023-09-27T07:14:15.995Z [ 1300: 8516] I Loading attested files from: 'C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\integrity.dat' 2023-09-27T07:14:16.002Z [ 1300: 8516] I Loading attested files from: 'C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\scm_integrity.dat' 2023-09-27T07:14:16.083Z [ 1300: 8516] I Successfully established interface IProductSetup2. 2023-09-27T07:14:49.262Z [ 1300: 8516] I Reboot state: 0 2023-09-27T07:14:49.262Z [ 1300: 8516] W Failed to install product MTR64. 2023-09-27T07:14:49.271Z [ 9848:13456] E su-setup: exit 1 2023-09-27T07:14:49.272Z [ 9848:13456] E [SAU] Failed to install product MTR64 (MTR64) 2.4.0.59 
 C:\ProgramData\Sophos\Managed Threat Response\Logs\dbos.log 
 {"level":"info","timestamp":"2023-09-27T09:08:39.393+0200","pkg":"sophos.logger","msg":"logging configured","fileName":"C:\ProgramData\Sophos\Managed Threat Response\Logs\dbos.log","maxSizeMB":10,"maxBackups":3,"level":"info","maxAgeInDays":30} {"level":"info","timestamp":"2023-09-27T09:08:39.554+0200","pkg":"sophos","msg":"Sophos Managed Threat Response","version":"'2.4.0.41'","Commit":"'8c839de0cf0f5d41a35693344d1d445879b7c915'"} {"level":"info","timestamp":"2023-09-27T09:08:39.555+0200","pkg":"sophos.logger","msg":"logging configured","fileName":"C:\ProgramData\Sophos\Managed Threat Response\Logs\dbos.log","maxSizeMB":10,"maxBackups":3,"level":"info","maxAgeInDays":30} {"level":"info","timestamp":"2023-09-27T09:08:39.559+0200","pkg":"sophos.logger","msg":"default logger updated"} {"level":"fatal","timestamp":"2023-09-27T09:08:39.559+0200","pkg":"sophos","msg":"error loading service","error":"Der Dienstprozess konnte keine Verbindung mit dem Dienstcontroller herstellen."} {"level":"info","timestamp":"2023-09-27T09:15:14.713+0200","pkg":"sophos.logger","msg":"logging configured","fileName":"C:\ProgramData\Sophos\Managed Threat Response\Logs\dbos.log","maxSizeMB":10,"maxBackups":3,"level":"info","maxAgeInDays":30} {"level":"info","timestamp":"2023-09-27T09:15:14.884+0200","pkg":"sophos","msg":"Sophos Managed Threat Response","version":"'2.4.0.41'","Commit":"'8c839de0cf0f5d41a35693344d1d445879b7c915'"} {"level":"info","timestamp":"2023-09-27T09:15:14.884+0200","pkg":"sophos.logger","msg":"logging configured","fileName":"C:\ProgramData\Sophos\Managed Threat Response\Logs\dbos.log","maxSizeMB":10,"maxBackups":3,"level":"info","maxAgeInDays":30} {"level":"info","timestamp":"2023-09-27T09:15:14.889+0200","pkg":"sophos.logger","msg":"default logger updated"} {"level":"fatal","timestamp":"2023-09-27T09:15:14.889+0200","pkg":"sophos","msg":"error loading service","error":"Der Dienstprozess konnte keine Verbindung mit dem Dienstcontroller herstellen."} 
 C:\Windows\Temp\Sophos MTR Install Log 2023-09-27 07-14-16Z.txt 
 2023-09-27T07:14:16.083Z [ 1300: 8516] A Begin product setup
2023-09-27T07:14:16.083Z [ 1300: 8516] A Begin install
2023-09-27T07:14:16.092Z [ 1300: 8516] I Verbose level was not set in ImagePath, not carrying over to post upgrade
2023-09-27T07:14:16.092Z [ 1300: 8516] A Executing step: Tamper protection of the MTR_SCM component will be set to: OFF
2023-09-27T07:14:16.096Z [ 1300: 8516] I Waiting for operation to succeed within 60000ms.
2023-09-27T07:14:16.096Z [ 1300: 8516] A Tamper protection of the MTR_SCM component has been set to: OFF
2023-09-27T07:14:16.096Z [ 1300: 8516] A Executing step: Stop service step without disabling tamper protection for service: Sophos Managed Threat Response
2023-09-27T07:14:16.096Z [ 1300: 8516] I Service Sophos Managed Threat Response already stopped.
2023-09-27T07:14:16.096Z [ 1300: 8516] A Executing step: Delete directory (C:\ProgramData\Sophos\Managed Threat Response\Data) and its contents, if any.
2023-09-27T07:14:16.096Z [ 1300: 8516] A Executing step: DeleteRegistryKey(HKLM\SOFTWARE\Sophos\Telemetry\Plugins\MTR, 32)
2023-09-27T07:14:16.096Z [ 1300: 8516] A Executing step: DeleteFile(C:\Program Files\Sophos\Managed Threat Response\SophosMTRTelemetry.exe)
2023-09-27T07:14:16.097Z [ 1300: 8516] A Executing step: Trickbot protection key install steps forSophosMTRTelemetry.exe
2023-09-27T07:14:16.097Z [ 1300: 8516] A Executing step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosMTRTelemetry.exe, 0)
2023-09-27T07:14:16.097Z [ 1300: 8516] A Executing step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTRTelemetry.exe, 64)
2023-09-27T07:14:16.097Z [ 1300: 8516] A Executing step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTRTelemetry.exe, 32)
2023-09-27T07:14:16.097Z [ 1300: 8516] A Executing step: Delete service step: Sophos Managed Threat Response
2023-09-27T07:14:16.097Z [ 1300: 8516] I Querying configuration of service: Sophos Managed Threat Response
2023-09-27T07:14:16.098Z [ 1300: 8516] I Waiting 60000ms for service deletion
2023-09-27T07:14:16.098Z [ 1300: 8516] I Waiting for operation to succeed within 60000ms.
