This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can not install Sophos endpoint Protection ( Windows10 Client)

I am trying to install Sophos endpoint Protection using a fresh download of the installer Version 1.19 from Sophos on a fresh Windows10 Client.  This client is fully patched and updated and using TLS 1.2.  I have tried using Sophos Zap, I have tried all the registry tweaks for this issue and I am still unable to install it.  I have also moved the client PC outside our network with no firewall, different DNS servers and internet provider and it still won't install.  Below is the error message and log file from the failed install.  Thanks.

2024-02-29T21:24:51.4420662Z INFO : Running C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\SophosSetup-1660457163\\Setup.exe
2024-02-29T21:24:51.4420662Z INFO : Stage 1 command-line options:
2024-02-29T21:24:51.4420662Z INFO : ---
2024-02-29T21:24:51.4420662Z INFO : Quiet mode on: 0
2024-02-29T21:24:51.4420662Z INFO : Bypass ownership check: 0
2024-02-29T21:24:51.4420662Z INFO : Bypass ACS check: 0
2024-02-29T21:24:51.4420662Z INFO : Automatic Proxy detection disabled: 0
2024-02-29T21:24:51.4420662Z INFO : No feedback mode on: 0
2024-02-29T21:24:51.4420662Z INFO : Dump feedback enabled: 0
2024-02-29T21:24:51.4420662Z INFO : Bypass competitor removal: 0
2024-02-29T21:24:51.4420662Z INFO : Using CRT catalog file path: --
2024-02-29T21:24:51.4420662Z INFO : Only register endpoint with Central: 0
2024-02-29T21:24:51.4420662Z INFO : Log messages between endpoint and Central: 0
2024-02-29T21:24:51.4420662Z INFO : Log command-line passed to executables: 0
2024-02-29T21:24:51.4420662Z INFO : Using custom server that hosts the installer stage2 filename: --
2024-02-29T21:24:51.4575537Z INFO : Using cloud group: --
2024-02-29T21:24:51.4575537Z INFO : Overriding computer name: --
2024-02-29T21:24:51.4575537Z INFO : Overriding computer description: --
2024-02-29T21:24:51.4575537Z INFO : Overriding domain name: --
2024-02-29T21:24:51.4575537Z INFO : Language will be set to: --
2024-02-29T21:24:51.4575537Z INFO : Using message relays: --
2024-02-29T21:24:51.4575537Z INFO : Proxy address: --
2024-02-29T21:24:51.4575537Z INFO : Proxy user name: --
2024-02-29T21:24:51.4575537Z INFO : Using custom customer token: --
2024-02-29T21:24:51.4575537Z INFO : Using specified products: --
2024-02-29T21:24:51.4575537Z INFO : Using certificates from the program data folder: 0
2024-02-29T21:24:51.4575537Z INFO : Setting non-persistent image: 0
2024-02-29T21:24:51.4575537Z INFO : Setting gold image: 0
2024-02-29T21:24:51.4575537Z INFO : MCS registration timeout for golden image: --
2024-02-29T21:24:51.4575537Z INFO : Using custom customer ID: --
2024-02-29T21:24:51.4575537Z INFO : Using specified user ID: --
2024-02-29T21:24:51.4575537Z INFO : Using local install source: --
2024-02-29T21:24:51.4575537Z INFO : Invoked as part of SEC migration: 0
2024-02-29T21:24:51.4575537Z INFO : ---
2024-02-29T21:24:51.4575537Z INFO : Detected architecture: 2
2024-02-29T21:24:51.4575537Z INFO : Using x86 program files for stage 2
2024-02-29T21:24:51.4575537Z INFO : Target path: C:\\Program Files (x86)\\Sophos\\CloudInstaller
2024-02-29T21:24:51.5981434Z INFO : About to delete: C:\\Program Files (x86)\\Sophos\\CloudInstaller
2024-02-29T21:24:51.5981434Z INFO : Folder not present, nothing to delete
2024-02-29T21:24:51.5981434Z INFO : Running on x64, requesting x86 Stage2
2024-02-29T21:24:51.5981434Z INFO : Sending HTTP 'POST' request to: api/download/stage2-details/0b3a38c5-1d18-422b-a0e8-dfae7828c5bd
2024-02-29T21:24:51.7856291Z INFO : Did not discover an URL for a PAC file
2024-02-29T21:24:51.7856291Z INFO : Attempting to connect using proxy '' of type 'Empty Proxy'.
2024-02-29T21:24:51.7856291Z INFO : Set security protocol: 00000800
2024-02-29T21:24:51.7856291Z INFO : Opening connection to api-cloudstation-us-east-2.prod.hydra.sophos.com
2024-02-29T21:24:51.7856291Z INFO : Request content size: 30
2024-02-29T21:24:52.8630348Z INFO : Sending request
2024-02-29T21:24:52.8630348Z INFO : Request sent
2024-02-29T21:24:53.0663064Z INFO : Sending request
2024-02-29T21:24:53.0663064Z INFO : Request sent
2024-02-29T21:24:53.0663064Z INFO : Response status code: 200
2024-02-29T21:24:53.0663064Z INFO : Response data size: 303
2024-02-29T21:24:53.0663064Z INFO : trySendRequestThroughPotentialProxy returning response with status code: 200
2024-02-29T21:24:53.0663064Z INFO : Parsing message received for Stage 2 filename: '{"downloads_server":"downloads.sophos.com","telemetry_server":"t1.sophosupd.com","diagnostics_server":"installer1.sophosupd.com","stage2_filename":"stage2-1.19.68.0-6f07e43ad67c5cb69a55bac88932a503df3e4236aa86350e9558f5bf428a8882.tar.gz","mcs_server":"mcs2-cloudstation-us-east-2.prod.hydra.sophos.com"}'
2024-02-29T21:24:53.0663064Z INFO : Sending HTTP 'GET' request to: full/central/windows/business/installer/stage2-1.19.68.0-6f07e43ad67c5cb69a55bac88932a503df3e4236aa86350e9558f5bf428a8882.tar.gz
2024-02-29T21:24:53.0817782Z INFO : Did not discover an URL for a PAC file
2024-02-29T21:24:53.0817782Z INFO : Attempting to connect using proxy '' of type 'Empty Proxy'.