2023-09-27T07:14:16.098Z [ 1300: 8516] W Service still exists, waiting...
2023-09-27T07:14:17.112Z [ 1300: 8516] I Retrying operation. Counter: 1
2023-09-27T07:14:17.112Z [ 1300: 8516] A Successfully deleted service: Sophos Managed Threat Response
2023-09-27T07:14:17.113Z [ 1300: 8516] A Executing step: MTR install directories
2023-09-27T07:14:17.113Z [ 1300: 8516] A Executing step: Create directory C:\Program Files\Sophos\Managed Threat Response and all parent directories
2023-09-27T07:14:17.113Z [ 1300: 8516] A Executing step: Create directory C:\ProgramData\Sophos\Managed Threat Response and all parent directories
2023-09-27T07:14:17.117Z [ 1300: 8516] I Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;LS)(A;OICI;FR;;;BU)
2023-09-27T07:14:17.126Z [ 1300: 8516] A Executing step: Create directory C:\ProgramData\Sophos\Certificates\Managed Threat Response and all parent directories
2023-09-27T07:14:17.127Z [ 1300: 8516] I Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;LS)(A;OICI;FR;;;BU)
2023-09-27T07:14:17.132Z [ 1300: 8516] A Executing step: Create directory C:\ProgramData\Sophos\Managed Threat Response\Config and all parent directories
2023-09-27T07:14:17.133Z [ 1300: 8516] I Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;LS)(A;OICI;FR;;;BU)
2023-09-27T07:14:17.136Z [ 1300: 8516] A Executing step: Create directory C:\ProgramData\Sophos\Managed Threat Response\Logs and all parent directories
2023-09-27T07:14:17.137Z [ 1300: 8516] I Existing security permissions before resetting permissions: D:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FA;;;LS)(A;OICI;FR;;;BU)
2023-09-27T07:14:17.141Z [ 1300: 8516] A Executing step: Install service step: Sophos Managed Threat Response
2023-09-27T07:14:17.150Z [ 1300: 8516] A Executing step: Tamper protection will be updated for the main component, if rollback is triggered.
2023-09-27T07:14:17.150Z [ 1300: 8516] A Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\integrity.dat, C:\Program Files\Sophos\Managed Threat Response\integrity.dat)
2023-09-27T07:14:17.155Z [ 1300: 8516] A Executing step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Components\MTR, 64)
2023-09-27T07:14:17.156Z [ 1300: 8516] A Executing step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Services\Sophos Managed Threat Response, 64)
2023-09-27T07:14:17.156Z [ 1300: 8516] A Executing step: Tamper protection will be updated for the main component.
2023-09-27T07:14:17.161Z [ 1300: 8516] I Waiting for operation to succeed within 60000ms.
2023-09-27T07:14:17.161Z [ 1300: 8516] I Tamper protection for the main component has been updated.
2023-09-27T07:14:17.161Z [ 1300: 8516] A Executing step: MTR adapter installer
2023-09-27T07:14:17.161Z [ 1300: 8516] A Executing step: DeleteRegistryKey(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters\MDR, 32)
2023-09-27T07:14:17.166Z [ 1300: 8516] A Executing step: WaitForLockedFile(C:\Program Files\Sophos\Managed Threat Response\MTRAdapter.dll, 60, WaitOnInstallToUnlock)
2023-09-27T07:14:17.166Z [ 1300: 8516] I Waiting for operation to succeed within 60000ms.
2023-09-27T07:14:17.268Z [ 1300: 8516] I Retrying operation. Counter: 1
2023-09-27T07:14:17.269Z [ 1300: 8516] A Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\MTRAdapter.dll, C:\Program Files\Sophos\Managed Threat Response\MTRAdapter.dll)
2023-09-27T07:14:17.278Z [ 1300: 8516] A Executing step: WaitForLockedFile(C:\Program Files\Sophos\Managed Threat Response\MTRAdapter.dll, 60, WaitOnRollbackToUnlock)
2023-09-27T07:14:17.278Z [ 1300: 8516] A Executing step: CreateRegistryKey(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters\MDR, 32)
2023-09-27T07:14:17.279Z [ 1300: 8516] A Executing step: SetRegistryValue(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters\MDR, 32, DllPath, C:\Program Files\Sophos\Managed Threat Response\MTRAdapter.dll)
2023-09-27T07:14:17.279Z [ 1300: 8516] A Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\SophosMTR.exe, C:\Program Files\Sophos\Managed Threat Response\SophosMTR.exe)
2023-09-27T07:14:17.299Z [ 1300: 8516] A Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\SophosMTRUninstall.exe, C:\Program Files\Sophos\Managed Threat Response\SophosMTRUninstall.exe)
2023-09-27T07:14:17.307Z [ 1300: 8516] A Executing step: Trickbot protection key install steps forSophosMTRUninstall.exe
2023-09-27T07:14:17.307Z [ 1300: 8516] A Executing step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosMTRUninstall.exe, 0)
2023-09-27T07:14:17.311Z [ 1300: 8516] A Executing step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosMTRUninstall.exe, 0)
2023-09-27T07:14:17.311Z [ 1300: 8516] A Executing step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTRUninstall.exe, 64)
2023-09-27T07:14:17.314Z [ 1300: 8516] A Executing step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTRUninstall.exe, 64)
2023-09-27T07:14:17.315Z [ 1300: 8516] A Executing step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTRUninstall.exe, 32)
2023-09-27T07:14:17.318Z [ 1300: 8516] A Executing step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTRUninstall.exe, 32)
2023-09-27T07:14:17.318Z [ 1300: 8516] A Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\certificate.crt, C:\ProgramData\Sophos\Certificates\Managed Threat Response\certificate.crt)
2023-09-27T07:14:17.326Z [ 1300: 8516] A Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\NOTICE.txt, C:\Program Files\Sophos\Managed Threat Response\NOTICE.txt)
2023-09-27T07:14:17.331Z [ 1300: 8516] A Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\SophosMTR_NOTICE.txt, C:\Program Files\Sophos\Managed Threat Response\SophosMTR_NOTICE.txt)
2023-09-27T07:14:17.339Z [ 1300: 8516] A Executing step: Trickbot protection key install steps forSophosMTR.exe
2023-09-27T07:14:17.339Z [ 1300: 8516] A Executing step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosMTR.exe, 0)
2023-09-27T07:14:17.343Z [ 1300: 8516] A Executing step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosMTR.exe, 0)
2023-09-27T07:14:17.343Z [ 1300: 8516] A Executing step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTR.exe, 64)
2023-09-27T07:14:17.348Z [ 1300: 8516] A Executing step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTR.exe, 64)
2023-09-27T07:14:17.348Z [ 1300: 8516] A Executing step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTR.exe, 32)
2023-09-27T07:14:17.352Z [ 1300: 8516] A Executing step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTR.exe, 32)
2023-09-27T07:14:17.352Z [ 1300: 8516] A Executing step: MTR add remove program key installer
2023-09-27T07:14:17.352Z [ 1300: 8516] A Executing step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64)
2023-09-27T07:14:17.352Z [ 1300: 8516] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64, DisplayName, Sophos Managed Threat Response)
2023-09-27T07:14:17.352Z [ 1300: 8516] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64, DisplayVersion, 2.4.0.53)
2023-09-27T07:14:17.352Z [ 1300: 8516] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64, Publisher, Sophos Limited)
2023-09-27T07:14:17.352Z [ 1300: 8516] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64, SystemComponent, 1)
2023-09-27T07:14:17.353Z [ 1300: 8516] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64, UninstallString, "C:\Program Files\Sophos\Managed Threat Response\SophosMTRUninstall.exe")
2023-09-27T07:14:17.353Z [ 1300: 8516] A Executing step: Start tamper-protected service step: Sophos Managed Threat Response
2023-09-27T07:14:17.353Z [ 1300: 8516] I Querying configuration of service: Sophos Managed Threat Response
2023-09-27T07:14:47.993Z [ 1300: 8516] E Exception starting tamper protected service: StartService failed with error 1053: Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
2023-09-27T07:14:47.994Z [ 1300: 8516] W Cannot determine service PID; service is in invalid state: 1
2023-09-27T07:14:47.995Z [ 1300: 8516] I StopCommand key was set
2023-09-27T07:14:47.995Z [ 1300: 8516] I Waiting 60000ms for service stop
2023-09-27T07:14:47.995Z [ 1300: 8516] I Waiting for operation to succeed within 60000ms.
2023-09-27T07:14:47.996Z [ 1300: 8516] I Service has stopped.
2023-09-27T07:14:47.996Z [ 1300: 8516] I StopCommand key was removed
2023-09-27T07:14:47.997Z [ 1300: 8516] W StartService failed with error 1053: Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
2023-09-27T07:14:47.997Z [ 1300: 8516] E Failed step: Start tamper-protected service step: Sophos Managed Threat Response, rolling back previous steps
2023-09-27T07:14:47.997Z [ 1300: 8516] A Rolling back step: MTR add remove program key installer
2023-09-27T07:14:47.997Z [ 1300: 8516] A Rolling back step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64, UninstallString, "C:\Program Files\Sophos\Managed Threat Response\SophosMTRUninstall.exe")
2023-09-27T07:14:47.997Z [ 1300: 8516] A Rolling back step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64, SystemComponent, 1)
2023-09-27T07:14:47.997Z [ 1300: 8516] A Rolling back step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64, Publisher, Sophos Limited)