2024-02-29T21:24:53.0817782Z INFO : Set security protocol: 00000800
2024-02-29T21:24:53.0817782Z INFO : Opening connection to downloads.sophos.com
2024-02-29T21:24:53.0817782Z INFO : Request content size: 0
2024-02-29T21:24:55.3780687Z INFO : Sending request
2024-02-29T21:24:55.3780687Z INFO : Request sent
2024-02-29T21:25:00.5621553Z INFO : Response status code: 200
2024-02-29T21:25:00.5776606Z INFO : Response data size: 3858959
2024-02-29T21:25:00.5776606Z INFO : trySendRequestThroughPotentialProxy returning response with status code: 200
2024-02-29T21:25:00.5776606Z INFO : Extracting files:
2024-02-29T21:25:00.5776606Z INFO : integrity.dat
2024-02-29T21:25:00.5932784Z INFO : manifest.dat
2024-02-29T21:25:00.5932784Z INFO : scf.dat
2024-02-29T21:25:00.5932784Z INFO : SDDS3.dll
2024-02-29T21:25:00.6245484Z INFO : sof.dat
2024-02-29T21:25:00.6245484Z INFO : SophosACSenabledTest.exe
2024-02-29T21:25:00.6245484Z INFO : SophosSetup_Stage2.exe
2024-02-29T21:25:00.6713829Z INFO : su-setup32.exe
2024-02-29T21:25:00.6870338Z INFO : su-setup64.exe
2024-02-29T21:25:00.7026540Z INFO : SUL.dll
2024-02-29T21:25:00.7338967Z INFO : Management Certs/sophosca1.crl
2024-02-29T21:25:00.7338967Z INFO : Management Certs/sophosca1.crt
2024-02-29T21:25:00.7338967Z INFO : Management Certs/sophosca2.crl
2024-02-29T21:25:00.7338967Z INFO : Management Certs/sophosca2.crt
2024-02-29T21:25:00.7338967Z INFO : Management Certs/sophosca3.crl
2024-02-29T21:25:00.7338967Z INFO : Management Certs/sophosca3.crt
2024-02-29T21:25:00.7338967Z INFO : Management Certs/sophosca4.crl
2024-02-29T21:25:00.7495180Z INFO : Management Certs/sophosca4.crt
2024-02-29T21:25:00.7495180Z INFO : ManifestCerts/rootca.crl
2024-02-29T21:25:00.7495180Z INFO : ManifestCerts/rootca.crt
2024-02-29T21:25:00.7495180Z INFO : ManifestCerts/rootca384.crl
2024-02-29T21:25:00.7495180Z INFO : ManifestCerts/rootca384.crt
2024-02-29T21:25:00.7495180Z INFO : Checking manifest:C:\\Program Files (x86)\\Sophos\\CloudInstaller\\extract_cache\\manifest.dat
2024-02-29T21:25:00.8432456Z INFO : Running setup.
2024-02-29T21:25:02.8427470Z INFO : Stage 2 command-line options:
2024-02-29T21:25:02.8427470Z INFO : ---
2024-02-29T21:25:02.8583980Z INFO : Parent PID: 1388
2024-02-29T21:25:02.8583980Z INFO : MCS server: mcs2-cloudstation-us-east-2.prod.hydra.sophos.com
2024-02-29T21:25:02.8583980Z INFO : Telemetry server: t1.sophosupd.com
2024-02-29T21:25:02.8583980Z INFO : Diagnostics server: installer1.sophosupd.com
2024-02-29T21:25:02.8583980Z INFO : Message relays: --
2024-02-29T21:25:02.8583980Z INFO : Suppressing feedback: 0
2024-02-29T21:25:02.8583980Z INFO : Dump feedback to disk: 0
2024-02-29T21:25:02.8583980Z INFO : Setting non-persistent image: 0
2024-02-29T21:25:02.8583980Z INFO : Setting gold image: 0
2024-02-29T21:25:02.8583980Z INFO : MCS registration timeout for golden image: --
2024-02-29T21:25:02.8583980Z INFO : Register only: 0
2024-02-29T21:25:02.8583980Z INFO : Trail logging: 0
2024-02-29T21:25:02.8583980Z INFO : Command-line logging: 0
2024-02-29T21:25:02.8583980Z INFO : Bypassing competitor removal: 0
2024-02-29T21:25:02.8583980Z INFO : CRT catalog: --
2024-02-29T21:25:02.8583980Z INFO : Language: --
2024-02-29T21:25:02.8583980Z INFO : Log files: C:\\ProgramData\\Sophos\\CloudInstaller\\Logs\\SophosCloudInstaller_20240229_212451.log
2024-02-29T21:25:02.8583980Z INFO : Group: --
2024-02-29T21:25:02.8583980Z INFO : Quiet: 0
2024-02-29T21:25:02.8583980Z INFO : Bypass ownership check: 0
2024-02-29T21:25:02.8583980Z INFO : Bypass ACS check: 0
2024-02-29T21:25:02.8583980Z INFO : Virtual appliance: 0
2024-02-29T21:25:02.8583980Z INFO : Proxy address: --
2024-02-29T21:25:02.8583980Z INFO : Proxy user: --
2024-02-29T21:25:02.8583980Z INFO : Overriding computer name: --
2024-02-29T21:25:02.8583980Z INFO : Overriding computer description: --
2024-02-29T21:25:02.8583980Z INFO : Overriding domain: --
2024-02-29T21:25:02.8583980Z INFO : Disable proxy detection: 0
2024-02-29T21:25:02.8583980Z INFO : Customer Token Specified: 0b3a38c5-1d18-422b-a0e8-dfae7828c5bd
2024-02-29T21:25:02.8583980Z INFO : Products: all
2024-02-29T21:25:02.8583980Z INFO : Pipe write handle: 2120
2024-02-29T21:25:02.8583980Z INFO : MCS Certificates Folder: 0
2024-02-29T21:25:02.8583980Z INFO : MCS Customer Id: d499191c-a287-f4f4-d8f7-cdfc0b309176
2024-02-29T21:25:02.8583980Z INFO : User Id: --
2024-02-29T21:25:02.8583980Z INFO : Local install source: --
2024-02-29T21:25:02.8583980Z INFO : Partner Id: --
2024-02-29T21:25:02.8583980Z INFO : Customer Estate Id: --
2024-02-29T21:25:02.8583980Z INFO : Invoked as part of SEC migration: 0
2024-02-29T21:25:02.8583980Z INFO : ---
2024-02-29T21:25:02.8740186Z INFO : User name: Administrator
2024-02-29T21:25:02.8740186Z INFO : NameDnsDomain: **********.LOCAL\\Administrator
2024-02-29T21:25:02.8740186Z INFO : dnsDomain: *********.LOCAL
2024-02-29T21:25:14.6370384Z INFO : lpProfilePath:
2024-02-29T21:25:14.6524955Z INFO : User profile loaded
2024-02-29T21:25:14.6524955Z INFO : Net API buffer freed
2024-02-29T21:25:14.6524955Z INFO : Model::messageRelays value changed to be size: 0
2024-02-29T21:25:14.6524955Z INFO : Model::group value changed to:
2024-02-29T21:25:14.6524955Z INFO : Model::parentPid value changed to: 1388
2024-02-29T21:25:14.6524955Z INFO : Model::products changed to: all
2024-02-29T21:25:14.6524955Z INFO : Model::customer token value changed to: 0b3a38c5-1d18-422b-a0e8-dfae7828c5bd
2024-02-29T21:25:14.6524955Z INFO : MCS Crts: C:\\Program Files (x86)\\Sophos\\CloudInstaller\\Management Certs\\sophosca1.crt,C:\\Program Files (x86)\\Sophos\\CloudInstaller\\Management Certs\\sophosca2.crt,C:\\Program Files (x86)\\Sophos\\CloudInstaller\\Management Certs\\sophosca3.crt,C:\\Program Files (x86)\\Sophos\\CloudInstaller\\Management Certs\\sophosca4.crt
2024-02-29T21:25:14.6524955Z INFO : MCS CRLs: C:\\Program Files (x86)\\Sophos\\CloudInstaller\\Management Certs\\sophosca1.crl,C:\\Program Files (x86)\\Sophos\\CloudInstaller\\Management Certs\\sophosca2.crl,C:\\Program Files (x86)\\Sophos\\CloudInstaller\\Management Certs\\sophosca3.crl,C:\\Program Files (x86)\\Sophos\\CloudInstaller\\Management Certs\\sophosca4.crl
2024-02-29T21:25:14.6524955Z INFO : Model:: MCS customer id value changed to: d499191c-a287-f4f4-d8f7-cdfc0b309176
2024-02-29T21:25:14.6524955Z INFO : Sophos Endpoint Defense is installed
2024-02-29T21:25:14.6524955Z INFO : Value 'SEDEnabled' under key '000002B0' is not set or set to 0.
2024-02-29T21:25:14.6524955Z INFO : Not tamper-protected by SED
2024-02-29T21:25:14.6524955Z INFO : detectedMsiInstalledMcs.installed: 0
2024-02-29T21:25:14.6524955Z INFO : Not migrating from SEC endpoint.
2024-02-29T21:25:14.6680876Z INFO : Beginning command definition.
2024-02-29T21:25:14.6680876Z INFO : Adding command to remove Sophos 'Image File Execution Options' keys.
2024-02-29T21:25:14.6680876Z INFO : Adding command to wait for SAU update to complete.
2024-02-29T21:25:14.6680876Z INFO : Adding competitor detection command.
2024-02-29T21:25:14.6680876Z INFO : Adding command to register with Sophos cloud.
2024-02-29T21:25:14.6680876Z INFO : Adding command to download product suite.
2024-02-29T21:25:14.6680876Z INFO : Adding command to uninstall existing products.
2024-02-29T21:25:14.6680876Z INFO : Trying to get uninstall path for: '{FA203C29-393F-4247-A69D-6C93E6D685EB}'
2024-02-29T21:25:14.6680876Z INFO : Key 'SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{FA203C29-393F-4247-A69D-6C93E6D685EB}' does not exist.
2024-02-29T21:25:14.6680876Z INFO : Trying to get uninstall path for: '{FA203C29-393F-4247-A69D-6C93E6D685EB}'
2024-02-29T21:25:14.6680876Z INFO : Key 'SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{FA203C29-393F-4247-A69D-6C93E6D685EB}' does not exist in redirection hive.
2024-02-29T21:25:14.6680876Z INFO : Adding command to uninstall Sophos AutoUpdate MSI
2024-02-29T21:25:14.6680876Z INFO : Adding command to remove existing installation of Sophos AutoUpdate
2024-02-29T21:25:14.6680876Z INFO : Adding command to allow tamper protected reinstalls.
2024-02-29T21:25:14.6680876Z INFO : Adding commands to uninstall remaining existing products.
2024-02-29T21:25:14.6680876Z INFO : Adding command to remove existing installation of Sophos System Protection
2024-02-29T21:25:14.6680876Z INFO : Adding command to remove existing installation of Sophos Heartbeat
2024-02-29T21:25:14.6680876Z INFO : Adding command to remove existing installation of Sophos Network Access Control
2024-02-29T21:25:14.6680876Z INFO : Adding command to remove existing installation of Sophos Client Firewall
2024-02-29T21:25:14.6680876Z INFO : Adding command to remove existing installation of Sophos Patch
2024-02-29T21:25:14.6680876Z INFO : Adding command to remove existing installation of Sophos Clean
2024-02-29T21:25:14.6680876Z INFO : Adding command to uninstall orphaned products.
2024-02-29T21:25:14.6680876Z INFO : Adding command to prepare for installation.
2024-02-29T21:25:14.6680876Z INFO : Adding command to install Sophos agent.
2024-02-29T21:25:14.6680876Z INFO : Command definition complete.
2024-02-29T21:25:14.6680876Z INFO : Stage 1 version:1.19.68.0
2024-02-29T21:25:14.6680876Z INFO : Stage 2 version:1.19.68.0
2024-02-29T21:25:14.6680876Z INFO : OS version: 10.0.19045.
2024-02-29T21:25:14.6680876Z INFO : Service pack: 0.0.
2024-02-29T21:25:14.6680876Z INFO : System Language: 1033.
2024-02-29T21:25:14.6680876Z INFO : User Language: 1033.
2024-02-29T21:25:14.6680876Z INFO : 64 bit: yes.
2024-02-29T21:25:14.6680876Z INFO : FindMainWindow: pid=1388
2024-02-29T21:25:14.6680876Z INFO : Window is main control window of process
2024-02-29T21:25:14.6680876Z INFO : ::EnumWindows stopped early; window found
2024-02-29T21:25:14.6680876Z INFO : _bestHandle=000205D8
2024-02-29T21:25:14.9026020Z INFO : Running System Property Check: VerifyTrust ...
2024-02-29T21:25:14.9961637Z INFO : System Property Check: VerifyTrust - PASSED
2024-02-29T21:25:15.0588322Z INFO : Running System Property Check: RequiredPrivilegesHeld ...
2024-02-29T21:25:15.0588322Z INFO : All required privileges could be enabled
2024-02-29T21:25:15.0588322Z INFO : System Property Check: RequiredPrivilegesHeld - PASSED
2024-02-29T21:25:15.1213099Z INFO : Running System Property Check: TrustedHmpaFolder ...
2024-02-29T21:25:15.1213099Z INFO : HMPA folder is trusted
2024-02-29T21:25:15.1213099Z INFO : System Property Check: TrustedHmpaFolder - PASSED
2024-02-29T21:25:15.1837668Z INFO : Running System Property Check: HostnameLength ...
2024-02-29T21:25:15.1837668Z INFO : Initialized Winsock subsystem
2024-02-29T21:25:15.1837668Z INFO : Valid hostname length
2024-02-29T21:25:15.1837668Z INFO : System Property Check: HostnameLength - PASSED
2024-02-29T21:25:15.2462804Z INFO : Running System Property Check: GroupNameLength ...
2024-02-29T21:25:15.2462804Z INFO : System Property Check: GroupNameLength - PASSED
2024-02-29T21:25:15.3087169Z INFO : Running System Property Check: JunctionPointsCheck ...
2024-02-29T21:25:16.0271454Z INFO : Scanned 5668 Sophos paths for junction points
2024-02-29T21:25:16.0271454Z INFO : System Property Check: JunctionPointsCheck - PASSED
2024-02-29T21:25:16.0898179Z INFO : Running System Property Check: PendingReboots ...
2024-02-29T21:25:16.0898179Z INFO : Found pending file rename operations in the registry
2024-02-29T21:25:16.0898179Z WARNING : System Property Check: PendingReboots recommended - FAILED
2024-02-29T21:25:16.1523121Z INFO : Running System Property Check: PrimaryDriveSpace ...
2024-02-29T21:25:16.1523121Z INFO : Enough space: 193110 Mb
2024-02-29T21:25:16.1523121Z INFO : System Property Check: PrimaryDriveSpace - PASSED
2024-02-29T21:25:16.2146085Z INFO : Running System Property Check: MsXml ...
2024-02-29T21:25:16.2304514Z INFO : System Property Check: MsXml - PASSED
2024-02-29T21:25:16.2928489Z INFO : Running System Property Check: NotFirewall ...
2024-02-29T21:25:16.2928489Z INFO : System Property Check: NotFirewall - PASSED
2024-02-29T21:25:16.3710076Z INFO : Running System Property Check: NotHitmanProAlertIncompatible ...
2024-02-29T21:25:16.3710076Z INFO : No HitmanPro.Alert Installed
2024-02-29T21:25:16.3710076Z INFO : System Property Check: NotHitmanProAlertIncompatible - PASSED
2024-02-29T21:25:16.4334608Z INFO : Running System Property Check: NotInvincea ...
2024-02-29T21:25:16.4334608Z INFO : System Property Check: NotInvincea - PASSED
2024-02-29T21:25:16.4959949Z INFO : Running System Property Check: NotMessageRelay ...
2024-02-29T21:25:16.4959949Z INFO : RMS is not installed on the endpoint
2024-02-29T21:25:16.4959949Z INFO : System Property Check: NotMessageRelay - PASSED
2024-02-29T21:25:16.5584779Z INFO : Running System Property Check: NotNac ...
2024-02-29T21:25:16.5584779Z INFO : System Property Check: NotNac - PASSED
2024-02-29T21:25:16.6209541Z INFO : Running System Property Check: NotPatch ...