2023-09-27T07:14:47.997Z [ 1300: 8516] A Rolling back step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64, DisplayVersion, 2.4.0.53)
2023-09-27T07:14:47.998Z [ 1300: 8516] A Rolling back step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64, DisplayName, Sophos Managed Threat Response)
2023-09-27T07:14:47.998Z [ 1300: 8516] A Rolling back step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64)
2023-09-27T07:14:47.998Z [ 1300: 8516] A Rolling back step: Trickbot protection key install steps forSophosMTR.exe
2023-09-27T07:14:47.998Z [ 1300: 8516] A Rolling back step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTR.exe, 32)
2023-09-27T07:14:47.999Z [ 1300: 8516] A Rolling back step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTR.exe, 32)
2023-09-27T07:14:48.006Z [ 1300: 8516] A Rolling back step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTR.exe, 64)
2023-09-27T07:14:48.007Z [ 1300: 8516] A Rolling back step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTR.exe, 64)
2023-09-27T07:14:48.012Z [ 1300: 8516] A Rolling back step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosMTR.exe, 0)
2023-09-27T07:14:48.012Z [ 1300: 8516] A Rolling back step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosMTR.exe, 0)
2023-09-27T07:14:48.019Z [ 1300: 8516] A Rolling back step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\SophosMTR_NOTICE.txt, C:\Program Files\Sophos\Managed Threat Response\SophosMTR_NOTICE.txt)
2023-09-27T07:14:48.026Z [ 1300: 8516] A Rolling back step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\NOTICE.txt, C:\Program Files\Sophos\Managed Threat Response\NOTICE.txt)
2023-09-27T07:14:48.031Z [ 1300: 8516] A Rolling back step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\certificate.crt, C:\ProgramData\Sophos\Certificates\Managed Threat Response\certificate.crt)
2023-09-27T07:14:48.041Z [ 1300: 8516] A Rolling back step: Trickbot protection key install steps forSophosMTRUninstall.exe
2023-09-27T07:14:48.041Z [ 1300: 8516] A Rolling back step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTRUninstall.exe, 32)
2023-09-27T07:14:48.042Z [ 1300: 8516] A Rolling back step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTRUninstall.exe, 32)
2023-09-27T07:14:48.045Z [ 1300: 8516] A Rolling back step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTRUninstall.exe, 64)
2023-09-27T07:14:48.046Z [ 1300: 8516] A Rolling back step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTRUninstall.exe, 64)
2023-09-27T07:14:48.050Z [ 1300: 8516] A Rolling back step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosMTRUninstall.exe, 0)
2023-09-27T07:14:48.051Z [ 1300: 8516] A Rolling back step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosMTRUninstall.exe, 0)
2023-09-27T07:14:48.056Z [ 1300: 8516] A Rolling back step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\SophosMTRUninstall.exe, C:\Program Files\Sophos\Managed Threat Response\SophosMTRUninstall.exe)
2023-09-27T07:14:48.060Z [ 1300: 8516] A Rolling back step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\SophosMTR.exe, C:\Program Files\Sophos\Managed Threat Response\SophosMTR.exe)
2023-09-27T07:14:48.073Z [ 1300: 8516] W DeleteFile: C:\Program Files\Sophos\Managed Threat Response\SophosMTR.exe, failed with error 5: Zugriff verweigert
2023-09-27T07:14:48.077Z [ 1300: 8516] A Rolling back step: MTR adapter installer
2023-09-27T07:14:48.078Z [ 1300: 8516] A Rolling back step: SetRegistryValue(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters\MDR, 32, DllPath, C:\Program Files\Sophos\Managed Threat Response\MTRAdapter.dll)
2023-09-27T07:14:48.078Z [ 1300: 8516] A Rolling back step: CreateRegistryKey(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters\MDR, 32)
2023-09-27T07:14:48.078Z [ 1300: 8516] A Rolling back step: WaitForLockedFile(C:\Program Files\Sophos\Managed Threat Response\MTRAdapter.dll, 60, WaitOnRollbackToUnlock)
2023-09-27T07:14:48.078Z [ 1300: 8516] I Waiting for operation to succeed within 60000ms.
2023-09-27T07:14:48.182Z [ 1300: 8516] I Retrying operation. Counter: 1
2023-09-27T07:14:48.183Z [ 1300: 8516] A Rolling back step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\MTRAdapter.dll, C:\Program Files\Sophos\Managed Threat Response\MTRAdapter.dll)
2023-09-27T07:14:48.189Z [ 1300: 8516] A Rolling back step: WaitForLockedFile(C:\Program Files\Sophos\Managed Threat Response\MTRAdapter.dll, 60, WaitOnInstallToUnlock)
2023-09-27T07:14:48.189Z [ 1300: 8516] A Rolling back step: DeleteRegistryKey(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters\MDR, 32)
2023-09-27T07:14:48.194Z [ 1300: 8516] A Rolling back step: Tamper protection will be updated for the main component.
2023-09-27T07:14:48.194Z [ 1300: 8516] A Rolling back step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Services\Sophos Managed Threat Response, 64)
2023-09-27T07:14:48.194Z [ 1300: 8516] A Rolling back step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Components\MTR, 64)
2023-09-27T07:14:48.194Z [ 1300: 8516] A Rolling back step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\integrity.dat, C:\Program Files\Sophos\Managed Threat Response\integrity.dat)
2023-09-27T07:14:48.202Z [ 1300: 8516] A Rolling back step: Tamper protection will be updated for the main component, if rollback is triggered.
2023-09-27T07:14:48.213Z [ 1300: 8516] I Waiting for operation to succeed within 60000ms.
2023-09-27T07:14:48.213Z [ 1300: 8516] I Tamper protection for the main component has been updated.
2023-09-27T07:14:48.213Z [ 1300: 8516] A Rolling back step: Install service step: Sophos Managed Threat Response
2023-09-27T07:14:48.215Z [ 1300: 8516] I Waiting 60000ms for service deletion
2023-09-27T07:14:48.215Z [ 1300: 8516] I Waiting for operation to succeed within 60000ms.
2023-09-27T07:14:48.215Z [ 1300: 8516] W Service still exists, waiting...
2023-09-27T07:14:49.225Z [ 1300: 8516] I Retrying operation. Counter: 1
2023-09-27T07:14:49.226Z [ 1300: 8516] A Successfully deleted service: Sophos Managed Threat Response
2023-09-27T07:14:49.226Z [ 1300: 8516] A Rolling back step: MTR install directories
2023-09-27T07:14:49.226Z [ 1300: 8516] A Rolling back step: Create directory C:\ProgramData\Sophos\Managed Threat Response\Logs and all parent directories
2023-09-27T07:14:49.230Z [ 1300: 8516] A Rolling back step: Create directory C:\ProgramData\Sophos\Managed Threat Response\Config and all parent directories
2023-09-27T07:14:49.235Z [ 1300: 8516] A Rolling back step: Create directory C:\ProgramData\Sophos\Certificates\Managed Threat Response and all parent directories
2023-09-27T07:14:49.239Z [ 1300: 8516] A Rolling back step: Create directory C:\ProgramData\Sophos\Managed Threat Response and all parent directories
2023-09-27T07:14:49.247Z [ 1300: 8516] A Rolling back step: Create directory C:\Program Files\Sophos\Managed Threat Response and all parent directories
2023-09-27T07:14:49.247Z [ 1300: 8516] A Rolling back step: Delete service step: Sophos Managed Threat Response
2023-09-27T07:14:49.253Z [ 1300: 8516] A Rolling back step: Trickbot protection key install steps forSophosMTRTelemetry.exe
2023-09-27T07:14:49.254Z [ 1300: 8516] A Rolling back step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTRTelemetry.exe, 32)
2023-09-27T07:14:49.254Z [ 1300: 8516] A Rolling back step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTRTelemetry.exe, 64)
2023-09-27T07:14:49.254Z [ 1300: 8516] A Rolling back step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosMTRTelemetry.exe, 0)
2023-09-27T07:14:49.254Z [ 1300: 8516] A Rolling back step: DeleteFile(C:\Program Files\Sophos\Managed Threat Response\SophosMTRTelemetry.exe)
2023-09-27T07:14:49.254Z [ 1300: 8516] A Rolling back step: DeleteRegistryKey(HKLM\SOFTWARE\Sophos\Telemetry\Plugins\MTR, 32)
2023-09-27T07:14:49.254Z [ 1300: 8516] A Rolling back step: Delete directory (C:\ProgramData\Sophos\Managed Threat Response\Data) and its contents, if any.
2023-09-27T07:14:49.255Z [ 1300: 8516] A Rolling back step: Stop service step without disabling tamper protection for service: Sophos Managed Threat Response
2023-09-27T07:14:49.255Z [ 1300: 8516] I Service was already missing or stopped
2023-09-27T07:14:49.255Z [ 1300: 8516] A Rolling back step: Tamper protection of the MTR_SCM component will be set to: OFF
2023-09-27T07:14:49.261Z [ 1300: 8516] I Waiting for operation to succeed within 60000ms.
2023-09-27T07:14:49.262Z [ 1300: 8516] A Tamper protection of the component MTR_SCM has been reset to: OFF
2023-09-27T07:14:49.262Z [ 1300: 8516] W Failed composite step
2023-09-27T07:14:49.262Z [ 1300: 8516] A Execution failed
2023-09-27T07:14:49.262Z [ 1300: 8516] E Action failed
2023-09-27T07:14:49.262Z [ 1300: 8516] A End product setup
 
 MTR service stopped afterwards:

LHerzog · Accepted Answer

Good, that Sophos is reducing the services and removes the extra MTR service. Thank you for that information. 
 I took a PML yesterday during a failed installation and could not really find something helpful. 
 One thing Support suggested was to increase

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control

ServicesPipeTimeout

The default is 30000 , I went to 90000 and started an update of the Endpoint. It succeeded. The Service seemed to start after ~46s according to the log. 
 Success log: 2023-09-28T09:54:24.505Z [ 7052: 2832] A Begin product setup
2023-09-28T09:54:24.505Z [ 7052: 2832] A Begin install
2023-09-28T09:54:24.509Z [ 7052: 2832] A Executing step: Stop service step without disabling tamper protection for service: Sophos Managed Threat Response
2023-09-28T09:54:24.510Z [ 7052: 2832] I Service Sophos Managed Threat Response does not exist.
2023-09-28T09:54:24.510Z [ 7052: 2832] A Executing step: Delete service step: Sophos Managed Threat Response
2023-09-28T09:54:24.511Z [ 7052: 2832] I Querying configuration of service: Sophos Managed Threat Response
2023-09-28T09:54:24.511Z [ 7052: 2832] I Query Service: Service Sophos Managed Threat Response does not exist.
2023-09-28T09:54:24.511Z [ 7052: 2832] I Service Sophos Managed Threat Response does not exist.
2023-09-28T09:54:24.511Z [ 7052: 2832] A Executing step: MTR install directories
2023-09-28T09:54:24.511Z [ 7052: 2832] A Executing step: Create directory C:\Program Files\Sophos\Managed Threat Response and all parent directories
2023-09-28T09:54:24.512Z [ 7052: 2832] A Executing step: Create directory C:\ProgramData\Sophos\Managed Threat Response and all parent directories
2023-09-28T09:54:24.512Z [ 7052: 2832] W C:\ProgramData\Sophos\Managed Threat Response exists at a stage where it is expected to be created for the first time. Deleting directory and creating a new instance.
2023-09-28T09:54:24.519Z [ 7052: 2832] I Existing security permissions before resetting permissions: D:AI(A;OICIID;FA;;;SY)(A;OICIID;FA;;;BA)(A;OICIID;FR;;;BU)
2023-09-28T09:54:24.520Z [ 7052: 2832] A Executing step: Create directory C:\ProgramData\Sophos\Certificates\Managed Threat Response and all parent directories
2023-09-28T09:54:24.522Z [ 7052: 2832] A Executing step: Create directory C:\ProgramData\Sophos\Managed Threat Response\Config and all parent directories
2023-09-28T09:54:24.523Z [ 7052: 2832] A Executing step: Create directory C:\ProgramData\Sophos\Managed Threat Response\Logs and all parent directories
2023-09-28T09:54:24.525Z [ 7052: 2832] A Executing step: Install service step: Sophos Managed Threat Response
2023-09-28T09:54:24.529Z [ 7052: 2832] A Executing step: Tamper protection will be updated for the main component, if rollback is triggered.
2023-09-28T09:54:24.529Z [ 7052: 2832] A Tamper protection main component key does not exist. Nothing to be done, if rollback is triggered.
2023-09-28T09:54:24.529Z [ 7052: 2832] A Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\integrity.dat, C:\Program Files\Sophos\Managed Threat Response\integrity.dat)
2023-09-28T09:54:24.532Z [ 7052: 2832] A Executing step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Components\MTR, 64)
2023-09-28T09:54:24.532Z [ 7052: 2832] A Executing step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Services\Sophos Managed Threat Response, 64)
2023-09-28T09:54:24.532Z [ 7052: 2832] A Executing step: Tamper protection will be updated for the main component.
2023-09-28T09:54:24.537Z [ 7052: 2832] I Waiting for operation to succeed within 60000ms.
2023-09-28T09:54:24.537Z [ 7052: 2832] I Tamper protection for the main component has been updated.
2023-09-28T09:54:24.537Z [ 7052: 2832] A Executing step: MTR adapter installer
2023-09-28T09:54:24.537Z [ 7052: 2832] A Executing step: DeleteRegistryKey(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters\MDR, 32)
2023-09-28T09:54:24.537Z [ 7052: 2832] A Executing step: WaitForLockedFile(C:\Program Files\Sophos\Managed Threat Response\MTRAdapter.dll, 60, WaitOnInstallToUnlock)
2023-09-28T09:54:24.537Z [ 7052: 2832] I Waiting for operation to succeed within 60000ms.
2023-09-28T09:54:24.538Z [ 7052: 2832] A Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\MTRAdapter.dll, C:\Program Files\Sophos\Managed Threat Response\MTRAdapter.dll)
2023-09-28T09:54:24.542Z [ 7052: 2832] A Executing step: WaitForLockedFile(C:\Program Files\Sophos\Managed Threat Response\MTRAdapter.dll, 60, WaitOnRollbackToUnlock)
2023-09-28T09:54:24.542Z [ 7052: 2832] A Executing step: CreateRegistryKey(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters\MDR, 32)
2023-09-28T09:54:24.543Z [ 7052: 2832] A Executing step: SetRegistryValue(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters\MDR, 32, DllPath, C:\Program Files\Sophos\Managed Threat Response\MTRAdapter.dll)
2023-09-28T09:54:24.543Z [ 7052: 2832] A Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\SophosMTR.exe, C:\Program Files\Sophos\Managed Threat Response\SophosMTR.exe)
2023-09-28T09:54:24.553Z [ 7052: 2832] A Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\SophosMTRUninstall.exe, C:\Program Files\Sophos\Managed Threat Response\SophosMTRUninstall.exe)
2023-09-28T09:54:24.557Z [ 7052: 2832] A Executing step: Trickbot protection key install steps forSophosMTRUninstall.exe
2023-09-28T09:54:24.557Z [ 7052: 2832] A Executing step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosMTRUninstall.exe, 0)
2023-09-28T09:54:24.558Z [ 7052: 2832] A Executing step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosMTRUninstall.exe, 0)
2023-09-28T09:54:24.558Z [ 7052: 2832] A Executing step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTRUninstall.exe, 64)
2023-09-28T09:54:24.558Z [ 7052: 2832] A Executing step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTRUninstall.exe, 64)
2023-09-28T09:54:24.558Z [ 7052: 2832] A Executing step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTRUninstall.exe, 32)
2023-09-28T09:54:24.558Z [ 7052: 2832] A Executing step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTRUninstall.exe, 32)
2023-09-28T09:54:24.559Z [ 7052: 2832] A Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\certificate.crt, C:\ProgramData\Sophos\Certificates\Managed Threat Response\certificate.crt)
2023-09-28T09:54:24.562Z [ 7052: 2832] A Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\NOTICE.txt, C:\Program Files\Sophos\Managed Threat Response\NOTICE.txt)
2023-09-28T09:54:24.566Z [ 7052: 2832] A Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\SophosMTR_NOTICE.txt, C:\Program Files\Sophos\Managed Threat Response\SophosMTR_NOTICE.txt)
2023-09-28T09:54:24.569Z [ 7052: 2832] A Executing step: Trickbot protection key install steps forSophosMTR.exe
2023-09-28T09:54:24.570Z [ 7052: 2832] A Executing step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosMTR.exe, 0)
2023-09-28T09:54:24.570Z [ 7052: 2832] A Executing step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosMTR.exe, 0)
2023-09-28T09:54:24.570Z [ 7052: 2832] A Executing step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTR.exe, 64)
2023-09-28T09:54:24.570Z [ 7052: 2832] A Executing step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTR.exe, 64)
2023-09-28T09:54:24.570Z [ 7052: 2832] A Executing step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTR.exe, 32)
2023-09-28T09:54:24.570Z [ 7052: 2832] A Executing step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTR.exe, 32)
2023-09-28T09:54:24.571Z [ 7052: 2832] A Executing step: MTR add remove program key installer
2023-09-28T09:54:24.571Z [ 7052: 2832] A Executing step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64)
2023-09-28T09:54:24.571Z [ 7052: 2832] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64, DisplayName, Sophos Managed Threat Response)
2023-09-28T09:54:24.571Z [ 7052: 2832] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64, DisplayVersion, 2.4.0.53)
2023-09-28T09:54:24.571Z [ 7052: 2832] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64, Publisher, Sophos Limited)
2023-09-28T09:54:24.572Z [ 7052: 2832] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64, SystemComponent, 1)
2023-09-28T09:54:24.572Z [ 7052: 2832] A Executing step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64, UninstallString, "C:\Program Files\Sophos\Managed Threat Response\SophosMTRUninstall.exe")
2023-09-28T09:54:24.572Z [ 7052: 2832] A Executing step: Start tamper-protected service step: Sophos Managed Threat Response
2023-09-28T09:54:24.572Z [ 7052: 2832] I Querying configuration of service: Sophos Managed Threat Response
2023-09-28T09:55:11.711Z [ 7052: 2832] I Waiting 60000ms for service to start.
2023-09-28T09:55:11.711Z [ 7052: 2832] I Waiting for operation to succeed within 60000ms.
2023-09-28T09:55:12.723Z [ 7052: 2832] I Retrying operation. Counter: 1
2023-09-28T09:55:12.724Z [ 7052: 2832] I The service is running.
2023-09-28T09:55:12.724Z [ 7052: 2832] A Executing step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\scm_integrity.dat, C:\Program Files\Sophos\Managed Threat Response\scm_integrity.dat)
2023-09-28T09:55:12.726Z [ 7052: 2832] A Executing step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Components\MTR_SCM, 64)
2023-09-28T09:55:12.727Z [ 7052: 2832] A Executing step: Tamper protection of the MTR_SCM component will be set to: ON
2023-09-28T09:55:12.730Z [ 7052: 2832] I Waiting for operation to succeed within 60000ms.
2023-09-28T09:55:12.730Z [ 7052: 2832] A Tamper protection of the MTR_SCM component has been set to: ON
2023-09-28T09:55:12.730Z [ 7052: 2832] A Commit step: Stop service step without disabling tamper protection for service: Sophos Managed Threat Response
2023-09-28T09:55:12.730Z [ 7052: 2832] A Commit step: Delete service step: Sophos Managed Threat Response
2023-09-28T09:55:12.730Z [ 7052: 2832] A Commit step: MTR install directories
2023-09-28T09:55:12.731Z [ 7052: 2832] A Commit step: Create directory C:\Program Files\Sophos\Managed Threat Response and all parent directories
2023-09-28T09:55:12.731Z [ 7052: 2832] A Commit step: Create directory C:\ProgramData\Sophos\Managed Threat Response and all parent directories
2023-09-28T09:55:12.731Z [ 7052: 2832] A Commit step: Create directory C:\ProgramData\Sophos\Certificates\Managed Threat Response and all parent directories
2023-09-28T09:55:12.731Z [ 7052: 2832] A Commit step: Create directory C:\ProgramData\Sophos\Managed Threat Response\Config and all parent directories
2023-09-28T09:55:12.731Z [ 7052: 2832] A Commit step: Create directory C:\ProgramData\Sophos\Managed Threat Response\Logs and all parent directories
2023-09-28T09:55:12.731Z [ 7052: 2832] A MTR install directories completed successfully.
2023-09-28T09:55:12.731Z [ 7052: 2832] A Commit step: Install service step: Sophos Managed Threat Response
2023-09-28T09:55:12.731Z [ 7052: 2832] A Commit step: Tamper protection will be updated for the main component, if rollback is triggered.
2023-09-28T09:55:12.731Z [ 7052: 2832] A Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\integrity.dat, C:\Program Files\Sophos\Managed Threat Response\integrity.dat)
2023-09-28T09:55:12.731Z [ 7052: 2832] A Commit step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Components\MTR, 64)
2023-09-28T09:55:12.731Z [ 7052: 2832] A Commit step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Services\Sophos Managed Threat Response, 64)
2023-09-28T09:55:12.731Z [ 7052: 2832] A Commit step: Tamper protection will be updated for the main component.
2023-09-28T09:55:12.732Z [ 7052: 2832] A Commit step: MTR adapter installer
2023-09-28T09:55:12.732Z [ 7052: 2832] A Commit step: DeleteRegistryKey(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters\MDR, 32)
2023-09-28T09:55:12.732Z [ 7052: 2832] A Commit step: WaitForLockedFile(C:\Program Files\Sophos\Managed Threat Response\MTRAdapter.dll, 60, WaitOnInstallToUnlock)
2023-09-28T09:55:12.732Z [ 7052: 2832] A Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\MTRAdapter.dll, C:\Program Files\Sophos\Managed Threat Response\MTRAdapter.dll)
2023-09-28T09:55:12.732Z [ 7052: 2832] A Commit step: WaitForLockedFile(C:\Program Files\Sophos\Managed Threat Response\MTRAdapter.dll, 60, WaitOnRollbackToUnlock)
2023-09-28T09:55:12.732Z [ 7052: 2832] A Commit step: CreateRegistryKey(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters\MDR, 32)
2023-09-28T09:55:12.732Z [ 7052: 2832] A Commit step: SetRegistryValue(HKLM\Software\Sophos\Remote Management System\ManagementAgent\Adapters\MDR, 32, DllPath, C:\Program Files\Sophos\Managed Threat Response\MTRAdapter.dll)
2023-09-28T09:55:12.732Z [ 7052: 2832] A MTR adapter installer completed successfully.
2023-09-28T09:55:12.732Z [ 7052: 2832] A Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\SophosMTR.exe, C:\Program Files\Sophos\Managed Threat Response\SophosMTR.exe)
2023-09-28T09:55:12.732Z [ 7052: 2832] A Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\SophosMTRUninstall.exe, C:\Program Files\Sophos\Managed Threat Response\SophosMTRUninstall.exe)
2023-09-28T09:55:12.732Z [ 7052: 2832] A Commit step: Trickbot protection key install steps forSophosMTRUninstall.exe
2023-09-28T09:55:12.732Z [ 7052: 2832] A Commit step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosMTRUninstall.exe, 0)
2023-09-28T09:55:12.732Z [ 7052: 2832] A Commit step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosMTRUninstall.exe, 0)
2023-09-28T09:55:12.732Z [ 7052: 2832] A Commit step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTRUninstall.exe, 64)
2023-09-28T09:55:12.733Z [ 7052: 2832] A Commit step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTRUninstall.exe, 64)
2023-09-28T09:55:12.733Z [ 7052: 2832] A Commit step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTRUninstall.exe, 32)
2023-09-28T09:55:12.733Z [ 7052: 2832] A Commit step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTRUninstall.exe, 32)
2023-09-28T09:55:12.733Z [ 7052: 2832] A Trickbot protection key install steps forSophosMTRUninstall.exe completed successfully.
2023-09-28T09:55:12.733Z [ 7052: 2832] A Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\certificate.crt, C:\ProgramData\Sophos\Certificates\Managed Threat Response\certificate.crt)
2023-09-28T09:55:12.733Z [ 7052: 2832] A Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\NOTICE.txt, C:\Program Files\Sophos\Managed Threat Response\NOTICE.txt)
2023-09-28T09:55:12.733Z [ 7052: 2832] A Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\SophosMTR_NOTICE.txt, C:\Program Files\Sophos\Managed Threat Response\SophosMTR_NOTICE.txt)
2023-09-28T09:55:12.733Z [ 7052: 2832] A Commit step: Trickbot protection key install steps forSophosMTR.exe
2023-09-28T09:55:12.733Z [ 7052: 2832] A Commit step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosMTR.exe, 0)
2023-09-28T09:55:12.733Z [ 7052: 2832] A Commit step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosMTR.exe, 0)
2023-09-28T09:55:12.733Z [ 7052: 2832] A Commit step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTR.exe, 64)
2023-09-28T09:55:12.733Z [ 7052: 2832] A Commit step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTR.exe, 64)
2023-09-28T09:55:12.733Z [ 7052: 2832] A Commit step: DeleteRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTR.exe, 32)
2023-09-28T09:55:12.733Z [ 7052: 2832] A Commit step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SophosMTR.exe, 32)
2023-09-28T09:55:12.734Z [ 7052: 2832] A Trickbot protection key install steps forSophosMTR.exe completed successfully.
2023-09-28T09:55:12.734Z [ 7052: 2832] A Commit step: MTR add remove program key installer
2023-09-28T09:55:12.734Z [ 7052: 2832] A Commit step: CreateRegistryKey(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64)
2023-09-28T09:55:12.734Z [ 7052: 2832] A Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64, DisplayName, Sophos Managed Threat Response)
2023-09-28T09:55:12.734Z [ 7052: 2832] A Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64, DisplayVersion, 2.4.0.53)
2023-09-28T09:55:12.734Z [ 7052: 2832] A Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64, Publisher, Sophos Limited)
2023-09-28T09:55:12.734Z [ 7052: 2832] A Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64, SystemComponent, 1)
2023-09-28T09:55:12.734Z [ 7052: 2832] A Commit step: SetRegistryValue(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos MTR, 64, UninstallString, "C:\Program Files\Sophos\Managed Threat Response\SophosMTRUninstall.exe")
2023-09-28T09:55:12.734Z [ 7052: 2832] A MTR add remove program key installer completed successfully.
2023-09-28T09:55:12.734Z [ 7052: 2832] A Commit step: Start tamper-protected service step: Sophos Managed Threat Response
2023-09-28T09:55:12.734Z [ 7052: 2832] A Commit step: CopyFile(C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mtr64\scm_integrity.dat, C:\Program Files\Sophos\Managed Threat Response\scm_integrity.dat)
2023-09-28T09:55:12.734Z [ 7052: 2832] A Commit step: CreateRegistryKey(HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Components\MTR_SCM, 64)
2023-09-28T09:55:12.734Z [ 7052: 2832] A Commit step: Tamper protection of the MTR_SCM component will be set to: ON
2023-09-28T09:55:12.734Z [ 7052: 2832] A MTR Install completed successfully.
2023-09-28T09:55:12.735Z [ 7052: 2832] A Action was successful, reboot is not required
2023-09-28T09:55:12.735Z [ 7052: 2832] A End product setup

MTR Update failure v2.4.0.59

Top Replies