2024-02-29T21:25:16.6209541Z INFO : System Property Check: NotPatch - PASSED
2024-02-29T21:25:16.6834122Z INFO : Running System Property Check: NotPureMessageDomino ...
2024-02-29T21:25:16.6834122Z INFO : System Property Check: NotPureMessageDomino - PASSED
2024-02-29T21:25:16.7459314Z INFO : Running System Property Check: NotPureMessageExchangeWithAntiSpam ...
2024-02-29T21:25:16.7459314Z INFO : System Property Check: NotPureMessageExchangeWithAntiSpam - PASSED
2024-02-29T21:25:16.8084199Z INFO : Running System Property Check: NotSharePoint ...
2024-02-29T21:25:16.8084199Z INFO : System Property Check: NotSharePoint - PASSED
2024-02-29T21:25:16.8708851Z INFO : Running System Property Check: NotSecServer ...
2024-02-29T21:25:16.8708851Z INFO : System Property Check: NotSecServer - PASSED
2024-02-29T21:25:16.9333508Z INFO : Running System Property Check: NotSum ...
2024-02-29T21:25:16.9333508Z INFO : System Property Check: NotSum - PASSED
2024-02-29T21:25:16.9956693Z INFO : Running System Property Check: NotBlockedByTamperProtection ...
2024-02-29T21:25:16.9956693Z INFO : Not tamper protected
2024-02-29T21:25:16.9956693Z INFO : System Property Check: NotBlockedByTamperProtection - PASSED
2024-02-29T21:25:17.0583483Z INFO : Running System Property Check: RAMSize ...
2024-02-29T21:25:17.0583483Z INFO : System Property Check: RAMSize - PASSED
2024-02-29T21:25:17.1208238Z INFO : Running System Property Check: CpuCoreCount ...
2024-02-29T21:25:17.1208238Z INFO : Logical processor core count: 4
2024-02-29T21:25:17.1208238Z INFO : System Property Check: CpuCoreCount - PASSED
2024-02-29T21:25:17.1832936Z INFO : Running System Property Check: SupportedArchitecture ...
2024-02-29T21:25:17.1832936Z INFO : Running on x64
2024-02-29T21:25:17.1832936Z INFO : System Property Check: SupportedArchitecture - PASSED
2024-02-29T21:25:17.2457963Z INFO : Running System Property Check: SupportedOS ...
2024-02-29T21:25:17.2457963Z INFO : Running on workstation.
2024-02-29T21:25:17.2457963Z INFO : System Property Check: SupportedOS - PASSED
2024-02-29T21:25:17.3082424Z INFO : Running System Property Check: SupportedPatches ...
2024-02-29T21:25:17.3082424Z INFO : System Property Check: SupportedPatches - PASSED
2024-02-29T21:25:17.3707755Z INFO : Running System Property Check: AzureCodeSigning ...
2024-02-29T21:25:17.3861966Z INFO : ACS supported
2024-02-29T21:25:17.3861966Z INFO : System Property Check: AzureCodeSigning - PASSED
2024-02-29T21:25:17.4645087Z INFO : Running System Property Check: DotNetFramework ...
2024-02-29T21:25:17.4645087Z INFO : Supported .NET version is present
2024-02-29T21:25:17.4645087Z INFO : System Property Check: DotNetFramework - PASSED
2024-02-29T21:25:17.5267916Z INFO : Running System Property Check: ValidTempDirectory ...
2024-02-29T21:25:17.5267916Z INFO : Temp folder exists.
2024-02-29T21:25:17.5267916Z INFO : System Property Check: ValidTempDirectory - PASSED
2024-02-29T21:25:17.5894690Z INFO : Running System Property Check: ValidLocalInstallSourceDirectory ...
2024-02-29T21:25:17.5894690Z INFO : No local install source folder to validate.
2024-02-29T21:25:17.5894690Z INFO : System Property Check: ValidLocalInstallSourceDirectory - PASSED
2024-02-29T21:25:17.6518218Z INFO : Running System Property Check: ValidServer ...
2024-02-29T21:25:17.6518218Z INFO : System Property Check: ValidServer - PASSED
2024-02-29T21:25:17.7144443Z INFO : Running System Property Check: ValidDeploymentInfo ...
2024-02-29T21:25:17.7144443Z INFO : Current Time: 2024-02-29T21:25:17.714000
2024-02-29T21:25:17.7144443Z INFO : This computer is part of the domain *********
2024-02-29T21:25:17.7144443Z INFO : Domain Name: ******
2024-02-29T21:25:17.7144443Z INFO : Computer Name: *******
2024-02-29T21:25:17.7144443Z INFO : Computer Description is not available.
2024-02-29T21:25:17.7144443Z INFO : Operating system friendly name: Windows 10 Pro
2024-02-29T21:25:17.7144443Z INFO : Operating system for status: WIN10
2024-02-29T21:25:17.7144443Z INFO : ProductType: 48
2024-02-29T21:25:17.7144443Z INFO : Session user: ********\\********
2024-02-29T21:25:17.7144443Z INFO : Not sending last logged on user. Session user different from running user: *******\\Administrator
2024-02-29T21:25:17.7144443Z INFO : Fully Qualified Domain Name: *******.*******.local
2024-02-29T21:25:17.7299120Z INFO : Processor architecture: x64
2024-02-29T21:25:17.7299120Z INFO : OS Major Version: 10 and OS Minor Version: 0
2024-02-29T21:25:17.7299120Z INFO : Friendly OS Name: WIN10
2024-02-29T21:25:17.7299120Z INFO : Is server?: 0
2024-02-29T21:25:17.7299120Z INFO : Sending HTTP 'POST' request to: sophos/management/ep/install/deployment-info/3
2024-02-29T21:25:17.7299120Z INFO : Did not discover an URL for a PAC file
2024-02-29T21:25:17.7299120Z INFO : Attempting to connect using proxy '' of type 'Empty Proxy'.
2024-02-29T21:25:17.7299120Z INFO : Set security protocol: 00000800
2024-02-29T21:25:17.7299120Z INFO : Opening connection to mcs2-cloudstation-us-east-2.prod.hydra.sophos.com
2024-02-29T21:25:17.7299120Z INFO : Sending request for connection confirmation through potential proxy
2024-02-29T21:25:17.7299120Z INFO : Request content size: 0
2024-02-29T21:25:18.5109332Z INFO : ValidateFileCertificateCheck: Validate certificate against file on WINHTTP_CALLBACK_STATUS_SENDING_REQUEST
2024-02-29T21:25:18.5109332Z INFO : Subject certificate failed validation against root CA: SophosCA1
2024-02-29T21:25:18.5109332Z INFO : Subject certificate failed validation against root CA: SophosCA2
2024-02-29T21:25:18.5109332Z INFO : Certificate check succeeded
2024-02-29T21:25:18.5109332Z INFO : ValidateFileCertificateCheck: Ignore WINHTTP_CALLBACK_STATUS_REQUEST_SENT
2024-02-29T21:25:18.6985773Z INFO : Response status code: 200
2024-02-29T21:25:18.6985773Z INFO : Response data size: 168
2024-02-29T21:25:18.6985773Z INFO : trySendRequestThroughPotentialProxy returning response with status code: 200
2024-02-29T21:25:18.6985773Z INFO : Request content size: 1375
2024-02-29T21:25:18.6985773Z INFO : ValidateFileCertificateCheck: Validate certificate against file on WINHTTP_CALLBACK_STATUS_SENDING_REQUEST
2024-02-29T21:25:18.6985773Z INFO : Subject certificate failed validation against root CA: SophosCA1
2024-02-29T21:25:18.6985773Z INFO : Subject certificate failed validation against root CA: SophosCA2
2024-02-29T21:25:18.7140369Z INFO : Certificate check succeeded
2024-02-29T21:25:18.7140369Z INFO : ValidateFileCertificateCheck: Ignore WINHTTP_CALLBACK_STATUS_REQUEST_SENT
2024-02-29T21:25:18.8704170Z INFO : ValidateFileCertificateCheck: Validate certificate against file on WINHTTP_CALLBACK_STATUS_SENDING_REQUEST
2024-02-29T21:25:18.8704170Z INFO : Subject certificate failed validation against root CA: SophosCA1
2024-02-29T21:25:18.8704170Z INFO : Subject certificate failed validation against root CA: SophosCA2
2024-02-29T21:25:18.8858730Z INFO : Certificate check succeeded
2024-02-29T21:25:18.8858730Z INFO : ValidateFileCertificateCheck: Ignore WINHTTP_CALLBACK_STATUS_REQUEST_SENT
2024-02-29T21:25:18.8858730Z INFO : Response status code: 200
2024-02-29T21:25:18.8858730Z INFO : Response data size: 213
2024-02-29T21:25:18.8858730Z INFO : Parsing message received for deployment token: {"dciFileName":"41aea06e7cf0d70e17fc260874fb911c","registrationToken":"fe0695850091d8f65085e150a340280c41cbd63acb47cc37631fb9c7e5efd592","products":[{"product":"INTERCEPT_ADVANCED","supported":true,"reasons":[]}]}
2024-02-29T21:25:18.8858730Z INFO : Model::token value changed to: fe0695850091d8f65085e150a340280c41cbd63acb47cc37631fb9c7e5efd592
2024-02-29T21:25:18.8858730Z INFO : Licenses available: INTERCEPT_ADVANCED
2024-02-29T21:25:19.0734902Z INFO : Running System Property Check: InstallationInProgress ...
2024-02-29T21:25:19.0734902Z INFO : System Property Check: InstallationInProgress - PASSED
2024-02-29T21:25:19.1359810Z INFO : Running System Property Check: SafeGuardEncryption ...
2024-02-29T21:25:19.1359810Z INFO : Entered installedProductCode, upgradeCode={BA2F47D3-1C17-40E7-8DE7-1CD733442B6C}
2024-02-29T21:25:19.1359810Z INFO : Product is not installed
2024-02-29T21:25:19.1359810Z INFO : licensesContainFeature(DEVICE_ENCRYPTION): false
2024-02-29T21:25:19.1359810Z INFO : System Property Check: SafeGuardEncryption - PASSED
2024-02-29T21:25:24.3589946Z INFO : Wait for tamper protection to be enabled for component INSTALLER
2024-02-29T21:25:24.3589946Z INFO : Waiting for operation to succeed within 60000ms.
2024-02-29T21:25:24.3589946Z INFO : Tamper protection in effect for component INSTALLER
2024-02-29T21:25:24.3589946Z INFO : Starting installation process.
2024-02-29T21:25:24.3745878Z INFO : About to execute command: CleanSophosIfeoKeysCommand
2024-02-29T21:25:24.3745878Z INFO : Command 'CleanSophosIfeoKeysCommand' completed with success with reboot code '0' and error message ''.
2024-02-29T21:25:24.3745878Z INFO : About to execute command: WaitForSauUpdateCommand
2024-02-29T21:25:24.3745878Z INFO : Waiting for operation to succeed within 900000ms.
2024-02-29T21:25:24.3745878Z INFO : AutoUpdate folder: C:\\Program Files (x86)\\Sophos\\AutoUpdate
2024-02-29T21:25:24.3745878Z INFO : Cache folder: C:\\ProgramData\\Sophos\\AutoUpdate\\cache
2024-02-29T21:25:24.3745878Z INFO : Cache folder: C:\\ProgramData\\Sophos\\AutoUpdate\\cache
2024-02-29T21:25:24.4683156Z INFO : SAU not updating - continuing with installation
2024-02-29T21:25:24.4683156Z INFO : Data folder: C:\\ProgramData\\Sophos\\AutoUpdate\\data
2024-02-29T21:25:24.5154063Z WARNING : Skipping over invalid component state for 'sse64' due to missing required attribute(s)
2024-02-29T21:25:24.5154063Z WARNING : Skipping over invalid component state for 'sed64' due to missing required attribute(s)
2024-02-29T21:25:24.5154063Z WARNING : Skipping over invalid component state for 'sau' due to missing required attribute(s)
2024-02-29T21:25:24.5154063Z WARNING : Skipping over invalid component state for 'uninstaller64' due to missing required attribute(s)
2024-02-29T21:25:24.5154063Z WARNING : Skipping over invalid component state for 'hmpa64' due to missing required attribute(s)
2024-02-29T21:25:24.5154063Z WARNING : Skipping over invalid component state for 'shs' due to missing required attribute(s)
2024-02-29T21:25:24.5154063Z WARNING : Skipping over invalid component state for 'clean64' due to missing required attribute(s)
2024-02-29T21:25:24.5154063Z WARNING : Skipping over invalid component state for 'sfs64' due to missing required attribute(s)
2024-02-29T21:25:24.5154063Z WARNING : Skipping over invalid component state for 'ui64' due to missing required attribute(s)
2024-02-29T21:25:24.5154063Z WARNING : Skipping over invalid component state for 'sme64' due to missing required attribute(s)
2024-02-29T21:25:24.5154063Z WARNING : Skipping over invalid component state for 'esh64' due to missing required attribute(s)
2024-02-29T21:25:24.5154063Z WARNING : Skipping over invalid component state for 'ntp64' due to missing required attribute(s)
2024-02-29T21:25:24.5154063Z WARNING : Skipping over invalid component state for 'mcsep' due to missing required attribute(s)
2024-02-29T21:25:24.5154063Z WARNING : Skipping over invalid component state for 'efw64' due to missing required attribute(s)
2024-02-29T21:25:24.5154063Z WARNING : Skipping over invalid component state for 'savxp' due to missing required attribute(s)
2024-02-29T21:25:24.5154063Z WARNING : Skipping over invalid component state for 'Sophos Detection Engine' due to missing required attribute(s)
2024-02-29T21:25:24.5154063Z WARNING : Skipping over invalid component state for 'sdu' due to missing required attribute(s)
2024-02-29T21:25:24.5154063Z INFO : Command 'WaitForSauUpdateCommand' completed with success with reboot code '0' and error message ''.
2024-02-29T21:25:24.5154063Z INFO : About to execute command: CompetitorDetector
2024-02-29T21:25:24.5464237Z INFO : Command 'CompetitorDetector' completed with success with reboot code '0' and error message ''.
2024-02-29T21:25:24.5464237Z INFO : About to execute command: Register
2024-02-29T21:25:24.5464237Z INFO : Ensuring any MCS client service is stopped to prevent race for policy retrieval
2024-02-29T21:25:24.5464237Z INFO : Sending HTTP 'POST' request to: sophos/management/ep/install/register
2024-02-29T21:25:24.5464237Z INFO : Did not discover an URL for a PAC file
2024-02-29T21:25:24.5464237Z INFO : Attempting to connect using proxy '' of type 'Empty Proxy'.
2024-02-29T21:25:24.5464237Z INFO : Set security protocol: 00000800
2024-02-29T21:25:24.5464237Z INFO : Opening connection to mcs2-cloudstation-us-east-2.prod.hydra.sophos.com
2024-02-29T21:25:24.5464237Z INFO : Sending request for connection confirmation through potential proxy
2024-02-29T21:25:24.5464237Z INFO : Request content size: 0
2024-02-29T21:25:24.5464237Z INFO : ValidateFileCertificateCheck: Validate certificate against file on WINHTTP_CALLBACK_STATUS_SENDING_REQUEST
2024-02-29T21:25:24.5464237Z INFO : Subject certificate failed validation against root CA: SophosCA1
2024-02-29T21:25:24.5464237Z INFO : Subject certificate failed validation against root CA: SophosCA2
2024-02-29T21:25:24.5620432Z INFO : Certificate check succeeded
2024-02-29T21:25:24.5620432Z INFO : ValidateFileCertificateCheck: Ignore WINHTTP_CALLBACK_STATUS_REQUEST_SENT
2024-02-29T21:25:24.6715931Z INFO : Response status code: 200
2024-02-29T21:25:24.6715931Z INFO : Response data size: 168
2024-02-29T21:25:24.6715931Z INFO : trySendRequestThroughPotentialProxy returning response with status code: 200
2024-02-29T21:25:24.6715931Z INFO : Request content size: 1375
2024-02-29T21:25:24.6715931Z INFO : ValidateFileCertificateCheck: Validate certificate against file on WINHTTP_CALLBACK_STATUS_SENDING_REQUEST
2024-02-29T21:25:24.6870170Z INFO : Subject certificate failed validation against root CA: SophosCA1
2024-02-29T21:25:24.6870170Z INFO : Subject certificate failed validation against root CA: SophosCA2
2024-02-29T21:25:24.6870170Z INFO : Certificate check succeeded
2024-02-29T21:25:24.6870170Z INFO : ValidateFileCertificateCheck: Ignore WINHTTP_CALLBACK_STATUS_REQUEST_SENT
2024-02-29T21:25:25.0308817Z INFO : ValidateFileCertificateCheck: Validate certificate against file on WINHTTP_CALLBACK_STATUS_SENDING_REQUEST
2024-02-29T21:25:25.0308817Z INFO : Subject certificate failed validation against root CA: SophosCA1
2024-02-29T21:25:25.0308817Z INFO : Subject certificate failed validation against root CA: SophosCA2
2024-02-29T21:25:25.0308817Z INFO : Certificate check succeeded
2024-02-29T21:25:25.0308817Z INFO : ValidateFileCertificateCheck: Ignore WINHTTP_CALLBACK_STATUS_REQUEST_SENT
2024-02-29T21:25:25.0308817Z INFO : Response status code: 200
2024-02-29T21:25:25.0308817Z INFO : Response data size: 72
2024-02-29T21:25:25.0308817Z INFO : Retrieved endpoint id: e4b946c6-6891-d41a-786a-616ed57a0403
2024-02-29T21:25:26.0460840Z INFO : Sending HTTP 'POST' request to: sophos/management/ep/install/authenticate/endpoint/e4b946c6-6891-d41a-786a-616ed57a0403/role/endpoint
2024-02-29T21:25:26.0460840Z INFO : Request content size: 0
2024-02-29T21:25:26.0460840Z INFO : ValidateFileCertificateCheck: Validate certificate against file on WINHTTP_CALLBACK_STATUS_SENDING_REQUEST
2024-02-29T21:25:26.0460840Z INFO : Subject certificate failed validation against root CA: SophosCA1
2024-02-29T21:25:26.0460840Z INFO : Subject certificate failed validation against root CA: SophosCA2
2024-02-29T21:25:26.0460840Z INFO : Certificate check succeeded
2024-02-29T21:25:26.0460840Z INFO : ValidateFileCertificateCheck: Ignore WINHTTP_CALLBACK_STATUS_REQUEST_SENT
2024-02-29T21:25:26.4680398Z INFO : Response status code: 200
2024-02-29T21:25:26.4680398Z INFO : Response data size: 1191
2024-02-29T21:25:26.4680398Z INFO : Retrieved mcs auth: tenant_id=4d9991c1-2a78-4f4f-8d7f-dccfb0031967 device_id=4e9b646c-8619-4da1-87a6-16e65da74030
2024-02-29T21:25:26.4680398Z INFO : MCS Auth token features: f_ep_xpd
2024-02-29T21:25:26.4680398Z INFO : MCS Auth token features: f_endpoint_updating
2024-02-29T21:25:26.4680398Z INFO : MCS Auth token features: f_ep_ntp_adv
2024-02-29T21:25:26.4680398Z INFO : MCS Auth token features: f_ep_devctl
2024-02-29T21:25:26.4680398Z INFO : MCS Auth token features: f_ep_efw
2024-02-29T21:25:26.4680398Z INFO : MCS Auth token features: f_ep_hbt_xg
2024-02-29T21:25:26.4680398Z INFO : MCS Auth token features: f_ep_av
2024-02-29T21:25:26.4680398Z INFO : MCS Auth token features: f_ep_ntp_xg
2024-02-29T21:25:26.4680398Z INFO : MCS Auth token features: f_ep_hbt_adv
2024-02-29T21:25:26.4680398Z INFO : MCS Auth token features: f_ep_stac
2024-02-29T21:25:26.4680398Z INFO : MCS Auth token features: f_ep_web
2024-02-29T21:25:26.4680398Z INFO : MCS Auth token features: f_ep_ml
2024-02-29T21:25:26.4680398Z INFO : Sending HTTP 'GET' request to: sophos/management/ep/install/flags/endpoint/e4b946c6-6891-d41a-786a-616ed57a0403
2024-02-29T21:25:26.4680398Z INFO : Request content size: 0
2024-02-29T21:25:26.4680398Z INFO : ValidateFileCertificateCheck: Validate certificate against file on WINHTTP_CALLBACK_STATUS_SENDING_REQUEST
2024-02-29T21:25:26.4680398Z INFO : Subject certificate failed validation against root CA: SophosCA1
2024-02-29T21:25:26.4680398Z INFO : Subject certificate failed validation against root CA: SophosCA2
2024-02-29T21:25:26.4680398Z INFO : Certificate check succeeded
2024-02-29T21:25:26.4680398Z INFO : ValidateFileCertificateCheck: Ignore WINHTTP_CALLBACK_STATUS_REQUEST_SENT
2024-02-29T21:25:26.6396809Z INFO : Response status code: 200
2024-02-29T21:25:26.6396809Z INFO : Response data size: 4913
2024-02-29T21:25:26.6396809Z INFO : Loaded 134 endpoint flags
2024-02-29T21:25:26.6396809Z INFO : Not using SDDS3: Old version of SED
2024-02-29T21:25:26.6396809Z INFO : Setting sdds3 download to: false
2024-02-29T21:25:26.6396809Z INFO : Sending HTTP 'PUT' request to: sophos/management/ep/install/statuses/endpoint/e4b946c6-6891-d41a-786a-616ed57a0403
2024-02-29T21:25:26.6396809Z INFO : Request content size: 990
2024-02-29T21:25:26.6396809Z INFO : ValidateFileCertificateCheck: Validate certificate against file on WINHTTP_CALLBACK_STATUS_SENDING_REQUEST
2024-02-29T21:25:26.6553004Z INFO : Subject certificate failed validation against root CA: SophosCA1
2024-02-29T21:25:26.6553004Z INFO : Subject certificate failed validation against root CA: SophosCA2
2024-02-29T21:25:26.6553004Z INFO : Certificate check succeeded
2024-02-29T21:25:26.6553004Z INFO : ValidateFileCertificateCheck: Ignore WINHTTP_CALLBACK_STATUS_REQUEST_SENT
2024-02-29T21:25:26.8585202Z INFO : ValidateFileCertificateCheck: Validate certificate against file on WINHTTP_CALLBACK_STATUS_SENDING_REQUEST
2024-02-29T21:25:26.8585202Z INFO : Subject certificate failed validation against root CA: SophosCA1
2024-02-29T21:25:26.8585202Z INFO : Subject certificate failed validation against root CA: SophosCA2
2024-02-29T21:25:26.8585202Z INFO : Certificate check succeeded
2024-02-29T21:25:26.8585202Z INFO : ValidateFileCertificateCheck: Ignore WINHTTP_CALLBACK_STATUS_REQUEST_SENT
2024-02-29T21:25:26.8585202Z INFO : Response status code: 200
2024-02-29T21:25:26.8585202Z INFO : Response data size: 0
2024-02-29T21:25:26.8585202Z INFO : Attempt to retrieve policy.
2024-02-29T21:25:26.8585202Z INFO : Sending HTTP 'GET' request to: sophos/management/ep/install/commands/applications/APPSPROXY;ALC/endpoint/e4b946c6-6891-d41a-786a-616ed57a0403
2024-02-29T21:25:26.8585202Z INFO : Request content size: 0
2024-02-29T21:25:26.8585202Z INFO : ValidateFileCertificateCheck: Validate certificate against file on WINHTTP_CALLBACK_STATUS_SENDING_REQUEST
2024-02-29T21:25:26.8585202Z INFO : Subject certificate failed validation against root CA: SophosCA1
2024-02-29T21:25:26.8585202Z INFO : Subject certificate failed validation against root CA: SophosCA2
2024-02-29T21:25:26.8739990Z INFO : Certificate check succeeded
2024-02-29T21:25:26.8739990Z INFO : ValidateFileCertificateCheck: Ignore WINHTTP_CALLBACK_STATUS_REQUEST_SENT
2024-02-29T21:25:27.2178966Z INFO : Response status code: 200
2024-02-29T21:25:27.2178966Z INFO : Response data size: 790
2024-02-29T21:25:27.2178966Z INFO : Successfully retrieved policy with policyId='f45df1c0261397d6fdba0f3e5d4b273642f8c927cd10eee1a598386ef80f3d7f'.
2024-02-29T21:25:27.2178966Z INFO : Sending HTTP 'DELETE' request to: sophos/management/ep/install/commands/endpoint/e4b946c6-6891-d41a-786a-616ed57a0403/38
2024-02-29T21:25:27.2178966Z INFO : Request content size: 0
2024-02-29T21:25:27.2178966Z INFO : ValidateFileCertificateCheck: Validate certificate against file on WINHTTP_CALLBACK_STATUS_SENDING_REQUEST
2024-02-29T21:25:27.2178966Z INFO : Subject certificate failed validation against root CA: SophosCA1
2024-02-29T21:25:27.2178966Z INFO : Subject certificate failed validation against root CA: SophosCA2
2024-02-29T21:25:27.2178966Z INFO : Certificate check succeeded
2024-02-29T21:25:27.2178966Z INFO : ValidateFileCertificateCheck: Ignore WINHTTP_CALLBACK_STATUS_REQUEST_SENT
2024-02-29T21:25:27.3895029Z INFO : Response status code: 200
2024-02-29T21:25:27.3895029Z INFO : Response data size: 0
2024-02-29T21:25:27.3895029Z INFO : Sending HTTP 'GET' request to: sophos/management/ep/install/policy/application/ALC/f45df1c0261397d6fdba0f3e5d4b273642f8c927cd10eee1a598386ef80f3d7f
2024-02-29T21:25:27.3895029Z INFO : Request content size: 0
2024-02-29T21:25:27.3895029Z INFO : ValidateFileCertificateCheck: Validate certificate against file on WINHTTP_CALLBACK_STATUS_SENDING_REQUEST
2024-02-29T21:25:27.3895029Z INFO : Subject certificate failed validation against root CA: SophosCA1
2024-02-29T21:25:27.3895029Z INFO : Subject certificate failed validation against root CA: SophosCA2
2024-02-29T21:25:27.3895029Z INFO : Certificate check succeeded
2024-02-29T21:25:27.3895029Z INFO : ValidateFileCertificateCheck: Ignore WINHTTP_CALLBACK_STATUS_REQUEST_SENT
2024-02-29T21:25:27.5771580Z INFO : Response status code: 200
2024-02-29T21:25:27.5771580Z INFO : Response data size: 3340
2024-02-29T21:25:27.5771580Z INFO : Assume obfuscated SAU password
2024-02-29T21:25:27.7488898Z INFO : Subscription id: Base, rigidname: WindowsCloudNextGen, baseversion: 11, tag: RECOMMENDED, fixedversion:
2024-02-29T21:25:27.7488898Z INFO : Subscription id: Clean, rigidname: WindowsCloudClean, baseversion: 1, tag: RECOMMENDED, fixedversion:
2024-02-29T21:25:27.7488898Z INFO : Subscription id: CloudAV, rigidname: WindowsCloudAV, baseversion: 11, tag: RECOMMENDED, fixedversion:
2024-02-29T21:25:27.7488898Z INFO : Subscription id: HitmanProAlert, rigidname: WindowsCloudHitmanProAlert, baseversion: 1, tag: RECOMMENDED, fixedversion:
2024-02-29T21:25:27.7488898Z INFO : Fixed version token is not used
2024-02-29T21:25:27.7488898Z INFO : Feature: APPCNTRL
2024-02-29T21:25:27.7488898Z INFO : Feature: AV
2024-02-29T21:25:27.7488898Z INFO : Feature: CLEAN
2024-02-29T21:25:27.7488898Z INFO : Feature: CORE
2024-02-29T21:25:27.7488898Z INFO : Feature: DLP
2024-02-29T21:25:27.7488898Z INFO : Feature: DVCCNTRL
2024-02-29T21:25:27.7488898Z INFO : Feature: EFW
2024-02-29T21:25:27.7488898Z INFO : Feature: HBT
2024-02-29T21:25:27.7488898Z INFO : Feature: NTP
2024-02-29T21:25:27.7488898Z INFO : Feature: SAV
2024-02-29T21:25:27.7488898Z INFO : Feature: SDU
2024-02-29T21:25:27.7488898Z INFO : Feature: WEBCNTRL
2024-02-29T21:25:27.7488898Z INFO : Feature: XPD
2024-02-29T21:25:27.7488898Z INFO : Setting https download to: true
2024-02-29T21:25:27.7488898Z INFO : Updating credentials created with username: PRD8L73E4H
2024-02-29T21:25:27.7488898Z INFO : Server for 'sus': sus.sophosupd.com
2024-02-29T21:25:27.7488898Z INFO : Server for 'content_server': sdds3.sophosupd.com
2024-02-29T21:25:27.7488898Z INFO : Server for 'content_server': sdds3.sophosupd.net
2024-02-29T21:25:27.7488898Z INFO : Server for 'telemetry': t1.sophosupd.com
2024-02-29T21:25:27.7488898Z INFO : Server for 'feedback': sdu-feedback.sophos.com
2024-02-29T21:25:27.7488898Z INFO : Server for 'repairkit': sdu-auto-upload.sophosupd.com
2024-02-29T21:25:27.7488898Z INFO : Restarting MCS Client service if stopped
2024-02-29T21:25:27.7488898Z INFO : Command 'Register' completed with success with reboot code '0' and error message ''.
2024-02-29T21:25:27.7488898Z INFO : About to execute command: Download
2024-02-29T21:25:27.8269272Z INFO : Update Cache Cert Path folder: C:\\ProgramData\\Sophos\\Certificates\\AutoUpdate\\Cache
2024-02-29T21:25:27.8269272Z INFO : No update caches configured
2024-02-29T21:25:27.8269272Z INFO : Updating from Sophos
2024-02-29T21:25:27.8269272Z INFO : Did not discover an URL for a PAC file
2024-02-29T21:25:27.8269272Z INFO : Updating configured to use: HTTPS
2024-02-29T21:25:27.8269272Z INFO : Initial download: attempting to use bulk metadata
2024-02-29T21:25:27.8269272Z INFO : Entered Sdds2DownloaderImpl::setGlobalFilter
2024-02-29T21:25:27.8269272Z INFO : Using platform ID WIN_10_X64
2024-02-29T21:25:27.8269272Z INFO : Subscription: Base
2024-02-29T21:25:27.8269272Z INFO : SUL info: [V46381] SU::Handle::readRemoteMetadata + SU::Handle::readRemoteMetadata()
2024-02-29T21:25:27.8269272Z INFO : SUL info: [V75884] SU::Metadata::readRemoteMetadata SU::Metadata::readRemoteMetadata()
2024-02-29T21:25:27.8269272Z INFO : SUL info: [I40394] Downloading customer file from sophos:1:1
2024-02-29T21:25:27.8269272Z INFO : SUL info: [V81533] SU::createCachedPackageSource about to create cached package source for sophos:1:1, url=sophos
2024-02-29T21:25:27.8269272Z INFO : SUL info: [V81533] SU::createCachedPackageSource creating root package source for location: sophos:1:dci.sophosupd.com/update, path: 4/1a/41aea06e7cf0d70e17fc260874fb911c.dat
2024-02-29T21:25:29.7172060Z WARNING : SUL error: [E26245] Error fetching data from dci.sophosupd.com/.../41aea06e7cf0d70e17fc260874fb911c.dat: WinHttpSendRequest (error 12007)
2024-02-29T21:25:29.7172060Z INFO : SUL info: [I26245] No proxy was used.
2024-02-29T21:25:29.7172060Z INFO : SUL info: [I40394] Downloading customer file from sophos:2:1
2024-02-29T21:25:29.7172060Z INFO : SUL info: [V81533] SU::createCachedPackageSource about to create cached package source for sophos:2:1, url=sophos
2024-02-29T21:25:29.7172060Z INFO : SUL info: [V81533] SU::createCachedPackageSource creating root package source for location: sophos:1:dci.sophosupd.net/update, path: 4/1a/41aea06e7cf0d70e17fc260874fb911c.dat
2024-02-29T21:25:30.6857971Z WARNING : SUL error: [E26245] Error fetching data from dci.sophosupd.net/.../41aea06e7cf0d70e17fc260874fb911c.dat: WinHttpSendRequest (error 12007)
2024-02-29T21:25:30.6857971Z INFO : SUL info: [I26245] No proxy was used.
2024-02-29T21:25:30.6857971Z INFO : SUL info: [I40394] Downloading customer file from sophos:3:1
2024-02-29T21:25:30.6857971Z INFO : SUL info: [V81533] SU::createCachedPackageSource about to create cached package source for sophos:3:1, url=sophos
2024-02-29T21:25:30.6857971Z WARNING : SUL error: [E75373] Ran out of sophos aliases for this update source
2024-02-29T21:25:30.6857971Z WARNING : SUL error: [E35369] Out of update sources
2024-02-29T21:25:30.6857971Z WARNING : SUL error: [E99999] Out of sources
2024-02-29T21:25:30.6857971Z ERROR : DownloadCommand::onRun() failed with std::exception: MetaDataScope::MetaDataScope failed with error code 4
2024-02-29T21:25:30.6857971Z INFO : Command 'Download' completed with failure with reboot code '0' and error message 'Could not download software'.
2024-02-29T21:25:30.6857971Z ERROR : Installation failed.
2024-02-29T21:25:30.6857971Z INFO : Sending HTTP 'POST' request to: sophos/management/ep/install/events/endpoint/e4b946c6-6891-d41a-786a-616ed57a0403
2024-02-29T21:25:30.7012224Z INFO : Did not discover an URL for a PAC file
2024-02-29T21:25:30.7012224Z INFO : Attempting to connect using proxy '' of type 'Empty Proxy'.
2024-02-29T21:25:30.7012224Z INFO : Set security protocol: 00000800
2024-02-29T21:25:30.7012224Z INFO : Opening connection to mcs2-cloudstation-us-east-2.prod.hydra.sophos.com
2024-02-29T21:25:30.7012224Z INFO : Sending request for connection confirmation through potential proxy
2024-02-29T21:25:30.7012224Z INFO : Request content size: 0
2024-02-29T21:25:30.7012224Z INFO : ValidateFileCertificateCheck: Validate certificate against file on WINHTTP_CALLBACK_STATUS_SENDING_REQUEST
2024-02-29T21:25:30.7012224Z INFO : Subject certificate failed validation against root CA: SophosCA1
2024-02-29T21:25:30.7012224Z INFO : Subject certificate failed validation against root CA: SophosCA2
2024-02-29T21:25:30.7012224Z INFO : Certificate check succeeded
2024-02-29T21:25:30.7012224Z INFO : ValidateFileCertificateCheck: Ignore WINHTTP_CALLBACK_STATUS_REQUEST_SENT
2024-02-29T21:25:30.8576319Z INFO : Response status code: 200
2024-02-29T21:25:30.8576319Z INFO : Response data size: 168
2024-02-29T21:25:30.8576319Z INFO : trySendRequestThroughPotentialProxy returning response with status code: 200
2024-02-29T21:25:30.8730606Z INFO : Request content size: 1009
2024-02-29T21:25:30.8730606Z INFO : ValidateFileCertificateCheck: Validate certificate against file on WINHTTP_CALLBACK_STATUS_SENDING_REQUEST
2024-02-29T21:25:30.8730606Z INFO : Subject certificate failed validation against root CA: SophosCA1
2024-02-29T21:25:30.8730606Z INFO : Subject certificate failed validation against root CA: SophosCA2
2024-02-29T21:25:30.8730606Z INFO : Certificate check succeeded
2024-02-29T21:25:30.8730606Z INFO : ValidateFileCertificateCheck: Ignore WINHTTP_CALLBACK_STATUS_REQUEST_SENT
2024-02-29T21:25:31.0450417Z INFO : ValidateFileCertificateCheck: Validate certificate against file on WINHTTP_CALLBACK_STATUS_SENDING_REQUEST
2024-02-29T21:25:31.0450417Z INFO : Subject certificate failed validation against root CA: SophosCA1
2024-02-29T21:25:31.0450417Z INFO : Subject certificate failed validation against root CA: SophosCA2
2024-02-29T21:25:31.0605157Z INFO : Certificate check succeeded
2024-02-29T21:25:31.0605157Z INFO : ValidateFileCertificateCheck: Ignore WINHTTP_CALLBACK_STATUS_REQUEST_SENT
2024-02-29T21:25:31.0605157Z INFO : Response status code: 200
2024-02-29T21:25:31.0605157Z INFO : Response data size: 0



This thread was automatically locked due to age.
  • Hi Jae,

    Thanks for reaching out to the Sophos Community Forum. 

    It looks like your device is not reaching out to SDDS3 URLs when performing the initial install. 

    I'd suggest gathering a Procmon log while attempting the installation. Please also gather an SDU log from the affected device. To do this you can use the stand-alone download for SDU.
    Get process monitor logs and system events using Process Monitor

    I do see the following log lines, which should not be present if the system has not had Sophos installed previously. The Procmon log will allow us to investigate further.
    2024-02-29T21:25:26.6396809Z INFO : Not using SDDS3: Old version of SED
    2024-02-29T21:25:26.6396809Z INFO : Setting sdds3 download to: false

    I'd suggest opening a Support Case in parallel as well, please provide me with the case ID via private message or in a reply below.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids